More accessible version
ICS > CARV > Advanced Computing Systems  Site Map.Search.Help.GreekEnglish

.Printer friendly version

 Institute of Computer Science

Automatic Detection of Internet-based Cyberattacks

Over the last few years, the Internet has been repeatedly used as a medium to launch attacks against computer and communication subsystems. Such attacks, which are usually called cyber-attacks may disable a large number of computers, which may in turn paralyze critical infrastructures including telecommunications, provision of electric power, transportation, water supplies, athletic infrastructure, and commerce. Such cyber-attacks propagate rapidly and may have profound impact.

Our research targets the creation of early warning systems that can detect cyber-attacks quickly and can respond to them efficiently. Our recent focus has been on the direction of designing, implementing, and deploying early-warning systems that are able to detect computer attacks at their infancy.



  • Cassandra is a utility that takes as an input a trace file and reports suspicious packets based on distinct destination counts.
  • Packetgrep is a utility that given a trace file, a payload hash, and a payload length, reports all matching packets.




  • Computer immunology S. Forrest, S. Hofmeyr, and A. Somayaji. Communications of the ACM, 40(10), pp. 88-96, 1997.
  • Computer virus-antivirus coevolution Carey Nachenberg. Communications of the ACM, 40(1):47-51, Jan. 1997.
  • New Directions in Traffic Measurement and Accounting C. Estan and G. Varghese, in Proceedings of the ACM SIGGCOMM Conference, 2002.


D1.1 - Requirements analysis