Dagstuhl Seminar 12061 Network Attack Detection and Defense Early Warning Systems – Challenges and Perspectives

The increasing dependence of human society on information technology (IT) systems requires appropriate measures to cope with their misuse. The growing potential of threats, which make these systems more and more vulnerable, is caused by the complexity of the technologies themselves. The potential of threats in networked systems will further grow as well as the number of individuals who are able to abuse these systems. It becomes increasingly apparent that IT security cannot be achieved by prevention alone. Preventive measures and reactive aspects need to complement one another. A major challenge of modern IT security technologies is to cope with an exploding variability of attacks which stems from a significant commercial motivation behind them. Increasingly proactive measures are required to ward off these threats. Increased efforts in research and society are required to protect critical civil infrastructures, such as the health care system, the traffic system, power supply, trade, military networks, and others in developed countries. This is a consequence of the increasing shift of industrial IT systems to the IP protocol leading to sensible IT infrastructures which are more vulnerable as the proprietary systems used in the past. The abundance of services of modern infrastructures critically depends on information and communication technologies. Though, being key enablers of critical infrastructures, these technologies are, at the same time, reckoned among the most vulnerable elements of the whole system. The cooperative information exchange between institutions is mandatory in order to detect distributed and coordinated attacks. Based on a large-scale acquisition of pertinent information, Early Warning Systems are a currently pursued approach to draw up situation pictures that allows the detection of trends and upcoming threats, allowing furthermore taking appropriate measures. The Dagstuhl seminar brought together researchers from academia and industry. The objective of the seminar was to further discuss challenges and methods in the area of attack detection and defense. The seminar was supposed to focus on design aspects of early warning systems and related monitoring infrastructures, e.g., intrusion detection overlays, to protect computer systems, networks, and critical infrastructures. The seminar was jointly organized by Georg Carle, Hervé Debar, Hartmut König, and Jelena Mirkovic. It was attended by 34 participants from nine countries. Seminar 05.–10. February, 2012 – www.dagstuhl.de/12061 1998 ACM Subject Classification K.6.5 Security and Protection, K.4.2 Social Issues