CyberTIM 2020

3rd International Workshop on Cyber Threat Intelligence Management (CyberTIM 2020)

to be held in conjunction with ARES 2020
( )

August 25 – August 28, 2020

The increased sophistication of cyber-attacks has created a technology arms race between attackers and defenders. However, this arm race is not fought in equal terms. Defenders are falling behind due to lack of resources coupled with an overwhelming number of sophisticated attacks, e.g. advanced persistent threats, making cyber defense extremely difficult. This is also due to the lack of collaboration among the network security solutions, e.g., intrusion detection systems and honeypots, which are in possession of different organizations across the globe.

In recent years, organizations like CERTs, NRENs, as well as industry organizations are moving towards proactive detection capabilities leveraging Cyber Threat Intelligence (CTI) platforms. These platforms aim at advanced alert aggregation, correlation, and prioritization considering the asset criticality of organizations as well as the quality of shared threat intelligence. The goal of CyberTIM is to bring the industry practitioners, researchers, engineers, and academic researchers together from the domain of network security, network measurements, cyber incident monitoring, trust & risk management, cyber situational awareness, security analytics, and security visualization.

Topics of interest include, but are not limited to

Network Intrusions
Cyber threat detection
Cyber threat prediction
End-to-End threat intelligence
Threat Intelligence sharing
Collaborative Intrusion Detection
Blockchain-based TI sharing
Cyber situational awareness
Cyber threat analytics
Cyber threat sharing community
Trust management in/for Cyber Threat Intelligence
Cyber threat visualization
Cyber threat monitoring

Botnet monitoring
Cyber threat correlation techniques
Cyber threat prioritization techniques
Cyber threat sharing platforms
Alert exchange formats
Alert exchange protocols
Cyber-crime forensics
Cyber-crime risk management
Incident response
Automotive threat intelligence (backend and on-board)
Automotive threat detection
Automotive threat sharing platforms
Automotive threat response

Important Dates
Submission Deadline June 01, 2020
Author Notification June 22, 2020
Proceedings Version July 05, 2020
All-Digital Conference August 25 – August 28, 2020
Steering Committee

Brian Lee, Athlone Institute of Technology, Ireland
Fabio Martinelli, IIT, C.N.R, Italy
Max Mühlhäuser, TU Darmstadt, Germany
Kim-Kwang Raymond Choo, The University of Texas at San Antonio, USA

Publicity Chair
Jason Nurse, University of Kent, UK

Workshop Chairs

Emmanouil Vasilomanolakis, Aalborg University, Denmark
Jassim Happa, Royal Holloway, University of London, UK
Sheikh Mahbub Habib, Continental AG, Germany

TPC Members

Panayotis Kikiras, European Defense Agency (EDA), BE
Kory Fong, Royal Bank of Canada (RBC), CA
Abhijit Ambekar, Deloitte, Frankfurt, DE
Georgios Kambourakis, University of the Aegean, GR
Andrea Tundis, Technische Universität Darmstadt, DE
Salvador Llopis, Universitat Politecnica de Valencia, SP
Jens Myrup Pedersen, Aalborg University, DK
Xiaolu Zhang, University of Texas at San Antonio, USA
Shankar Karuppayah, Technische Universität Darmstadt, DE
Reza M. Parizi, Kennesaw State University, USA
Jason Nurse, University of Kent, UK
Jörg Daubert, Philipps-Universität Marburg, DE
Andrea Saracino, Consiglio Nazionale delle Ricerche, IT
David Chadwick, University of Kent, UK
Jetzabel Serna, Continental AG, DE

Submission Guidelines

The submission guidelines can be found at (6-8 pages, a maximum of 10 pages is tolerated).
Double blind review: All papers submitted to EasyChair should be anonymized (no names or affiliations of authors should be visible in the paper) with no obvious self-references.
Submission of a paper implies that should the paper be accepted, at least one of the authors will register and present the paper in the workshop.
Proceedings will be published by ACM.

Keynote speaker

Simin Nadjm-Tehrani (Linköping University)

Title :
“Machine learning for intelligent sensors”

Intrusion detection systems (IDS) can be considered as one sensor amongst many in enterprises that aim to create threat intelligence based on collected data from their systems. IDS research has a long history but at the same time very hard to evaluate scientifically. In this talk I will describe the major stumbling blocks for evaluation of IDS, including lack of relevant and large datasets, lack of possibility to perform live experiments, and lack of understanding of what the application of machine learning approaches tells us today. Using examples from recent work in the context of critical infrastructures I show that collected data from emulated or virtual test beds may have characteristics far from those observed in data collected from real systems.

Bio : Simin Nadjm-Tehrani is a professor in dependable distributed systems at Linköping University and the lab leader for the Real-time Systems Laboratory at Dept. of Computer and Information Science. Her research interests span multiple attributes of dependability, with applications in safety-critical systems, time-critical systems, and security in critical infrastructures. She is the coordinator of the national research centre on Resilient Information and Control Systems ( in Sweden since 2015, a centre supported by the Swedish Civil Contingencies Agency (MSB).