Publications

Public Deliverables

D1.5: Shadow Honeypots - 30 Oct '07
D2.4: Enhanced NoAH implementation and optimizations - 12 Oct '07
D2.3: Containment mechanisms for commodity switches - 25 Jul '07
D2.2 Prototype Implementation - 1 May '07
D2.1 Core components implementation - 1 May '07
D1.4 Architecture Integration - 31 Oct '06
D1.3 Containment Environment Design - 31 May '06
D1.2: Attack Detection and Signature Generation - 15 May '06
D1.1: Honeypot Node Architecture - 18 Apr '06
D0.2: Requirements Collection and Analysis - 18 Nov '05
D0.1: Survey on the State-of-the-Art - 24 Oct '05

Articles

E. Markatos and K. Anagnostakis; NoAH: A European Network of Affined Honeypots for Cyber-Attack Tracking and Alerting; The Parliament Magazine, Issue 262, 3 Mar 2008.
E. Markatos, K. Anagnostakis, S. Antonatos and M. Polychronakis; Real-time Monitoring and Detection of Cyberattacks; ENISA Quarterly, Vol. 3, No. 1, Jan-Mar 2007.
E. Markatos, S. Antonatos and K. Anagnostakis; Honeypot Computer, "Discovering Hackers, with a honeypot as bait"; "Pro[ek]taseis", Special Issue of Naftemporiki Newspaper, December 2006. (Greek) [English translation]
S. Antonatos, K. Anagnostakis and E. Markatos; A European platform for the detection and containment of cyber-attacks - The Economist (Greek Edition), February 2006. (Greek)
K. G. Anagnostakis & E. Markatos; Towards a European Malware Containment Infrastructure; ERCIM News No.63, October 2005.

Papers

A. Slowinska and H. Bos; The Age of Data: pinpointing guilty bytes in polymorphic buffer overflows on heap or stack; Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC'07), Miami, USA, December 2007.
S. Antonatos, K. G. Anagnostakis and E P. Markatos Honey@home: A New Approach to Large-Scale Threat Monitor; Proceedings of the 5th ACM Workshop on Recurring Malcode (WORM 2007), Alexandria, USA, November 2007. [PDF]
M. Valkering, A. Slowinska and H. Bos; Tales from the Crypt: fingerprinting attacks on encrypted channels by way of retainting; 3rd European Conference on Computer Network Defense (EC2ND 2007), Heraklion, Greece, October 2007.
M. Polychronakis, K. G. Anagnostakis, and E. P. Markatos; Emulation-based Detection of Non-self-contained Polymorphic Shellcode; Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection (RAID); Gold Coast, Australia, November 2007. [PDF]
E. Athanasopoulos and S. Antonatos; Enhanced CAPTCHAs: Using Animation to Tell Humans and Computers Apart, Proceedings of CMS'06, Heraklion, Greece, October 2006. [PDF]
W. de Bruijn, A. Slowinska, K. van Reeuwijk, T. Hruby, L. Xu, and H. Bos; SafeCard: a Gigabit IPS on the network card; Proceedings of RAID'06, Hamburg, Germany, September 2006. [PDF]
M. Polychronakis, K. G. Anagnostakis, and E. P. Markatos; Network-level Polymorphic Shellcode Detection using Emulation; Proceedings of the GI/IEEE SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Berlin, Germany, July 2006. [PDF]
J. Kohlrausch, J. Schönfelder The Impact of Honeynets for CSIRTs; 18^th Annual FIRST Conference, Baltimore, USA, June 2006 [PDF]
G. Portokalidis, A. Slowinska & H. Bos; Argos: an Emulator for Fingerprinting Zero-Day Attacks; Proceedings of ACM SIGOPS Eurosys 2006, April 2006. [PDF]
B. Tellenbach; EU-Projekt NoAH zur Früherkennung und Bekämpfung von neuen Cyberattacken; Security Zone Newsletter, March 2006. [PDF] (German)
K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos & A. D. Keromytis; Detecting Targeted Attacks Using Shadow Honeypots; Proceedings of the 14th USENIX Security Symposium, Baltimore, USA, August 2005. [PDF]

Presentations

Emerging Ways to Protect your Network: From Vulnerability Scanning to Real-time Monitoring and Detection of Cyberattacks - Konstantinos Xinidis, 3rd Regional Electronic Security Forum, Thessaloniki, 11-12 Oct '07.
Automated Signature Generation: Overview and the NoAH Approach - Bernhard Tellenbach^nd TF-CSIRT meeting, Porto, 21 Sep '07.
Fingerprinting Intruders - Herbert Bos, TNO Security Knowledge Network Meeting, Groningen, 31 May '07.
Network of Affined Honeypots - More Than an Infrastructure - Spiros Antonatos, TNC 2007, Copenhagen, 23 May '07.
The NoAH Project - poster presentation - S. Antonatos, D. Brauckhof, B. Tellenbach, A. Slowinska, TNC 2007, Copenhagen, 20-24 May '07.
Prospector: Analysis of Heap and Stack Overflows using Emulated Hardware - Asia Slowinska, NLUUG 2007 Conference, Ede, 10 May '07.
NoAH: A European Infrastructure for Cyberattack Detection - Catalin Meirosu, IUCC-TERENA Workshop, Tel Aviv, 16 Mar '07.
Honey@home - Spiros Antonatos, 20th TF-CSIRT Meeting, Budapest, 30 Jan '07.
NoAH: A European Infrastructure for Cyberattack Detection - Catalin Meirosu, 23rd APAN Meeting, Manila, 25 Jan '07.
The NoAH approach to zero-day worm detection - Asia Slowinska, 19th TF-CSIRT Meeting, Espoo, 22 Sep '06.
NoAH Honeynet Project - Klaus Moeller, 17th TF-CSIRT Meeting, Amsterdam, 24 Jan '06.
CyberSecurity Research in Crete - Evangelos Markatos, Safeline Focus Group on "Safety in the Mobile Internet", Athens, Greece, 10 May '06
Detecting Targeted Attacks Using Shadow Honeypots - Kostas Anagnostakis, 14th USENIX Security Symposium, Baltimore, 4 Aug '05.
Writing a successful proposal: the NoAH approach - Evangelos Markatos, Information Day on Research Infrastructures, Athens, 21 Dec '04.

Publications

Public Deliverables

Articles

Papers

Presentations

Leaflet and Poster