Dr. Emmanouil Vasilomanolakis

nameEmmanouil Vasilomanolakis

Senior Researcher

Postdoc (Smart Protection in Infrastructures and Networks (SPIN))

phone+49 (6151) 16 - 23199

+49 (6151) 16 - 23202


S2|02 A312

postal address

TU Darmstadt - FB 20
FG Telekooperation
Hochschulstraße 10
D-64289 Darmstadt

Research Interests

  • Collaborative Intrusion Detection
  • Honeypots
  • Botnet monitoring

Short Bio

I am a senior researcher (post-doc) at Technische Universität Darmstadt. My research interests include collaborative intrusion detection, honeypots and alert data correlation.

I received a PhD (Dr. rer. nat.) from the Technische Universität Darmstadt in 2016 for my dissertation "On Collaborative Intrusion Detection". Heretofore, I received my diploma (Dipl.-Inform.) and MSc from the University of the Aegean (Greece) in 2008 and 2011 respectively. My master thesis, in the area of honeypots, was conducted in cooperation with the National Center of Scientific Research “Demokritos”. Lastly, I worked as a researcher for AGT International, on the field of IoT security, from 2014-2015.


On Probe-Response Attacks in Collaborative Intrusion Detection Systems

Author Emmanouil Vasilomanolakis, Michael Stahn, Carlos Garcia Cordero, Max Mühlhäuser
Date October 2016
Kind Inproceedings
Book titleIEEE Conference on Communications and Network Security
Pages279 - 286
LocationPhiladelphia, USA
Research Areas Telecooperation, CROSSING, CRISP, - SSI - Area Secure Smart Infrastructures, Fachbereich Informatik, SPIN: Smart Protection in Infrastructures and Networks, CYSEC
Abstract Cyber-attacks are steadily increasing in both their size and sophistication. To cope with this, Intrusion Detection Systems (IDSs) are considered mandatory for the protection of critical infrastructure. Furthermore, research is currently focusing on collaborative architectures for IDSs, creating a Collaborative IDS (CIDS). In such a system a number of IDS monitors work together towards creating a holistic picture of the monitored network. Nevertheless, a class of attacks exists, called probe-response, which can assist adversaries to detect the network position of CIDS monitors. This can significantly affect the advantages of a CIDS. In this paper, we introduce PREPARE, a framework for deploying probe-response attacks and also for studying methods for their mitigation. Moreover, we present significant improvements on both the effectiveness of probe-response attacks as well as on mitigation techniques for detecting them. We evaluate our approach via an extensive simulation and a real-world attack deployment that targets two CIDSs. Our results show that our framework can be practically utilized, that our proposals significantly improve probe-response attacks and, lastly, that the introduced detection and mitigation techniques are effective.
Website http://cns2016.ieee-cns.org/
Full paper (pdf)
[Export this entry to BibTeX]

Important Copyright Notice:

The documents contained in these directories are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.

To top

Community Services




  • Journal of Network and Computer Applications, ELSEVIER
  • Computer Science Review, ELSEVIER
  • Information Fusion, ELSEVIER
  • IEEE Transactions on Cognitive Communications and Networking

Conferences & Workshops


TPC member


  • IEEE International Conference on Communications (ICC)

Posters, Demos and Talks

  • 10-11.06.2014 Collaborative Intrusion Detection using Mobile Honeypots
    Emmanouil Vasilomanolakis, Shankar Karuppayah, Mathias Fischer, Max Muhlhauser
    Intel Workshop on Cyberphysical and Mobile Security, Darmstadt, Germany (poster)
  • 21.04.2013 A short introduction to honeypots
    FOSSCOMM 2013, Athens, Greece (invited talk)

Summer/Winter Schools & Workshops

  • European Intensive Program on Information and Communication Security (IPICS), University of Regensburg, Germany, 2008
  • 4th Summer School on Network & Information Security (NIS): The Challenge of the Changing Risk Landscape, jointly organized by ENISA and FORTH, Greece, 2011
  • Honeynet Project Workshop (Under a full scholarship offered by the Honeynet Project), Warsaw Poland, 2014

Topics for Bachelor and Master Theses

Please check the list bellow for open Bachelor or Master thesis topics. Our group always offers a selection of challenging topics in the area of intrusion detection and Cyber Security. If you see an open topic that appears to be interesting for you, kindly drop me an email.


7 Entries found


TRIDEnT: Blockchain-based Collaborative Intrusion Detection

Master Thesis

in progress

Cyber attacks are becoming increasingly sophisticated and coordinated. Isolated intrusion detection systems can sometimes not detect coordinated attacks in time. Therefore, collaboration between intrusion detection systems in needed, in the form of alert exchange. However, beneficial collaboration between mutually untrusted peers (some may be controlled by attackers already) is a problem of its own. To address this problem, we have introduced TRIDEnT, a blockchain-based Collaborative Intrusion Detection System (CIDS).

This thesis involves continuing the development of TRIDEnT with theoretical and practical contributions. Prototypes will be built using Hyperledger Fabric and will be evaluated in simulated, as well as in real-world settings.


Trust in Collaborative Intrusion Detection

Master Thesis

in progress


A novel honeypot concept

Master Thesis

in progress

Nowadays, the number and sophistication of cyberattacks is  constantly  increasing.  To  cope  with  this,  security  solutions  such  as  Intrusion Detection Systems (IDSs)  are  considered  a  mandatory  line of  defense  for  any  critical  network.  However,  IDSs usually employ passive monitoring techniques.  Honeypots emerged from the need for more active monitoring.

Honeypots are systems whose only value is to be probed, attacked and compromised. Their purpose is to attract malicious users, study their activities and, at the same time, reduce the attack surface of the monitored network. It is important to note that since honeypots do not feature any other purpose; by definition, any interaction with them is considered an attack. Thus, they do not exhibit false positives, i.e., all incoming traffic is considered malicious.

On P2P Botnet Monitoring in Adverse Conditions

Master Thesis


Botnets are collections of infected computation devices that are remotely controlled by so called botmasters. Botnets are used for many criminal purposes such as Distributed Denial of Service (DDoS), credential theft or spam mail distribution which makes them a prominent target for law enforcement and researchers. Several takedowns of centralized botnets lead to an arms race of developing more resilient botnets and new ways to defeat them. The latest iteration of resilient botnets uses P2P overlays to overcome the single point of failure present in centralized systems. The open nature of P2P systems allows the defender to infiltrate and monitor the botnets to collect intelligence information for potential takedowns. Recent publications present mechanisms that allow to detect monitoring operations and it is only a matter of time until botmasters implement these to create monitoring resistant Peer-to-peer botnets.

Using blockchains for alert data dissemination in CIDS

Master Thesis


The increasing number of highly sophisticated and coordinated cyber attacks proves that Intrusion

Detection Systems (IDSs) have to re-examine their current defensive techniques and move

towards to more collaborative mechanisms. Collaborative IDSs (CIDSs) are providing such an

approach by introducing the idea of cooperation between multiple sensors (firewalls, IDSs, honeypots)

with the aim of creating a holistic overview about the monitored network. Altough,

there are plenty of research attempts with regard to CIDSs, this new area is still facing major

challenges. Among all the others, these include the problem of exchanging alert data in a

confidential and integrity-preserving way as well as providing accountability for the participating

sensors. Apart from these challenges, bringing consensus to a CIDS network is also an area,

which has not been explored yet. According to novel research aspects that have been made in

the field of blockchains, this technology seems promising to fill the aforementioned research


Trust Management in P2P Botnets

Master Thesis


Botnets are one of the most prevalent threats present in today’s interconnected world, playing an

integral role in a wide variety of cybercrime activities. P2P botnets are the latest iteration in the

cat-and-mouse game between botmasters on the one side and researchers and law enforcement

officials on the other. While the open and distributed nature of P2P botnets prevents a number of attacks that can be performed on centralized botnets, it opens up a number of new attack vectors, too.

More specifically, attackers can reverse-engineer a botnet’s protocol, infiltrate it, and perform

monitoring or disruptive attacks.

On the Analysis & Generation of Synthetic Attacks for Intrusion Detection Systems

Master Thesis


Intrusion Detection Systems (IDS) have established themselves as a mandatory line of defense for critical infrastructure. One main aspect during the development of an IDS is the evaluation and optimization of the detection algorithms. Currently there is no standardized model for the evaluation of the detection efficiency. A common approach has been the use of static datasets, but the publicly available datasets have flaws in many regards, like their actuality and the absence of up-to-date attacks.This creates challenges in terms of the reproducibility and the comparison of results.


Winter Term 2017/2018

Winter Term 2016/2017

  • Seminar Telekooperation
  • Protection in Networked Systems ‒ Trust, Resilience, and Privacy (course web page)

Winter Term 2015/2016

  • Seminar Telekooperation (course web page)
  • Bachelor Students Traineeship / Bachelorpraktikum
  • Oberseminar TK (link)

Winter Term 2014/2015

  • Seminar Telekooperation (course web page)
    Advisor for topics: "Analysis of collaborative data correlation algorithms with a focus on alert data correlation", "A survey of the security features of IoT platforms and architectures", "A Survey on Security in the Internet of Thing’s Machine-to-Machine Platforms"
  • Projectpraktikum
    Supervision: HosTaGe

Summer Term 2014

  • Seminar Telekooperation (course web page)
    Advisor for topic "
    Alert Correlation and Aggregation for Collaborative Intrusion Detection"
  • Simulation und Evaluation von Computernetzwerken (SECoN) (course web page)

Winter Term 2013/2014

  • Seminar Telekooperation (course web page)
    Advisor for topics "Mobile Honeypots: A survey" and (Co-advisor) "Mobile Live Forensics"
  • Bachelor Students Traineeship / Bachelorpraktikum
    Co-supervision "HOsTaGe: 2.0"
  • Projectpraktikum
    Co-supervision "HOsTaGe: Arm and Loaded"

Summer Term 2013

Winter Term 2012/2013

  • Seminar Security, Privacy, and Trust
    Advisor for topic “Attacks on Intrusion Detection Systems
A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Website Analysis: More Information
zum Seitenanfangzum Seitenanfang