Papers online:

The presentations and publications have been published.

Press release published:

Download press release
(German version)

Supported by:

In cooperation with:

SIG SIDAR of the German Informatics Society

EWNI 2010 - Call for Papers

1st European Workshop on Internet Early Warning and Network Intelligence

  • January 27, 2010
  • Hamburg, Germany


Threats in the Internet are numerous. They have to be dealt with at many levels - ranking from firewalls or intrusion detection systems (IDS) to measures with a broader or even global focus. Early Warning Systems (EWS) are such broadly focused measures. EWS usually consist of distributed sensors networks and some central analysis or assessment facilities. The sensors collect raw data, e.g. statistics about connections (NetFlows), malware samples, or IDS events. By means of the centralized analysis facilities the "big picture" of what is happening can be obtained. EWS is valuable to numerous roles and entities. Be it larger organizations, governments, or Computer Emergency Response Teams (CERT). All greatly benefit from EWS and the resulting (global) network situational awareness when having to judge the security of their own networks. The usefulness of EWS for Critical Information Infrastructure Protection (CIIP) follows directly from this. Only when many actors deliver pieces can the puzzle be put together.

Thus, the need for collaboration has been - more or less - accepted. However, large scale, collaborative detection efforts have been difficult. EWS started addressing this a couple of years ago, already. And while certain technical requirements (privacy, data protection, ...) have been met, EWS still require a lot of research efforts and improvements in order to keep up with the perpetuous arms race between attackers and defenders.


The goal of this workshop is twofold: Evaluate the current state of the art of EWS and explore both related and future research areas. On an organizational level the workshop is intended to stimulate collaborative efforts.

The program committee solicits submissions particularly from the following areas but will carefully consider all contributions which are sufficiently related to Early Warning and Network Intelligence:

  • modeling EWS
  • organizational and operational issues of EWS
    • practical experiences
    • international cooperation
    • inter-organizational communication/cooperation
    • interoperability
  • next generation EWS
  • distributed sensor networks
  • data acquisition
  • data aggregation/evaluation
  • visualization
  • data navigation/user interfaces
  • infrastructural network security
  • privacy and data protection in EWS
  • management of large-scale EWS installations
  • HCI aspects of EWS

Important Dates

Paper Submission 2009-12-15
Notification of Acceptance 2009-12-31
Workshop 2010-01-27

Submission Details

Submissions are expected to use LaTeX's document class article, paper size A4.

Submissions must be in PDF and should not exceed 14 pages. Submission of an extended abstract is possible, but of course it has to be such that a meaningful review can be conducted.

All submissions will be reviewed by multiple PC members.

Please send your submissions to

Presentations and papers will be published in cooperation with SIDAR on the electronic document repository of the University of Dortmund. License details can be found here.

Conference Program

Presentations and papers are be published in cooperation with SIDAR on the electronic document repository of the University of Dortmund.

10:00-10:15  Welcome
10:15-11:00 F. Freiling What is an early warning system? Slides
11:00-11:15 Coffee
11:15-12:00 A. Theilmann  Beyond centralism: The Herold Approach to Sensor Networks and Early Warning Systems Slides Paper
12:00-12:45 M. Meier Early Warning System on a National Level - Project AMSEL Slides Paper
12:45-14:00 Lunch
14:00-14:45 M. Weseloh Network Security Visualisation Techniques in Early Warning Systems Slides
14:45-15:30 P. Trinius The InMAS Approach Slides Paper
15:30-15:45 Coffee
15:45-16:30 M. Deml Internet Early Warning Systems - Overview and Architecture Slides Paper
16:30-17:15 T. Dörges Integrating Open Source Information – Rumors and Facts in Early Warning Slides

Registration and fees

For registration please go to
Details about the venue are to be found here:
(Since EWNI2010 is collocated with a couple of other events we can benefit from common logistics at least partially.)

The registrations fees are as follows:

200,- EUR (normal)
100,- EUR (discount for FIRST, TI or GI members)
50,- EUR (student discount)
0,- EUR (for speakers)

Program committee

The program committee members are

Carol Overes (GOVCERT.NL)
Ferenc Suba (CERT-Hungary)
Klaus-Peter Kossakowski (PRESECURE Consulting GmbH)
Marco Thorbrügge (ENISA)
Peter Haag (SWITCH-CERT)
Piotr Kijewski (CERT POLSKA)
Till Dörges (PRESENSE Technologies GmbH)
Ulrich Flegel (SAP Research)

Support and such

EWNI2010 is organized by PRESENSE Technologies GmbH.

EWNI2010 is supported by ENISA.

EWNI2010 is in cooperation with the SIG SIDAR of the German Informatics Society (Fachgruppe SIDAR der Gesellschaft für Informatik e.V.)

EWNI2010 is collocated with the joint FIRST/TF-CSIRT event in January 2010.

Contact information

You can reach the organizers at