Home
Pi1 - Lehrstuhl Praktische Informatik I
Laboratory for Dependable Distributed Systems
University of Mannheim
Login

Events
Kryptotag
17. Kryptotag
16. Kryptotag
TrustED 2012
Research
Projects
Fast-Flux
Forensig2
Honeynet
SecureSCM
TrustedPals
Theses
Teaching
Current Courses
Doktorandenseminar
Praktische Informatik II
Selected Topics in IT-Security
Course Archives
Multimedia
Multimedia from Aachen
Reach Out
Publications
Presentations
Partners
General
Staff
How to reach us
Pi1 News Mailing List
FAQ
Administration
Home




Members of the Laboratory


Thorsten Holz
University of Mannheim
Room lab member until June 2009
Phone
E-Mail
Personal Homepage



About

I finished my PhD thesis in April 2009 and now I am working as a postdoctoral researcher at the International Secure Systems Lab (iSecLab), TU Vienna. I can still be reached at my old e-mail address and mail is also the preferred way to contact me.

Professional Activities

16th USENIX Security Symposium (Security '07), PC member
10th International Symposium on Recent Advances in Intrusion Detection (RAID '07), PC member
First Workshop on Hot Topics in Understanding Botnets (HotBots '07), PC member
5th ACM Workshop on Recurring Malware (WORM '07), PC member
First Workshop on Large-scale Exploits and Emergent Threats (LEET '08), PC member
European Workshop on System Security (EuroSec'08), PC member
5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '08), PC member
11th International Symposium on Recent Advances in Intrusion Detection (RAID '08), PC member
4th European Conference on Computer Network Defense (EC2ND'08), PC member
First International Workshop on Network Security and Privacy (NSP'08), PC member
2nd European Workshop on System Security (EuroSec'09), PC member
Second Workshop on Large-scale Exploits and Emergent Threats (LEET '09), PC member
6th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '09), PC member and sponsor chair
ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics (CSI-KDD), PC member
12th International Symposium on Recent Advances in Intrusion Detection (RAID '09), PC member
3rd International Conference on Network & System Security (NSS '09), PC member
5th LCN Workshop on Security in Communications Networks (SICK'09), PC member
5th European Conference on Computer Network Defense (EC2ND'09), PC member
17th Annual Network & Distributed System Security Symposium (NDSS '10), PC member
European Workshop on System Security (EuroSec'10), PC member and publicity chair
9th Workshop on the Economics of Information Security (WEIS 2010), PC member
7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '10), PC member
15th European Symposium on Research in Computer Security (ESORICS '10), PC member
13th International Symposium on Recent Advances in Intrusion Detection (RAID '10), PC member and publicity chair
4th International Conference on Network & System Security (NSS '10), PC membe
18th Annual Network & Distributed System Security Symposium (NDSS '11), PC member
Third Security and Social Networking (SESOC'11), PC member
32nd IEEE Symposium on Security and Privacy (Oakland) 2011, PC member
10th Workshop on the Economics of Information Security (WEIS 2011), PC member

Selected Publications

  • Das Internet-Malware-Analyse-System (InMAS)
    Datenschutz und Datensicherheit - DuD, 2011-04-01
  • Automatic Analysis of Malware Behavior using Machine Learning
    2010-12-31 (to appear)
  • Towards secure deletion on smartphones
    SICHERHEIT 2010, 2010-10-07
  • A Malware Instruction Set for Behavior-Based Analysis
    SICHERHEIT 2010, 2010-10-07
  • ADSandbox: Sandboxing JavaScript to Fight Malicious Websites
    Symposium on Applied Computing (SAC) 2010, 2010-03-26
  • The InMAS Approach
    1st European Workshop on Internet Early Warning and Network Intelligence (EWNI), 2010-01-27
  • Automatic Analysis of Malware Behavior using Machine Learning
    2009-12-17
  • A Malware Instruction Set for Behavior-Based Analysis
    2009-12-17
  • Walowdac - Analysis of a Peer-to-Peer Botnet
    European Conference on Computer Network Defense (EC2ND), 2009-11-09
  • Visual Analysis of Malware Behavior (Short paper)
    6th International Workshop on Visualization for Cyber Security (VizSec, 2009-10-11
  • Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones
    14th European Symposium on Research in Computer Security (ESORICS, 2009-09-21
  • Automatically Generating Models for Botnet Detection
    14th European Symposium on Research in Computer Security (ESORICS, 2009-09-21
  • Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms
    18th USENIX Security Symposium, 2009-08-12
  • Towards Proactive Spam Filtering (Extended Abstract)
    6th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA, 2009-07-09
  • Frühe Warnung durch Beobachten und Verfolgen von bösartiger Software im Deutschen Internet: Das Internet-Malware-Analyse System (InMAS)
    11. Deutscher IT-Sicherheitskongress, 2009-05-13
  • MalOffice - Detecting malicious documents with combined static and dynamic analysis
    Virus Bulletin 2009, Geneva, 2009
  • Towards Next-Generation Botnets
    4th European Conference on Computer Network Defense (EC2ND 08), 2008-12-11
  • As the Net Churns: Fast-Flux Botnet Observations
    3rd International Conference on Malicious and Unwanted Software, 2008-10-07
  • Reconstructing Peoples Lives: A Case Study in Teaching Forensic Computing
    IMF 2008, 2008-09-23
  • Learning and Classification of Malware Behavior
    Fifth Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 08), 2008-07-10
  • Studying Malicious Websites and the Underground Economy on the Chinese Web
    Workshop on the Economics of Information Security (WEIS 08), 2008-06-25
  • Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm
    First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 08), 2008-04-15
  • Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients
    Proceedings of Sicherheit 2008 (Best paper award!), 2008-04-02
  • Measuring and Detecting Fast-Flux Service Networks
    Proceedings of 15th Network & Distributed System Security Conference (NDSS 2008), 2008-02-11
  • Measurement and Analysis of Autonomous Spreading Malware in a University Environment
    4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA 2007), 2007-07-12
  • Toward Automated Dynamic Malware Analysis Using CWSandbox
    IEEE Security & Privacy, 2007-03-01
  • Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation
    Proceedings of First Workshop on Hot Topics in Understanding Botnets (HotBots 07), 2007
  • Advanced Honeypot-based Intrusion Detection
    ;login:, 2006-12-01
  • The Nepenthes Platform: An Efficient Approach to Collect Malware
    9th International Symposium on Recent Advances in Intrusion Detection (RAID 2006), 2006-09-21
  • The Effect of Stock Spam on Financial Markets
    5th Workshop on the Economics of Information Security (WEIS 2006), 2006-06-26
  • Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks
    ESORICS 2005, 2005-10-06
  • A Short Visit to the Bot Zoo
    IEEE Security & Privacy, 2005-06-01

    • Show all Publications

    Technical Reports

    Selected Presentations

  • Reale Phishing Angriffe
  • New Fields of Application for Honeynets
  • Measuring Malicious Network Traffic
  • Spyware in the Form of Bots
  • Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks
  • Measuring Security Threats in Communication Networks
  • Ein kurzer Überblick über das Deutsche Honeynet Projekt

    • Supervision of Diploma Projects

    If you are interested in a diploma / bachelor / master thesis in the area of honeypots, malware, botnets, or similar topics, please send me an e-mail. Some ideas for theses are listed below, but this is not a complete overview:

  • Analyzing Fast-Flux Service Networks
  • Pandora's Bochs: Automated Malware Unpacking
  • Stock Spam Analysis
  • Eine Infrastruktur zur Einschätzung des aktuellen Gefährdungslevels durch Malware
  • Omnivora: Automatisiertes Sammeln von Malware unter Windows
  • API Hooking für Intrusion Detection
  • Truman Box: Safe Malware Analysis by Simulating the Internet
  • Monkey-Spider: Detecting Malicious Web Sites
  • Security and Safety of Ruby on Rails in regard to a project management software
  • Web-based Honeypot Decoys
  • Automatic Behaviour Analysis of Malware
  • Efficient Observation of Botnets
  • Advanced Honeynet-based Intrusion Detection
  • Automatic Identification of Cryptographic Primitives in Software

    • Mail me!





    Print-Version