Prof. Dr. Thorsten Holz

  • Chair - Chair Systems Security
  • Member - Horst Görtz In­sti­tu­te for IT-Se­cu­ri­ty Horst Görtz Institute for IT-Security
Holz, Thorsten

Address

Ruhr-Uni­ver­si­ty Bo­chum
Chair for Systems Security
Uni­ver­si­täts­stras­se 150
44780 Bo­chum / Germany

room
ID 2/441
phone:
(+49)(0)234 / 32 - 25199
Fax:
(+49)(0)234 / 32 - 14956
Email:
thorsten.holz@rub.de PGP key
Website:
https://syssec.rub.de/~tho

Vita

Thorsten Holz is a professor in the Faculty of Electrical Engineering and Information Technology at Ruhr-University Bochum, Germany. His research interests include systems-oriented aspects of secure systems, with a specific focus on applied computer security. Currently, his work concentrates on bots/botnets, automated analysis of malicious software, and studying latest attack vectors. He received the Dipl.-Inform. degree in Computer Science from RWTH Aachen, Germany (2005), and the Ph.D. degree from University of Mannheim (2009). Prior to joining Ruhr-University Bochum in April 2010, he was a postdoctoral researcher in the Automation Systems Group at the Technical University of Vienna, Austria. In 2011, Thorsten received the Heinz Maier-Leibnitz Prize from the German Research Foundation (DFG).

Selected Professional Activities

  • IEEE Symposium on Security and Privacy, PC Member (2011, 2012, 2013, 2014)
  • USENIX Security Symposium, PC Member, PC Member (2007, 2013, 2014)
  • ACM Conference on Computer and Communications Security, PC Member (2012, 2013)
  • Annual Network & Distributed System Security Symposium, PC Member (2010, 2011, 2014)

Research

  • Studying current attack vectors with the help of honeypots and honeynets
  • Automated analysis of malicious software
  • Detection of infected machines (especially bots) on the network- and host-level
  • Security aspects of embedded systems, with a focus on smartphones
  • Security and privacy aspects of social networks

projects

More information about current projects can be found in the list of projects.

Courses

additional courses

Publications

2014
Technical Report: Towards Automated Integrity Protection of C++ Virtual Function Tables in Binary Programs

Robert Gawlik, Thorsten Holz - TR-HGI-2014-004, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), December 2014

Leveraging Semantic Signatures for Bug Search in Binary Programs

Jannik Pewny, Felix Schuster, Lukas Bernhard, Christian Rossow, Thorsten Holz - An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), New Or­leans, USA, De­cem­ber 2014

Towards Automated Integrity Protection of C++ Virtual Function Tables in Binary Programs

Robert Gawlik, Thorsten Holz - An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), New Or­leans, USA, De­cem­ber 2014

Using Automatic Speech Recognition for Attacking Acoustic CAPTCHAs: The Trade-off between Usability and Security

Hendrik Meutzner, Viet Hung Nguyen, Thorsten Holz, Do­ro­thea Kolossa - An­nual Com­pu­ter Se­cu­ri­ty Ap­p­li­ca­ti­ons Con­fe­rence (ACSAC), New Or­leans, USA, De­cem­ber 2014 - ** Outstanding Paper Award **

The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements

Apostolis Zarras, Alexandros Kapravelos, Gianluca Stringhini, Thorsten Holz, Christopher Kruegel, Giovanni Vigna - 14th ACM SIGCOMM Internet Measurement Conference (IMC), Vancouver, Canada, November 2014

Code Reuse Attacks in PHP: Automated POP Chain Generation

Johannes Dahse, Nikolai Krein, Thorsten Holz - 21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, USA, November 2014 - ** Best Student Paper Award **

You Can Run but You Can’t Read: Preventing Disclosure Exploits in Executable Code

Michael Backes, Thorsten Holz, Benjamin Kollenda, Philipp Koppe, Stefan Nürnberger, Jannik Pewny - 21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, USA, November 2014

CloudSylla: Detecting Suspicious System Calls in the Cloud

Marc Kührer, Johannes Hoffmann, Thorsten Holz - 16th International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS), Paderborn, Germany, September 2014

Evaluating the Effectiveness of Current Anti-ROP Defenses

Felix Schuster, Thomas Tendyck, Jannik Pewny, Andreas Maaß, Martin Steegmanns, Moritz Contag, Thorsten Holz - Re­se­arch in At­tacks, In­tru­si­ons and De­fen­ses (RAID) Sym­po­si­um, Gothenburg, Sweden, September 2014

Paint it Black: Evaluating the Effectiveness of Malware Blacklists

Marc Kührer, Christian Rossow, Thorsten Holz - Re­se­arch in At­tacks, In­tru­si­ons and De­fen­ses (RAID) Sym­po­si­um, Gothenburg, Sweden, September 2014

Tac­tile One-Ti­me Pad. Smart­pho­ne Au­then­ti­fi­ca­ti­on. Resi­li­ent Against Shoul­der Sur­fing

Sebastian Uellenbeck, Thomas Hupperich, Christopher Wolf, Thorsten Holz - TR-HGI-2014-003, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), September 2014

Static Detection of Second-Order Vulnerabilities in Web Applications

Johannes Dahse, Thorsten Holz - 23rd USENIX Security Symposium, San Diego, CA, USA, August 2014 - ** Internet Defense Prize by Facebook **

Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data

Sebastian Vogl, Robert Gawlik, Behrad Garmany, Thomas Kittel, Jonas Pfoh, Claudia Eckert, Thorsten Holz - 23rd USENIX Security Symposium, San Diego, CA, USA, August 2014

Exit from Hell? Reducing the Impact of Amplification DDoS Attacks

Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz - 23rd USENIX Security Symposium, San Diego, CA, USA, August 2014

Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks

Marc Kührer, Thomas Hupperich, Christian Rossow, Thorsten Holz - 8th USENIX Workshop on Offensive Technologies (WOOT), San Diego, CA, USA, August 2014

Automated Generation of Models for Fast and Precise Detection of HTTP-Based Malware

Apostolis Zarras, Antonis Papadogiannakis, Robert Gawlik, Thorsten Holz - 12th Annual Conference on Privacy, Security and Trust (PST), Toronto, Canada, July 2014

Technical Report: Paint it Black: Evaluating the Effectiveness of Malware Blacklists

Marc Kührer, Christian Rossow, Thorsten Holz - TR-HGI-2014-002, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), June 2014

Technical Report: Evaluating the Effectiveness of Current Anti-ROP Defenses

Felix Schuster, Thomas Tendyck, Jannik Pewny, Andreas Maaß, Martin Steegmanns, Moritz Contag, Thorsten Holz - TR-HGI-2014-001, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), May 2014

Scriptless attacks: Stealing more pie without touching the sill

Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk - Journal of Computer Security, Volume 22, Number 4 / 2014, Web Application Security – Web @ 25

GraphNeighbors: Hampering Shoulder-Surfing Attacks on Smartphones

Irfan Altiok, Sebastian Uellenbeck, Thorsten Holz - GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Vienna, Austria, March 2014

Simulation of Built-in PHP features for Precise Static Code Analysis

Johannes Dahse, Thorsten Holz - Annual Network & Distributed System Security Symposium (NDSS), San Diego, February 2014

2013
Control-Flow Restrictor: Compiler-based CFI for iOS

Jannik Pewny, Thorsten Holz - Annual Computer Security Applications Conference (ACSAC), New Orleans, USA, December 2013

k-subscription: Privacy-preserving Microblogging Browsing through Obfuscation

Panagiotis Papadopoulos, Antonis Papadogiannakis, Michalis Polychronakis, Apostolis Zarras, Thorsten Holz, Evangelos P. Markatos - 29th Annual Computer Security Applications Conference (ACSAC), New Orleans, USA, December 2013

Towards Reducing the Attack Surface of Software Backdoors

Felix Schuster, Thorsten Holz - 20th ACM Conference on Computer and Communications Security (CCS), Berlin, November 2013

Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns

Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, Thorsten Holz - ACM Conference on Computer and Communications Security (CCS), Berlin, November 2013

An Experimental Security Analysis of Two Satphone Standards

Benedikt Driessen, Ralf Hund, Carsten Willems, Chris­tof Paar, Thorsten Holz - ACM Transactions on Information and System Security (TISSEC), Vol. 16, No. 3, Article 10, Publication date: November 2013

Mobile Malware Detection Based on Energy Fingerprints - A Dead End?

Johannes Hoffmann, Stephan Neumann, Thorsten Holz - Research in Attacks, Intrusions and Defenses (RAID) Symposium, St. Lucia, October 2013

Preventing Backdoors In Server Applications With A Separated Software Architecture (Short Paper)

Felix Schuster, Stefan Rüster, Thorsten Holz - 10th Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Berlin, July 2013

Im­pro­ving Lo­ca­ti­on Pri­va­cy for the Elec­tric Ve­hi­cle Mas­ses

Tilman Frosch, Sven Schäge, Martin Goll, Thorsten Holz - TR-HGI-2013-001, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), June 2013

Practical Timing Side Channel Attacks Against Kernel Space ASLR

Ralf Hund, Carsten Willems, Thorsten Holz - IEEE Symposium on Security and Privacy ("Oakland"), San Francisco, CA, May 2013

PSiOS: Bring Your Own Privacy & Security to iOS Devices

Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz - ACM Symposium on Information, Computer and Communications Security (ASIACCS), Hangzhou, China, May 2013 - **Distinguished Paper Award**

A Security Layer for Smartphone-to-Vehicle Communication over Bluetooth

Andrea Dardanelli, Federico Maggi, Mara Tanelli, Stefano Zanero, Sergio M. Savaresi, Roman Kochanek, Thorsten Holz - IEEE Embedded Systems Letters, Volume: 5, Issue: 3

Slicing Droids: Program Slicing for Smali Code

Johannes Hoffmann, Martin Ussath, Michael Spreitzenbarth, Thorsten Holz - 28th In­ter­na­tio­nal ACM Sym­po­si­um on Ap­p­lied Com­pu­ting (SAC), Co­im­bra, Por­tu­gal, March 2013

Predentifier: Detecting Botnet C&C Domains From Passive DNS Data

Tilman Frosch, Marc Kührer, Thorsten Holz - Advances in IT Early Warning, Fraunhofer Verlag, February 2013. ISBN: 978-3-8396-0474-8

2012
Down to the Bare Metal: Using Processor Features for Binary Analysis

Carsten Willems, Ralf Hund, Amit Vasudevan, Andreas Fobian, Dennis Felsch, Thorsten Holz - Annual Computer Security Applications Conference (ACSAC), Orlando, FL, December 2012

Using Memory Management to Detect and Extract Illegitimate Code for Malware Analysis

Carsten Willems, Felix C. Freiling, Thorsten Holz - Annual Computer Security Applications Conference (ACSAC), Orlando, FL, December 2012

CXPInspector: Hypervisor-Based, Hardware-Assisted System Monitoring

Carsten Willems, Ralf Hund, Thorsten Holz - TR-HGI-2012-002, Ruhr-Uni­ver­si­tät Bo­chum, Horst Görtz In­sti­tut für IT-Si­cher­heit (HGI), November 2012

Down to the Bare Metal: Using Processor Features for Binary Analysis

Carsten Willems, Ralf Hund, Dennis Felsch, Andreas Fobian, Thorsten Holz - TR-HGI-2012-001, Ruhr-Universität Bochum, Horst Görtz Institut für IT-Sicherheit (HGI), November 2012

Scriptless Attacks – Stealing the Pie Without Touching the Sill

Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk - 19th ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012

B@bel: Leveraging Email Delivery for Spam Mitigation

Gianluca Stringhini, Manuel Egele, Apostolis Zarras, Thorsten Holz, Christopher Kruegel, Giovanni Vigna - 21st USENIX Security Symposium, Bellevue, WA, USA, August 2012

On the Fragility and Limitations of Current Browser-provided Clickjacking Protection Schemes

Sebastian Lekies, Mario Heiderich, Dennis Appelt, Thorsten Holz, Martin Johns - 6th USENIX Workshop on Offensive Technologies (WOOT), Bellevue, WA, August 2012

SmartProxy: Secure Smartphone-Assisted Login on Compromised Machines

Johannes Hoffmann, Sebastian Uellenbeck, Thorsten Holz - 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Heraklion, Greece, July 2012

Don’t Trust Satellite Phones: A Security Analysis of Two Satphone Standards

Benedikt Driessen, Ralf Hund, Carsten Willems, Chris­tof Paar, Thorsten Holz - IEEE Symposium on Security and Privacy ("Oakland"), San Francisco, CA, May 2012 - **Best Paper Award**

Tracking DDoS Attacks: Insights into the Business of Disrupting the Web

Armin Büscher, Thorsten Holz - 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Jose, CA, April 2012

An Empirical Analysis of Malware Blacklists

Marc Kührer, Thorsten Holz - PIK - Praxis der Informationsverarbeitung und Kommunikation. Volume 35, Issue 1, Pages 11–16, April 2012

MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones

Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger, Ahmad-Reza Sadeghi - Annual Network & Distributed System Security Symposium (NDSS), San Diego, February 2012

2011
Crouching Tiger - Hidden Payload: Security Risks of Scalable Vectors Graphics

Mario Heiderich, Tilman Frosch, Meiko Jensen, Thorsten Holz - 18th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2011

POSTER: Control-Flow Integrity for Smartphones.

Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thorsten Holz, Ralf Hund, Stefan Nürnberger, Ahmad-Reza Sadeghi, Thomas Fischer - 18th ACM Conference on Computer and Communications Security (CCS'11)

TrumanBox: Improving Dynamic Malware Analysis by Emulating the Internet

Christian Gorecki, Felix C. Freiling, Marc Kührer, Thorsten Holz - 13th International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS), Grenoble, France, October 2011

Automated Identification of Cryptographic Primitives in Binary Programs

Felix Gröbert, Carsten Willems, Thorsten Holz - 14th International Symposium on Recent Advances in Intrusion Detection (RAID), Menlo Park, CA, September 2011

IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM

Mario Heiderich, Tilman Frosch, Thorsten Holz - 14th International Symposium on Recent Advances in Intrusion Detection (RAID), Menlo Park, CA, September 2011

BotMagnifier: Locating Spambots on the Internet

Gianluca Stringhini, Thorsten Holz, Brett Stone-Gross, Christopher Kruegel, Giovanni Vigna - USENIX Security Symposium, San Francisco, CA, August 2011

Jackstraws: Picking Command and Control Connections from Bot Traffic

Gregoire Jacob, Ralf Hund, Christopher Kruegel, Thorsten Holz - USENIX Security Symposium, San Francisco, CA, August 2011

Proceedings of 8th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)

Thorsten Holz, Herbert Bos - 8th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), Amsterdam, Netherlands, July 2011

Automatic Analysis of Malware Behavior using Machine Learning

Konrad Rieck, Philipp Trinius, Carsten Willems, Thorsten Holz - Journal of Computer Security, Vol. 19, No. 4, pages 639-668, 2011

Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices

Michael Becher , Felix C. Freiling, Johannes Hoffmann, Thorsten Holz, Sebastian Uellenbeck, Christopher Wolf - IEEE Symposium on Security and Privacy ("Oakland"), Berkeley, CA, May 2011

Das Internet-Malware-Analyse-System (InMAS)

Markus Engelberth, Felix C. Freiling, Jan Goebel, Christian Gorecki, Thorsten Holz, Ralf Hund, Philipp Trinius, Carsten Willems - Datenschutz und Datensicherheit (DuD), Volume 35, Number 4, pp. 247-252

The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns

Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, Giovanni Vigna - USE­NIX Work­shop on Lar­ge-Sca­le Ex­ploits and Emer­gent Thre­ats (LEET), Boston, MA, March 2011

2010
A Malware Instruction Set for Behavior-Based Analysis

Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck - GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Ber­lin, Ger­ma­ny, Oc­to­ber 2010

Towards secure deletion on smartphones

Michael Spreitzenbarth, Thorsten Holz - GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Berlin, Germany, October 2010

Abusing Social Networks for Automated User Profiling

Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide Balzarotti, Christopher Kruegel - 13th International Symposium on Recent Advances in Intrusion Detection (RAID), Ottawa, Canada, September 2010

Is the Internet for Porn? An Insight Into the Online Adult Industry

Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda, Christopher Kruegel - Workshop on the Economics of Information Security (WEIS), Harvard University, USA, June 2010

A Practical Attack to De-Anonymize Social Network Users

Gilbert Wondracek, Thorsten Holz, Engin Kirda, Christopher Kruegel - IEEE Symposium on Security and Privacy ("Oakland"), Berkeley, CA, May 2010

Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries

Clemens Kolbitsch, Thorsten Holz, Christopher Kruegel, Engin Kirda - IEEE Symposium on Security and Privacy ("Oakland"), Berkeley, CA, May 2010

Verfolgen und Abschwächen von Malicious Remote Control Networks

Thorsten Holz - Ausgezeichnete Informatikdissertationen 2009. LNI D-10, pages 101-110, May 2010

ADSandbox: Sandboxing JavaScript to Fight Malicious Websites

Andreas Dewald, Thorsten Holz, Felix C. Freiling - ACM Symposium on Applied Computing (SAC), Sierre, Switzerland, March 2010

Botzilla: Detecting the "Phoning Home" of Malicious Software

Konrad Rieck, Guido Schwenk, Tobias Limmer, Thorsten Holz, Pavel Laskov - ACM Symposium on Applied Computing (SAC), Sierre, Switzerland, March 2010

The InMAS Approach

Markus Engelberth, Felix Freiling, Jan Goebel, Christian Gorecki, Thorsten Holz, Ralf Hund, Philipp Trinius, Carsten Willems - 1st European Workshop on Internet Early Warning and Network Intelligence (EWNI'10)

2009
A Malware Instruction Set for Behavior-Based Analysis

Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck - Technical Report TR-2009-007, University of Mannheim, December 2009

Automatic Analysis of Malware Behavior using Machine Learning

Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck - Berlin Institute of Technology, Technical Report 18-2009

Walowdac - Analysis of a Peer-to-Peer Botnet

Ben Stock, Jan Göbel, Markus Engelberth, Felix Freiling, Thorsten Holz - European Conference on Computer Network Defense (EC2ND), Milan, Italy, November 2009

Visual Analysis of Malware Behavior (Short paper)

Philipp Trinius, Thorsten Holz, Jan Göbel, Felix Freiling - Workshop on Visualization for Cyber Security (VizSec), Atlantic City, NJ, USA, October 2009

Automatically Generating Models for Botnet Detection

Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Göbel, Christopher Kruegel, Engin Kirda - Eu­ropean Sym­po­si­um on Re­se­arch in Com­pu­ter Se­cu­ri­ty (ESO­RICS), Saint Malo, France, September 2009

Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones

Thorsten Holz, Markus Engelberth, Felix Freiling - Eu­ropean Sym­po­si­um on Re­se­arch in Com­pu­ter Se­cu­ri­ty (ESO­RICS), Saint Malo, France, September 2009

Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms

Ralf Hund, Thorsten Holz, Felix Freiling - USENIX Security Symposium, Montreal, Canada, August 2009

Towards Proactive Spam Filtering (Extended Abstract)

Jan Göbel, Thorsten Holz, Philipp Trinius - Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Milan, Italy, July 2009

Frühe Warnung durch Beobachten und Verfolgen von bösartiger Software im Deutschen Internet: Das Internet-Malware-Analyse System (InMAS)

Markus Engelberth, Felix Freiling, Jan Goebel, Christian Gorecki, Thorsten Holz, Philipp Trinius, Carsten Willems - 11. Deutscher IT-Sicherheitskongress des Bundesamtes für Sicherheit in der Informationstechnik (BSI), Bonn, May 2009

Tracking and Mitigation of Malicious Remote Control Networks

Thorsten Holz - Universität Mannheim, pages 1-138, URN urn:nbn:de:bsz:180-madoc-23306, April 2009

MalOffice - Detecting malicious documents with combined static and dynamic analysis

Markus Engelberth, Carsten Willems, Thorsten Holz - Virus Bulletin Conference, Geneva, Switzerland, September 2009

2008
Towards Next-Generation Botnets

Ralf Hund, Matthias Hamann, Thorsten Holz - European Conference on Computer Network Defense (EC2ND), Dublin, Ireland, December 2008

As the Net Churns: Fast-Flux Botnet Observations

Jose Nazario, Thorsten Holz - International Conference on Malicious and Unwanted Software, October 2008

Reconstructing Peoples Lives: A Case Study in Teaching Forensic Computing

Felix Freiling, Thorsten Holz, Martin Mink - In­ter­na­tio­nal Con­fe­rence on IT Se­cu­ri­ty In­ci­dent Ma­nage­ment & IT Fo­ren­sics (IMF), Mannheim, Ger­ma­ny, September 2008

Learning and Classification of Malware Behavior

Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov - Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Paris, France, July 2008

Studying Malicious Websites and the Underground Economy on the Chinese Web

Jianwei Zhuge, Thorsten Holz, Chengyu Song, Jinpeng Guo, Xinhui Han, Wei Zou - Work­shop on the Eco­no­mics of In­for­ma­ti­on Se­cu­ri­ty (WEIS), Hanover, NH, USA, June 2008

Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm

Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix C. Freiling - USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Francisco, CA, April 2008

Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients

Ali Ikinci, Thorsten Holz, Felix Freiling - GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Saarbrücken, April 2008 - **Best Paper Award**

Rishi: Identifizierung von Bots durch Auswerten der IRC Nicknamen

Jan Göbel, Thorsten Holz - DFN-CERT Work­shop "Si­cher­heit in ver­netz­ten Sys­te­men", Ham­burg, February 2008

Measuring and Detecting Fast-Flux Service Networks

Thorsten Holz, Christian Gorecki, Konrad Rieck, Felix Freiling - Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2008

2007
Collecting Autonomous Spreading Malware Using High-Interaction Honeypots

Jianwei Zhuge, Thorsten Holz, Xinhui Han, Chengyu Song, Wei Zou - International Conference on Information and Communications Security (ICICS), LNCS 4861, Zhengzhou, China, December 2007

Virtual Honeypots - From Botnet Tracking to Intrusion Detection

Niels Provos, Thorsten Holz - Addison-Wesley Professional; 1. edition, 440 pages

Measurement and Analysis of Autonomous Spreading Malware in a University Environment

Thorsten Holz, Jan Goebel, Carsten Willems - Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Lucerne, Switzerland, July 2007

Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation

Jan Göbel, Thorsten Holz - USENIX Workshop on Hot Topics in Understanding Botnets (HotBots), Cambridge, MA, April 2007

Toward Automated Dynamic Malware Analysis Using CWSandbox

Carsten Willems, Thorsten Holz, Felix C. Freiling - IEEE Security & Privacy, Volume 5, Number 2, Pages 32-39, March/April 2007

2006
Advanced Honeypot-based Intrusion Detection

Jan Göbel, Jens Hektor, Thorsten Holz - USE­NIX ;login:, Vo­lu­me 31, Issue 6, Pages 18-23, De­cem­ber 2006

A Comparative Study of Teaching Forensics at a University Degree Level

Philip Anderson, Maximillian Dornseif, Felix Freiling, Thorsten Holz, Alastair Irons, Christopher Laing, Martin Mink - International Conference on IT Security Incident Management & IT Forensics (IMF), Stuttgart, Germany, October 2006

The Nepenthes Platform: An Efficient Approach to Collect Malware

Paul Baecher, Markus Koetter, Thorsten Holz, Maximillian Dornseif, Felix Freiling - 9th International Symposium on Recent Advances in Intrusion Detection (RAID), Hamburg, Germany, September 2006

The Effect of Stock Spam on Financial Markets

Rainer Böhme, Thorsten Holz - Workshop on the Economics of Information Security (WEIS), University of Cambridge, June 2006

Design and Implementation of the Honey-DVD

Maximillian Dornseif, Felix Freiling, Nils Gedicke, Thorsten Holz - IEEE In­for­ma­ti­on As­suran­ce Work­shop (IAW), West Point, NY, June 2006

Safety, Liveness, and Information Flow: Dependability Revisited

Zinaida Benenson, Felix Freiling, Thorsten Holz, Dogan Kesdogan, Lucia Draque Penso - ARCS Workshop on Dependability and Fault-Tolerance, Frankfurt am Main, Germany, March 2006

Effektives Sammeln von Malware mit Honeypots

Thorsten Holz, Georg Wicherski - DFN-CERT Workshop "Sicherheit in vernetzten Systemen", Hamburg, March 2006

New Threats and Attacks on the World Wide Web

Thorsten Holz, Simon Marechal, Frédéric Raynal - IEEE Security & Privacy Volume 4, Issue 2, Pages 72-75, March 2006

Learning More About Attack Patterns With Honeypots

Thorsten Holz - GI Sicherheit - Schutz und Zuverlässigkeit, Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik, Magdeburg, February 2006

2005
Spying With Bots

Thorsten Holz - USENIX ;login:, Volume 30, Issue 6, Pages 18-23, December 2005

Security Measurements and Metrics for Networks

Thorsten Holz - Dependability Metrics (Lecture Notes in Computer Science 4909, Advanced Lectures), pages 157-165, 2005

Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks

Felix Freiling, Thorsten Holz, Georg Wicherski - European Symposium on Research in Computer Security (ESORICS), Milan, Italy, September 2005

A Pointillist Approach for Comparing Honeypots

Fabien Pouget, Thorsten Holz - Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Vienna, Austria, July 2005

Detecting Honeypots and Other Suspicious Environments

Thorsten Holz, Frederic Raynal - IEEE In­for­ma­ti­on As­suran­ce Work­shop (IAW), West Point, NY, June 2005

A Short Visit to the Bot Zoo

Thorsten Holz - IEEE Security & Privacy, Volume 3, Issue 3, Pages 76-79, May 2005

2004
Vulnerability Assessment using Honeypots

Maximillian Dornseif, Felix C. Gärtner, Thorsten Holz - PIK - Praxis der Informationsverarbeitung und Kommunikation, Volume 27, Issue 4, Pages 195-201, December 2004

NoSEBrEaK - Attacking Honeynets

Maximillian Dornseif, Thorsten Holz, Christian N. Klein - IEEE Information Assurance Workshop (IAW), West Point, NY, June 2004

Ermittlung von Verwundbarkeiten mit elektronischen Ködern

Maximillian Dornseif, Felix C. Gärtner, Thorsten Holz - Con­fe­rence on De­tec­tion of In­tru­si­ons and Mal­wa­re & Vul­nerabi­li­ty As­sess­ment (DIMVA), Dortmund, Germany, July 2004