Papers online:
The presentations and publications have been published.Press release published:
Download press release(German version)
Supported by:
In cooperation with:
SIG SIDAR of the German Informatics Society
EWNI 2010 - Call for Papers
1st European Workshop on Internet Early Warning and Network Intelligence
- January 27, 2010
- Hamburg, Germany
Introduction
Threats in the Internet are numerous. They have to be dealt with at many levels - ranking from firewalls or intrusion detection systems (IDS) to measures with a broader or even global focus. Early Warning Systems (EWS) are such broadly focused measures. EWS usually consist of distributed sensors networks and some central analysis or assessment facilities. The sensors collect raw data, e.g. statistics about connections (NetFlows), malware samples, or IDS events. By means of the centralized analysis facilities the "big picture" of what is happening can be obtained. EWS is valuable to numerous roles and entities. Be it larger organizations, governments, or Computer Emergency Response Teams (CERT). All greatly benefit from EWS and the resulting (global) network situational awareness when having to judge the security of their own networks. The usefulness of EWS for Critical Information Infrastructure Protection (CIIP) follows directly from this. Only when many actors deliver pieces can the puzzle be put together.
Thus, the need for collaboration has been - more or less - accepted. However, large scale, collaborative detection efforts have been difficult. EWS started addressing this a couple of years ago, already. And while certain technical requirements (privacy, data protection, ...) have been met, EWS still require a lot of research efforts and improvements in order to keep up with the perpetuous arms race between attackers and defenders.
Topics
The goal of this workshop is twofold: Evaluate the current state of the art of EWS and explore both related and future research areas. On an organizational level the workshop is intended to stimulate collaborative efforts.
The program committee solicits submissions particularly from the following areas but will carefully consider all contributions which are sufficiently related to Early Warning and Network Intelligence:
- modeling EWS
- organizational and operational issues of EWS
- practical experiences
- international cooperation
- inter-organizational communication/cooperation
- interoperability
- next generation EWS
- distributed sensor networks
- data acquisition
- data aggregation/evaluation
- visualization
- data navigation/user interfaces
- infrastructural network security
- privacy and data protection in EWS
- management of large-scale EWS installations
- HCI aspects of EWS
Important Dates
| Paper Submission | 2009-12-15 |
| Notification of Acceptance | 2009-12-31 |
| Workshop | 2010-01-27 |
Submission Details
Submissions are expected to use LaTeX's document class article, paper size A4.
Submissions must be in PDF and should not exceed 14 pages. Submission of an extended abstract is possible, but of course it has to be such that a meaningful review can be conducted.
All submissions will be reviewed by multiple PC members.
Please send your submissions to ewni2010-submissions@pre-sense.de
Presentations and papers will be published in cooperation with SIDAR on the electronic document repository of the University of Dortmund. License details can be found here.
Conference Program
Presentations and papers are be published in cooperation with SIDAR on the electronic document repository of the University of Dortmund.
| 10:00-10:15 | Welcome | |||
| 10:15-11:00 | F. Freiling | What is an early warning system? | Slides | |
| 11:00-11:15 | Coffee | |||
| 11:15-12:00 | A. Theilmann | Beyond centralism: The Herold Approach to Sensor Networks and Early Warning Systems | Slides | Paper |
| 12:00-12:45 | M. Meier | Early Warning System on a National Level - Project AMSEL | Slides | Paper |
| 12:45-14:00 | Lunch | |||
| 14:00-14:45 | M. Weseloh | Network Security Visualisation Techniques in Early Warning Systems | Slides | |
| 14:45-15:30 | P. Trinius | The InMAS Approach | Slides | Paper |
| 15:30-15:45 | Coffee | |||
| 15:45-16:30 | M. Deml | Internet Early Warning Systems - Overview and Architecture | Slides | Paper |
| 16:30-17:15 | T. Dörges | Integrating Open Source Information – Rumors and Facts in Early Warning | Slides |
Registration and fees
For registration please go to https://cgi.dfn-cert.de/cgi-bin/ewni.
Details about the venue are to be found here: http://www.dfn-cert.de/29tf-csirt/.
(Since EWNI2010 is collocated with a couple of other events we can benefit from common logistics at least partially.)
The registrations fees are as follows:
| 200,- EUR | (normal) |
| 100,- EUR | (discount for FIRST, TI or GI members) |
| 50,- EUR | (student discount) |
| 0,- EUR | (for speakers) |
Program committee
The program committee members are
| Carol Overes | (GOVCERT.NL) |
| Ferenc Suba | (CERT-Hungary) |
| Klaus-Peter Kossakowski | (PRESECURE Consulting GmbH) |
| Marco Thorbrügge | (ENISA) |
| Peter Haag | (SWITCH-CERT) |
| Piotr Kijewski | (CERT POLSKA) |
| Till Dörges | (PRESENSE Technologies GmbH) |
| Ulrich Flegel | (SAP Research) |
Support and such
EWNI2010 is organized by PRESENSE Technologies GmbH.
EWNI2010 is supported by ENISA.
EWNI2010 is in cooperation with the SIG SIDAR of the German Informatics Society (Fachgruppe SIDAR der Gesellschaft für Informatik e.V.)
EWNI2010 is collocated with the joint FIRST/TF-CSIRT event in January 2010.
Contact information
You can reach the organizers at
ewni2010@pre-sense.de