Dr. Emmanouil Vasilomanolakis

nameEmmanouil Vasilomanolakis

Senior Researcher

Postdoc (Smart Protection in Infrastructures and Networks (SPIN))

phone+49 (6151) 16 - 23199

+49 (6151) 16 - 23202


S2|02 A312

postal address

TU Darmstadt - FB 20
FG Telekooperation
Hochschulstraße 10
D-64289 Darmstadt

Research Interests

  • Collaborative Intrusion Detection
  • Honeypots
  • Botnet monitoring

Short Bio

I am a senior researcher (post-doc) at Technische Universität Darmstadt. My research interests include collaborative intrusion detection, honeypots and alert data correlation.

I received a PhD (Dr. rer. nat.) from the Technische Universität Darmstadt in 2016 for my dissertation "On Collaborative Intrusion Detection". Heretofore, I received my diploma (Dipl.-Inform.) and MSc from the University of the Aegean (Greece) in 2008 and 2011 respectively. My master thesis, in the area of honeypots, was conducted in cooperation with the National Center of Scientific Research “Demokritos”. Lastly, I worked as a researcher for AGT International, on the field of IoT security, from 2014-2015.


I Trust my Zombies: a Trust-enabled Botnet

Author Emmanouil Vasilomanolakis, Jan Helge Wolf, Leon Böck, Max Mühlhäuser, Shankar Karuppayah
Date December 2017
Kind Inproceedings
How publishedBlackhat Europe 2017
Book titleBlackhat Europe
LocationLondon, UK
Research Areas CRISP, CYSEC, SPIN: Smart Protection in Infrastructures and Networks, Telecooperation, CROSSING, S1
Abstract Defending against botnets has always been a cat and mouse game. Cyber-security researchers and government agencies attempt to detect and take down botnets by playing the role of the cat. In this context, a lot of work has been done towards reverse engineering certain variants of malware families as well as understanding the network protocols of botnets to identify their weaknesses (if any) and exploit them. While this is necessary, such an approach offers the botmasters the ability to quickly counteract the defenders by simply performing small changes in their arsenals. We attempt a different approach by actually taking the role of the Botmaster, to eventually anticipate his behavior. That said, in this presentation, we present a novel computational trust mechanism for fully distributed botnets that allows for a resilient and stealthy management of the infected machines (zombies). We exploit the highly researched area of computational trust to create an autonomous mechanism that ensures the avoidance of common botnet tracking mechanisms such as sensors and crawlers. In our futuristic botnet, zombies are both smart and cautious. They are cautious in the sense that they are careful with whom they communicate with. Moreover, they are smart enough to learn from their experiences and infer whether their fellow zombies are indeed who they claim to be and not government agencies' spies. We study different computational trust models, mainly based on Bayesian inference, to evaluate their advantages and disadvantages in the context of a distributed botnet. Furthermore, we show, via our experimental results, that our approach is significantly stronger than any technique that has been seen in botnets to date. Finally, we step out of the adversarial perspective and touch the topic of countermeasures against our own approach.
Website https://www.blackhat.com/eu-17
Full paper (pdf)
[Export this entry to BibTeX]

Important Copyright Notice:

The documents contained in these directories are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.

To top

Community Services




  • Journal of Network and Computer Applications, ELSEVIER
  • Computer Science Review, ELSEVIER
  • Information Fusion, ELSEVIER
  • IEEE Transactions on Cognitive Communications and Networking

Conferences & Workshops


TPC member


  • IEEE International Conference on Communications (ICC)

Posters, Demos and Talks

  • 10-11.06.2014 Collaborative Intrusion Detection using Mobile Honeypots
    Emmanouil Vasilomanolakis, Shankar Karuppayah, Mathias Fischer, Max Muhlhauser
    Intel Workshop on Cyberphysical and Mobile Security, Darmstadt, Germany (poster)
  • 21.04.2013 A short introduction to honeypots
    FOSSCOMM 2013, Athens, Greece (invited talk)

Summer/Winter Schools & Workshops

  • European Intensive Program on Information and Communication Security (IPICS), University of Regensburg, Germany, 2008
  • 4th Summer School on Network & Information Security (NIS): The Challenge of the Changing Risk Landscape, jointly organized by ENISA and FORTH, Greece, 2011
  • Honeynet Project Workshop (Under a full scholarship offered by the Honeynet Project), Warsaw Poland, 2014

Topics for Bachelor and Master Theses

Please check the list bellow for open Bachelor or Master thesis topics. Our group always offers a selection of challenging topics in the area of intrusion detection and Cyber Security. If you see an open topic that appears to be interesting for you, kindly drop me an email.


7 Entries found


TRIDEnT: Blockchain-based Collaborative Intrusion Detection

Master Thesis

in progress

Cyber attacks are becoming increasingly sophisticated and coordinated. Isolated intrusion detection systems can sometimes not detect coordinated attacks in time. Therefore, collaboration between intrusion detection systems in needed, in the form of alert exchange. However, beneficial collaboration between mutually untrusted peers (some may be controlled by attackers already) is a problem of its own. To address this problem, we have introduced TRIDEnT, a blockchain-based Collaborative Intrusion Detection System (CIDS).

This thesis involves continuing the development of TRIDEnT with theoretical and practical contributions. Prototypes will be built using Hyperledger Fabric and will be evaluated in simulated, as well as in real-world settings.


Trust in Collaborative Intrusion Detection

Master Thesis

in progress


A novel honeypot concept

Master Thesis

in progress

Nowadays, the number and sophistication of cyberattacks is  constantly  increasing.  To  cope  with  this,  security  solutions  such  as  Intrusion Detection Systems (IDSs)  are  considered  a  mandatory  line of  defense  for  any  critical  network.  However,  IDSs usually employ passive monitoring techniques.  Honeypots emerged from the need for more active monitoring.

Honeypots are systems whose only value is to be probed, attacked and compromised. Their purpose is to attract malicious users, study their activities and, at the same time, reduce the attack surface of the monitored network. It is important to note that since honeypots do not feature any other purpose; by definition, any interaction with them is considered an attack. Thus, they do not exhibit false positives, i.e., all incoming traffic is considered malicious.

On P2P Botnet Monitoring in Adverse Conditions

Master Thesis


Botnets are collections of infected computation devices that are remotely controlled by so called botmasters. Botnets are used for many criminal purposes such as Distributed Denial of Service (DDoS), credential theft or spam mail distribution which makes them a prominent target for law enforcement and researchers. Several takedowns of centralized botnets lead to an arms race of developing more resilient botnets and new ways to defeat them. The latest iteration of resilient botnets uses P2P overlays to overcome the single point of failure present in centralized systems. The open nature of P2P systems allows the defender to infiltrate and monitor the botnets to collect intelligence information for potential takedowns. Recent publications present mechanisms that allow to detect monitoring operations and it is only a matter of time until botmasters implement these to create monitoring resistant Peer-to-peer botnets.

Using blockchains for alert data dissemination in CIDS

Master Thesis


The increasing number of highly sophisticated and coordinated cyber attacks proves that Intrusion

Detection Systems (IDSs) have to re-examine their current defensive techniques and move

towards to more collaborative mechanisms. Collaborative IDSs (CIDSs) are providing such an

approach by introducing the idea of cooperation between multiple sensors (firewalls, IDSs, honeypots)

with the aim of creating a holistic overview about the monitored network. Altough,

there are plenty of research attempts with regard to CIDSs, this new area is still facing major

challenges. Among all the others, these include the problem of exchanging alert data in a

confidential and integrity-preserving way as well as providing accountability for the participating

sensors. Apart from these challenges, bringing consensus to a CIDS network is also an area,

which has not been explored yet. According to novel research aspects that have been made in

the field of blockchains, this technology seems promising to fill the aforementioned research


Trust Management in P2P Botnets

Master Thesis


Botnets are one of the most prevalent threats present in today’s interconnected world, playing an

integral role in a wide variety of cybercrime activities. P2P botnets are the latest iteration in the

cat-and-mouse game between botmasters on the one side and researchers and law enforcement

officials on the other. While the open and distributed nature of P2P botnets prevents a number of attacks that can be performed on centralized botnets, it opens up a number of new attack vectors, too.

More specifically, attackers can reverse-engineer a botnet’s protocol, infiltrate it, and perform

monitoring or disruptive attacks.

On the Analysis & Generation of Synthetic Attacks for Intrusion Detection Systems

Master Thesis


Intrusion Detection Systems (IDS) have established themselves as a mandatory line of defense for critical infrastructure. One main aspect during the development of an IDS is the evaluation and optimization of the detection algorithms. Currently there is no standardized model for the evaluation of the detection efficiency. A common approach has been the use of static datasets, but the publicly available datasets have flaws in many regards, like their actuality and the absence of up-to-date attacks.This creates challenges in terms of the reproducibility and the comparison of results.


Winter Term 2017/2018

Winter Term 2016/2017

  • Seminar Telekooperation
  • Protection in Networked Systems ‒ Trust, Resilience, and Privacy (course web page)

Winter Term 2015/2016

  • Seminar Telekooperation (course web page)
  • Bachelor Students Traineeship / Bachelorpraktikum
  • Oberseminar TK (link)

Winter Term 2014/2015

  • Seminar Telekooperation (course web page)
    Advisor for topics: "Analysis of collaborative data correlation algorithms with a focus on alert data correlation", "A survey of the security features of IoT platforms and architectures", "A Survey on Security in the Internet of Thing’s Machine-to-Machine Platforms"
  • Projectpraktikum
    Supervision: HosTaGe

Summer Term 2014

  • Seminar Telekooperation (course web page)
    Advisor for topic "
    Alert Correlation and Aggregation for Collaborative Intrusion Detection"
  • Simulation und Evaluation von Computernetzwerken (SECoN) (course web page)

Winter Term 2013/2014

  • Seminar Telekooperation (course web page)
    Advisor for topics "Mobile Honeypots: A survey" and (Co-advisor) "Mobile Live Forensics"
  • Bachelor Students Traineeship / Bachelorpraktikum
    Co-supervision "HOsTaGe: 2.0"
  • Projectpraktikum
    Co-supervision "HOsTaGe: Arm and Loaded"

Summer Term 2013

Winter Term 2012/2013

  • Seminar Security, Privacy, and Trust
    Advisor for topic “Attacks on Intrusion Detection Systems
A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Website Analysis: More Information
zum Seitenanfangzum Seitenanfang