Contact Details

nameCarlos Garcia Cordero
positionPhD at GRK Privacy and Trust for mobile Users

garcia (AT) tk(DOT)tu-darmstadt(DOT)de

phone+49 (6151) 16 - 23205
fax+49 (6151) 16 - 23202
officeS2|02 A 316
postal addressTU Darmstadt - FB 20
FG Telekooperation
Hochschulstraße 10
D-64289 Darmstadt

Research Interests

  • Machine learning

    • Anomaly Detection
    • Bayesian Networks
    • Deep Learning

  • Network Intrusion Detection

    • Collaborative Intrusion Detection
    • Distributed Intrusion Detection

Short Biography

Carlos García Cordero is a scientist, systems engineer, mathematician, musician and thinker.

Carlos' research experience and interests are wide and cover diverse topics such as cybersecurity, artificial intelligence, programming languages, compilers, machine learning and computer graphics, among others. 

Carlos is currently studying a PhD in Cyber Security and Distributed Machine Learning at TU Darmstadt. He has an MSc in Artificial Intelligence from The University of Edinburgh and a BSc in Computer Systems Engineering from the ITESM CSF in Mexico, both achieved with the highest honours.


Additional Attributes


ID2T - The Intrusion Detection Dataset Generation Toolkit

Carlos Garcia Cordero, Emmanouil Vasilomanolakis, Max Mühlhäuser
December 2017

HOLEG: a Simulator for Evaluating Resilient Energy Networks based on the Holon Analogy

Rolf Egert, Carlos Garcia Cordero, Andrea Tundis, Max Mühlhäuser
In: 21st IEEE/ACM International Symposium on Distributed Simulation and Real Time Applications (DS-RT 2017), October 2017

Evidence-Based Trust Mechanism Using Clustering Algorithms for Distributed Storage Systems

Giulia Traverso, Carlos Garcia Cordero, Mehrdad Nojoumian, Reza Azarderakhsh, Denise Demirel, Sheikh Mahbub Habib, Johannes Buchmann
In: 15th Annual Conference on Privacy, Security and Trust (PST), August 2017

Increasing the Resilience of Cyber Physical Systems in Smart Grid Environments using Dynamic Cells

Andrea Tundis, Carlos Garcia Cordero, Rolf Egert, Alfredo Garro, Max Mühlhäuser
In: ICCPS 2017: 19th International Conference on Cyber-Physical Systems, p. 796-807, 2017

Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks

Carlos Garcia Cordero, Sascha Hauke, Max Mühlhäuser, Mathias Fischer
In: 14th Annual Conference on Privacy, Security and Trust (PST), p. 317 - 324, December 2016

On Probe-Response Attacks in Collaborative Intrusion Detection Systems

Emmanouil Vasilomanolakis, Michael Stahn, Carlos Garcia Cordero, Max Mühlhäuser
In: IEEE Conference on Communications and Network Security, p. 279 - 286, October 2016

Multi-stage Attack Detection and Signature Generation with ICS Honeypots

Emmanouil Vasilomanolakis, Shreyas Srinivasa, Carlos Garcia Cordero, Max Mühlhäuser
In: IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), p. 1227 - 1232, April 2016

Towards the creation of synthetic, yet realistic, intrusion detection datasets <b>(best paper award)</b>

Emmanouil Vasilomanolakis, Carlos Garcia Cordero, Nikolay Milanov, Max Mühlhäuser
In: IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), p. 1209 - 1214, April 2016

SkipMon: a Locality-Aware Collaborative Intrusion Detection System

Emmanouil Vasilomanolakis, Matthias Kruegl, Carlos Garcia Cordero, Mathias Fischer, Max Mühlhäuser
In: International Performance Computing and Communications Conference (IPCCC), p. 1 - 8, December 2015

Probe-response attacks on collaborative intrusion detection systems: effectiveness and countermeasures

Emmanouil Vasilomanolakis, Michael Stahn, Carlos Garcia Cordero, Max Mühlhäuser
In: IEEE Conference on Communications and Network Security (CNS), p. 699 - 700, September 2015


4 Entries found


Reverse Engineering of Windows-based P2P Botnets

Master Thesis


ID2T: an Intrusion Detection Dataset Toolkit

Master Thesis


Intrusion detection systems are nowadays considered a mandatory line of defense for computer networks. A lot of research has been done in the direction of creating novel detection algorithms, especially in the field of anomaly detection. However, in order to be able to evaluate intrusion detection algorithms or systems, researchers require network datasets that are as close as possible to real networks. This implies that modern cyber attacks and browsing patterns must be included in such datasets. Nevertheless, in a continuously dynamic environment both from a network as well as from an attackers point of view, it is not easy to create realistic simulated datasets.


A Traffic analyzer for the automated detection of protocols usable for amplification attacks

Master Thesis


Today, the number of Distributed Denial of Service (DDoS) attacks is becoming more and more a threat in terms of cyber criminality. The motivations for this kind of attacks are financial and economical gain, revenge, ideological belief, intellectual challenge, and Cyberwarfare.

One famous DDoS form is the amplification attack. In general, an amplification attack means a short spoofed network protocol request and a huge response that is reflected to a victim. These messages are flooded to the victim to exhaust the bandwidth. The abused services for this kind of attack must have at least two properties. First, the service should base on UDP, which is stateless. The benefit of UDP is the direct transport layer interaction without any network session establishment like the TCP Three-Way-Handshake. Second, make protocol requests whose responses are significantly bigger that it works as amplifier. Currently, different services are in focus of hackers to run this kind of attack.

Before vulnerability’s in a service is abused, the potential for an amplification in a protocol must be known. This thesis will develop an automatic tool for the detection of protocols that are vulnerable for amplification attacks. After a protocol is detected, a crawler will check the popularity of the service. Other hosts that offer the same service are penetrated with packets that are crafted from previous captured traffic. This behavior checks if the other service provider are vulnerable too. A detection mechanism is integrated into an existing IDS. The analysis of the intercepted traffic elects requests response pairs. If they are linked, different measurements are calculated. The main contribution of the thesis is a protocol analysis system that detects protocols that are vulnerable to amplification attacks and a crawler that checks the impact of the detection.


Anomaly detection of user behaviour in smartphones

Master Thesis


Mobile phones have become essential devices that people carry around everywhere they go. These devices contain important personal and confidential information, such as pictures, emails and login credentials, which make them a prime for theft. A user with the knowledge that their device has been stolen is able to prevent further damage with tools that remotely contact the device. These technologies are useless, however, if the user does not know that the device has been stolen or if a remote connection is not possible.

In this project we are going to create technologies that are capable of automatically detecting when a mobile phone has been stolen without human intervention. These technologies will learn the behavior of the owner and will recognize when the device is no longer being used by the owner. Once it is discovered that there is someone else using the device, it will lock itself up and try to contact back the owner.

The realization of this technology will be in the form of an Android application lock the mobile device up in such a way that only the owner of the device will be able to unlock it. We will use artificial intelligence to learn and distinguish between different user behaviors.

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Website Analysis: More Information
zum Seitenanfangzum Seitenanfang