-
Header: christian-rossow.de
-
-
Apply for a PhD/PostDoc position in my System Security research group at Saarland University.

http://www.christian-rossow.de

If you can't explain it simply, you don't understand it well enough.

Conference and Workshop Proceedings
Note: For non-security researchers, it might be hard to judge the quality and impact of the venues listed below. As a rough guidance, I thus stated the acceptance rates of each venue. For a general overview of security conferences and their impact, check out this or this conference ranking.

» 2017

Johannes Krupp, Mohammad Karami, Christian Rossow, Damon McCoy, Michael Backes. "Linking Amplification DDoS Attacks to Booter Services". 19th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2017, Atlanta, Georgia. (Acceptance rate: 20.0%).

Milivoj Simeonovski, Giancarlo Pellegrino, Christian Rossow, Michael Backes. "Who Controls the Internet? Analyzing Global Threats using Property Graph Traversals". 26th International World Wide Web Conference, 2017, WWW 2017, Perth, Australia. (Acceptance rate: 17.0%). [» pdf] [» bibtex]

Giorgi Maisuradze, Michael Backes, Christian Rossow. "Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code". 2017 Network and Distributed System Security Symposium, NDSS 2017, San Diego, CA, USA. (Acceptance rate: 16.1%). [» pdf] [» bibtex]

» 2016

Johannes Krupp, Michael Backes, Christian Rossow. "Identifying the Scanners and Attack Infrastructure behind Amplification DDoS attacks". 23rd ACM Conference on Computer and Communications Security, CCS 2016, Vienna, Austria. (Acceptance rate: 16.5%). [» pdf] [» bibtex]
 * KrebsonSecurity: Are the Days of “Booter” Services Numbered?

Akira Yokoyama, Kou Ishii, Rui Tanabe, Yinmin Papa, Katsunari Yoshioka, Tsutomu Matsumoto, Takahiro Kasama, Daisuke Inoue, Michael Brengel, Michael Backes, Christian Rossow. "Sandprint: Fingerprinting Malware Sandboxes to Provide Intelligence for Sandbox Evasion". 19th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2016, Paris, France. (Acceptance rate: 25.0%). [» pdf] [» bibtex]

Michael Backes, Thorsten Holz, Christian Rossow, Teemu Rytilahti, Milivoj Simeonovski, Ben Stock. "On the Feasibility of TTL-based Filtering for DRDoS Mitigation". 19th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2016, Paris, France. (Acceptance rate: 25.0%). [» pdf] [» bibtex]

Giancarlo Pellegrino, Onur Catakoglu, Davide Balzarotti, Christian Rossow. "Uses and Abuses of Server-Side Requests". 19th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2016, Paris, France. (Acceptance rate: 25.0%). [» pdf] [» bibtex]

Stefan Nürnberger, Christian Rossow. "vatiCAN: Vetted, Authenticated CAN Bus". Conference on Cryptographic Hardware and Embedded Systems 2016, CHES 2016, Santa Barbara, CA. (Acceptance rate: TBA). [» pdf] [» bibtex]

Ben Stock, Giancarlo Pellegrino, Christian Rossow, Martin Johns, Michael Backes. "Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification". 25th USENIX Security Symposium, USENIX Sec 2016, Austin, TX. (Acceptance rate: 15.6%). [» pdf] [» bibtex]

Giorgi Maisuradze, Michael Backes, Christian Rossow. "What Cannot be Read, Cannot be Leveraged? Revisiting Assumptions of JIT-ROP Defenses". 25th USENIX Security Symposium, USENIX Sec 2016, Austin, TX. (Acceptance rate: 15.6%). [» pdf] [» bibtex]

Michael Brengel, Michael Backes, Christian Rossow. "Detecting Hardware-Assisted Virtualized Systems". 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, DIMVA 2016, Donostia-San Sebastián, Spain (Acceptance rate: 31.8%). [» pdf] [» bibtex]

» 2015

Giancarlo Pellegrino, Constantin Tschürtz, Eric Bodden, Christian Rossow. "jÄk: Using Dynamic Analysis to Crawl and Test Modern Web Applications". 18th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2015, Kyoto, Japan. (Acceptance rate: 20.6%). [» pdf] [» bibtex] [» code]

Lukas Krämer, Johannes Krupp, Daisuke Makita, Tomomi Nishizoe, Takashi Koide, Katsunari Yoshioka, Christian Rossow. "AmpPot: Monitoring and Defending Against Amplification DDoS Attacks". 18th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2015, Kyoto, Japan. (Acceptance rate: 20.6%). [» pdf] [» bibtex]

Dennis Andriesse, Christian Rossow, Herbert Bos. "Reliable Recon in Adversarial Peer-to-Peer Botnets". 15th ACM Internet Measurement Conference, IMC 2015, Tokyo, Japan. (Acceptance rate: 26.0%). [» pdf] [» addendum pdf] [» bibtex]

Marc Kührer, Thomas Hupperich, Jonas Bushart, Christian Rossow, Thorsten Holz. "Going Wild: Large-Scale Classification of Open DNS Resolvers". 15th ACM Internet Measurement Conference, IMC 2015, Tokyo, Japan. (Acceptance rate: 26.0%). [» pdf] [» bibtex]

Yin Minn Pa Pa, Shogo Suzuki, Katsunari Yoshioka, Tsutomu Matsumoto, Takahiro Kasama, Christian Rossow. "IoTPOT: Analysing the Rise of IoT Compromises". 9th USENIX Workshop on Offensive Technologies (co-located with USENIX Sec '15), WOOT '15, Washington, DC. (Acceptance rate: 35.1%). [» pdf] [» bibtex]

Giancarlo Pellegrino, Christian Rossow, Fabrice J. Ryba, Thomas C. Schmidt, Matthias Wählisch (alphabetical order). "Cashing out the Great Cannon? On Browser-Based DDoS Attacks and Economics". 9th USENIX Workshop on Offensive Technologies (co-located with USENIX Sec '15), WOOT '15, Washington, DC. (Acceptance rate: 35.1%). [» pdf] [» bibtex]

Shankar Karuppayah, Mathias Fischer, Stefanie Roos, Christian Rossow, Max Muehlhaeuser. "ZeusMilker: Circumventing The P2P Zeus Neighbor List Restriction Mechanism". 35th IEEE International Conference on Distributed Computing Systems, ICDCS 2015, Columbus, OH (Acceptance rate: 12.9%). [» pdf] [» bibtex]

Jannik Pewny, Behrad Garmany, Robert Gawlik, Christian Rossow, Thorsten Holz. "Cross-Architecture Bug Search in Binary Executables". 36th IEEE Symposium on Security and Privacy, S&P 2015, San Jose, CA. (Acceptance rate: 13.5%). [» pdf] [» bibtex]

» 2014

Jannik Pewny, Felix Schuster, Christian Rossow, Lukas Bernhard, Thorsten Holz. "Leveraging Semantic Signatures for Bug Search in Binary Programs". 2014 Annual Computer Security Applications Conference, ACSAC 2014, New Orleans, LA. (Acceptance rate: 19.9%). [» pdf] [» bibtex]

Marc Kührer, Christian Rossow, Thorsten Holz. "Paint it Black: Evaluating the Effectiveness of Malware Blacklists". 17th International Symposium on Research in Attacks, Intrusion and Defenses, RAID 2014, Gothenburg, Sweden. (Acceptance rate: 19.4%). [» pdf] [» bibtex]

Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz. "Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks". 8th USENIX Workshop on Offensive Technologies (co-located with USENIX Sec '14), WOOT '14, San Diego, CA. (Acceptance rate: 48.6%). [» pdf] [» bibtex]

Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz. "Exit from Hell? Reducing the Impact of Amplification DDoS Attacks". 23rd USENIX Security Symposium, USENIX Sec 2014, San Diego, CA. (Acceptance rate: 19.1%). [» pdf] [» bibtex]

Arne Welzel, Christian Rossow, Herbert Bos. "On Measuring the Impact of DDoS Botnets". 7th European Workshop on Systems Security, EuroSec 2014, Amsterdam, The Netherlands. (Acceptance rate: 42.9%). [» pdf] [» bibtex]

Shankar Karuppayah, Christian Rossow, Mathias Fischer, Max Mühlhäuser. "On Advanced Monitoring in Resilient and Unstructured P2P Botnets". 2014 IEEE International Conference on Communications, ICC 2014, Sydney, Australia. (Acceptance rate: 38.2%). [» pdf] [» bibtex]

Alexandra Dmitrienko, Christopher Liebchen, Christian Rossow and Ahmad-Reza Sadeghi. "On the (In)Security of Mobile Two-Factor Authentication". 18th International Conference on Financial Cryptography and Data Security, FC 2014, Barbados. (Acceptance rate: 20.2%). [» pdf] [» bibtex]

Christian Rossow. "Amplification Hell: Revisiting Network Protocols for DDoS Abuse". 2014 Network and Distributed System Security Symposium, NDSS 2014, San Diego, CA, USA. (Acceptance rate: 18.6%). [» pdf] [» bibtex]
 * US-CERT Alert TA14-017A: UDP-based Amplification Attacks
 * US-CERT Alert TA14-013A: NTP Amplification Attacks
 * CVE-2013-5211 (reported by me on 15 Aug 2013)
 * Cisco Security Notice on NTP DRDoS
 * ShadowServer.org NTP Scan Statistics
 * ShadowServer.org Amplification Protocol Scanning
 * ENISA's Notice on Large-scale UDP Attacks

» 2013

Dennis Andriesse, Christian Rossow, Brett Stone-Gross, Daniel Plohmann, Herbert Bos. "Highly Resilient Peer-to-Peer Botnets Are Here: An Analysis of Gameover Zeus". 8th IEEE International Conference on Malicious and Unwanted Software, MALWARE 2013, Fajardo, Puerto Rico, USA. (Acceptance rate: 31%). [» pdf] [» bibtex]

Christian Rossow, Christian J. Dietrich. "ProVeX: Detecting Botnets with Encrypted Command and Control Channels". 10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, DIMVA 2013, Berlin, Germany. (Acceptance rate: 31.6%). [» pdf] [» bibtex]

Christian Rossow, Dennis Andriesse, Tillmann Werner, Brett Stone-Gross, Daniel Plohmann, Christian J. Dietrich, Herbert Bos. "P2PWNED: Modeling and Evaluating the Resilience of Peer-to-Peer Botnets". 34th IEEE Symposium on Security and Privacy, S&P 2013, San Francisco, CA. (Acceptance rate: 12.1%). [» pdf] [» bibtex]
 * heise.de / h-online.com: "P2P botnets much larger than they seemed"
 * threatpost.com: "Peer-to-Peer Botnets Resilient to Takedown Attempts"
 * threatpost.com: "Number of Peer-to-Peer Botnets Grows 5X"
 * bitdefender.com: "Peer-to-Peer Botnets Grow Larger, Make Takedown Harder"
 * net-security.org: "Researches test resilience of P2P botnets"
 * seculert.com: "New Study Calls for Alternative Mitigation Strategies Against P2P Botnets"

Christian J. Dietrich, Christian Rossow, Norbert Pohlmann. "Exploiting Visual Appearance to Cluster and Detect Rogue Software". 28th ACM Symposium On Applied Computing, SAC 2013, Coimbra, Portugal. (Acceptance rate: 24.0%). [» pdf] [» bibtex]

» 2012

Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, Geoffrey M. Voelker (alphabetical order). "Manufacturing Compromise: The Emergence of Exploit-as-a-Service". 19th ACM Conference on Computer and Communications Security, CCS 2012, Raleigh, NC, USA. (Acceptance rate: 18.9%). [» pdf] [» bibtex]

Christian Rossow. "Large-Scale Analysis of Malware Downloaders". SIDAR Graduierten-Workshop über Reaktive Sicherheit, SPRING 7, July 2012, Berlin, Germany. (Acceptance rate: 100.0%). [» pdf] [» bibtex]

Christian Rossow, Christian J. Dietrich, Herbert Bos. "Large-Scale Analysis of Malware Downloaders". 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, DIMVA 2012, Heraklion, Greece. (Acceptance rate: 31%). [» pdf] [» bibtex]

Christian Rossow, Christian J. Dietrich, Christian Kreibich, Chris Grier, Vern Paxson, Norbert Pohlmann, Herbert Bos, Maarten van Steen. "Prudent Practices for Designing Malware Experiments: Status Quo and Outlook". 33rd IEEE Symposium on Security and Privacy, S&P 2012, San Francisco, CA. (Acceptance rate: 13.0%). [» pdf] [» bibtex]

Christian J. Dietrich, Christian Rossow, Norbert Pohlmann. "eID Online Authentication Network Threat Model, Attacks and Implications". 19th DFN Workshop "Sicherheit in vernetzten Systemen", 2012. [» pdf] [» bibtex]

» 2011 and earlier

Christian J. Dietrich, Christian Rossow, Felix C. Freiling, Herbert Bos, Maarten van Steen, Norbert Pohlmann. "On Botnets that use DNS for Command and Control". European Conference on Computer Network Defense, EC2ND 2011. (Acceptance rate: 32%). [» pdf] [» bibtex]

Christian Rossow, Christian J. Dietrich, Herbert Bos, Lorenzo Cavallaro, Maarten van Steen, Felix C. Freiling, Norbert Pohlmann. "Sandnet: Network Traffic Analysis of Malicious Software". ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2011. [» pdf] [» bibtex]

Christian Rossow, Thomas Czerwinski, Christian J. Dietrich, Norbert Pohlmann. "Detecting Gray in Black and White". MIT Spam Conference, 2010 (Best Student Paper Award). [» pdf] [» bibtex]

Christian J. Dietrich, Christian Rossow. "Empirical research on IP blacklisting". Fifth Conference on Email and Anti-Spam, CEAS 2008. [» pdf] [» bibtex]



Refereed Journals
Alexandra Dmitrienko, Christopher Liebchen, Christian Rossow and Ahmad-Reza Sadeghi. A Special Issue on "Towards Secure and Usable Authentication", Intel Technology Journal, Volume 18, Issue 4, Intel, July 2014. [» pdf]

Christian J. Dietrich, Christian Rossow, Norbert Pohlmann. "CoCoSpot: Clustering and Recognizing Botnet Command and Control Channels using Traffic Analysis". A Special Issue of Computer Networks On "Botnet Activity: Analysis, Detection and Shutdown", Elsevier, July 2012. [» pdf] [» bibtex]



Technical reports and non-academic conferences
Victor van der Veen, Christian Rossow, Herbert Bos. "TraceDroid: A Fast and Complete Android Method Tracer". Hack In The Box (HITB), Kuala Lumpur, October 2013. [not public]

Christian Rossow, Christian J. Dietrich, Norbert Pohlmann. "Botnets - Literature Survey and Report", April 2010. [» pdf]

Giles Hogben, Christian Rossow, et al. ENISA Position Paper: "Online Games and Virtual Worlds", October 2008. [» pdf]

Pascal Manzano, Christian Rossow. ENISA Survey on Security and Anti-Spam Measures of Electronic Communication Service Providers : "Provider Security Measures", January 2008. [» pdf]

Elisabetta Carrara, Giles Hogben, Christian Rossow, et al. ENISA Position Paper: "Reputation-based Systems: a Security Analysis", October 2007. Deliverable 2.1.6 of ENISA's Work Programme 2007. [» pdf]
___
"The greater the difficulty, the more the glory in surmounting it." - Epicurus
-
-

Test1:
Test2:
Test3:

Test4:
Test5:
Test6: