CyberTIM 2018

1st International Workshop on Cyber Threat Intelligence Management
(CyberTIM 2018)

to be held in conjunction with the ARES EU Project Symposium, held at ARES 2018 (

August 27 – August 30, 2018, Hamburg, Germany


CyberTIM workshop is jointly organized by three H2020 projects that are funded by the European Commission:

Workshop Description:

The increased sophistication of cyber-attacks have created a technology arm race between attackers and defenders. However, this arm race is not fought in equal terms. Defenders are falling behind due to lack of manpower coupled with an overwhelming number of sophisticated attacks, e.g. advanced persistent threats, making cyber defense extremely difficult. This is also due to lack of collaboration among the network security solutions, e.g., intrusion detection systems and honeypots, which are in possession of different organizations across the globe.

In the recent years, organizations like CERTs, NRENs, as well as industry organizations slowly move towards proactive detection capabilities leveraging Cyber Threat Intelligence (CTI) platforms. These platforms aim at advanced alert aggregation, correlation, and prioritization considering the asset criticality of organizations as well as the quality of shared threat intelligence. The goal of this workshop is to bring the industry practitioners, researchers, engineers, and academic researchers together from the domain of network security, network measurements, cyber incident monitoring, trust & risk management, cyber situational awareness, security analytics, and security visualization.

Topics of interest include, but are not limited to:
  • Network Intrusions
  • Cyber threat detection
  • Threat Intelligence sharing
  • Collaborative Intrusion Detection
  • Cyber situational awareness
  • Cyber threat analytics
  • Cyber threat sharing community
  • Trust management in/for Cyber Threat Intelligence
  • Cyber threat visualization
  • Cyber threat monitoring
  • Botnet monitoring
  • Cyber threat correlation techniques
  • Cyber threat prioritization techniques
  • Cyber threat sharing platforms
  • Alert exchange formats
  • Alert exchange protocols
  • Cyber-crime forensics
  • Cyber-crime risk management
Important Dates
Submission Deadline May 25, 2018
Author Notification June 10, 2018
Proceedings Version June 29, 2018
ARES EU Symposium August 27, 2018
Conference August 27 – August 30, 2018
Workshop Chairs

Brian Lee
Athlone Institute of Technology, Ireland

Emmanouil Vasilomanolakis
TU Darmstadt, Germany

Fabio Martinelli
IIT, C.N.R, Italy

Georgios Gardikis
SPACE Hellas S. A., Greece

Sheikh Mahbub Habib
Continental AG, Germany

Program Committee

Hamza Attak, Hewlett Packard Enterprise, United Kingdom
Enda Barrett, National University of Ireland, Galway, Ireland
David Chadwick, University of Kent, United Kingdom
Michal Choras, ITTI Ltd., Poland
Francesco Di Cerbo, SAP Research Sophia-Antipolis, France
Theo Dimitrakos, European Security Competence Center, Huawei Technologies, United Kingdom
Bernat Gaston, Fundació Privada I2CAT, Spain
Jassim Happa, University of Oxford, United Kingdom
Dimitris Katsianis, Incites Consulting, Luxembourg
Antonis Litke, Infili Technologies, Greece
Maciej Miłostan, PSNC, Poznań University of Technology, Poland
Paolo Mori, IIT-CNR, Italy
Jason Nurse, University of Kent, United Kingdom
Dimitris Papadopoulos, Infili Technologies, Greece
Marcin Przybyszewski, ITTI Sp. z o.o., Poznań, Poland
Olga Segou, Orion Innovations PC, Greece
George Xylouris, ORION Innovations PC, Greece

Keynote Speakers

Kim-Kwang Raymond Choo
Cyber Security Threat Intelligence: Challenges and Research Opportunities

Abstract : Cyber threat intelligence and analytic is among one of the fastest growing interdisciplinary fields of research bringing together researchers from different fields such as digital forensics, political and security studies, criminology, cyber security, big data analytics, machine learning, etc. to detect, contain and mitigate advanced persistent threats and fight against organized cybercrimes. In this presentation, we will discuss some of the challenges underpinning this inter- / trans- /multi-disciplinary field as well as research opportunities (e.g. how can we leverage advances in deep learning to better predict cyber attacks?).

Bio :  Kim-Kwang Raymond Choo received the Ph.D. in Information Security in 2006 from Queensland University of Technology, Australia. He currently holds the Cloud Technology Endowed Professorship at The University of Texas at San Antonio (UTSA), and has a courtesy appointment at the University of South Australia. In 2016, he was named the Cybersecurity Educator of the Year – APAC (Cybersecurity Excellence Awards are produced in cooperation with the Information Security Community on LinkedIn), and in 2015 he and his team won the Digital Forensics Research Challenge organized by Germany’s University of Erlangen-Nuremberg. He is the recipient of the 2018 UTSA College of Business Col. Jean Piccione and Lt. Col. Philip Piccione Endowed Research Award for Tenured Faculty, ESORICS 2015 Best Paper Award, 2014 Highly Commended Award by the Australia New Zealand Policing Advisory Agency, Fulbright Scholarship in 2009, 2008 Australia Day Achievement Medallion, and British Computer Society’s Wilkes Award in 2008. He is also a Fellow of the Australian Computer Society, an IEEE Senior Member, and an Honorary Commander of the 502nd Air Base Wing, Joint Base San Antonio-Fort Sam Houston.

Systeme X le 4/2/16, Saclay, Rapport Annuel

Hervé Debar
Reasoning about alert formats: a comparative study

Abstract : Intrusion detection sensors and SIEM platforms have been available for over a decade now. While significant efforts have been realized to ensure communication between detection tools and management platforms, one needs to acknowledge that no standard has prevailed at this time for expressing alert information. In this presentation, we will analyze several relevant alert formats, describe their advantages and drawbacks, and provide hints for future situational awareness platforms.

Bio : I am a professor at Telecom SudParis, head of the Networks and Telecommunication Services department. My activity is related to the area of Information and Communication Technology (ICT) security, including network and information systems security. While I have been heavily involved in intrusion detection research in the past and am still conducting research in the area, I am today focusing on Security Information and Event Management (SIEM), with an emphasis on automated threat mitigation.

Submission Guidelines

The submission guidelines valid for the CyberTIM workshop is the same as for the ARES conference. They can be found here . Please note that all papers submitted to EasyChair are anonymized (no names or affiliations of authors should be visible in the paper) .