Send email Copy Email Address

Threat Detection & Defenses

Attack-detection mechanisms should be able to reliably detect, predict, and comprehnsibly explain both known and novel threats, while also being able to cope with evasion techniques – like obfuscation, polymorphism, or stealth low-volume attacks.

Attack-detection mechanisms should not just be able to detect any critical incident, but also raise alarms only when it is necessary; the more false alarms are raised, the higher the risk that users will ignore warnings or even disable the detection permanently. To provide a strong line of defense, attack detection methods should be complemented by suitable defensive technologies, ideally selected autonomously by the system under attack, to counter whatever threat it encounters. In this research area we pursue this ideal in multiple ways, for example by focusing on the detection and analysis of modern malware, on the prevention and attribution of DDoS attacks, and on the identification and mitigation of novel system vulnerabilities.


Year 2020

Conference / Medium

Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications SecurityACM CCS 2020

Conference / Medium

10th USENIX Workshop on Free and Open Communications on the Internet

Conference / Medium

29th USENIX Security Symposium (USENIX Security 20)