Delft Threat Intelligence Lab

Understanding Cyber Threats
by Studying the Real World

Our research investigates how cyber attacks evolve in the wild. We focus on empirical research in threat intelligence, malware behavior, and digital forensics, using data from real incidents to drive actionable insights.

Research papers

2024

Have you SYN me Characterizing Ten Years of Internet Scanning
Have you SYN me? Characterizing Ten Years of Internet Scanning
Harm Griffioen, Georgios Koursiounis, Georgios Smaragdakis, Christian Doerr
Proceedings of the 2024 ACM on Internet Measurement Conference  ·  04 Nov 2024  ·  doi:10.1145/3646547.3688409

2023

How to Operate a Meta-Telescope in your Spare Time
How to Operate a Meta-Telescope in your Spare Time
Daniel Wagner, Sahil Ashish Ranadive, Harm Griffioen, Michalis Kallitsis, Alberto Dainotti, Georgios Smaragdakis, Anja Feldmann
Proceedings of the 2023 ACM on Internet Measurement Conference  ·  24 Oct 2023  ·  doi:10.1145/3618257.3624831
Could you clean up the Internet with a Pit of Tar Investigating tarpit feasibility on Internet worms
Could you clean up the Internet with a Pit of Tar? Investigating tarpit feasibility on Internet worms
Harm Griffioen, Christian Doerr
2023 IEEE Symposium on Security and Privacy (SP)  ·  01 May 2023  ·  doi:10.1109/SP46215.2023.10179467

2022

Cyber Threat Intelligence: Analysis of adversaries and their methods
Cyber Threat Intelligence: Analysis of adversaries and their methods
H.J. Griffioen
Delft University of Technology  ·  01 Jan 2022  ·  doi:10.4233/uuid:37f7367f-bc5e-4cde-a7fd-47d12621f853

2021

Scan, Test, Execute: Adversarial Tactics in Amplification DDoS Attacks
Scan, Test, Execute: Adversarial Tactics in Amplification DDoS Attacks
Harm Griffioen, Kris Oosthoek, Paul van der Knaap, Christian Doerr
Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security  ·  12 Nov 2021  ·  doi:10.1145/3460120.3484747
SIP Bruteforcing in the Wild - An Assessment of Adversaries, Techniques and Tools
SIP Bruteforcing in the Wild - An Assessment of Adversaries, Techniques and Tools
Harm Griffioen, Huancheng Hu, Christian Doerr
2021 IFIP Networking Conference (IFIP Networking)  ·  21 Jun 2021  ·  doi:10.23919/IFIPNetworking52078.2021.9472857
Analysis and Takeover of the Bitcoin-Coordinated Pony Malware
Analysis and Takeover of the Bitcoin-Coordinated Pony Malware
Tsuyoshi Taniguchi, Harm Griffioen, Christian Doerr
Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security  ·  24 May 2021  ·  doi:10.1145/3433210.3437520

2020

Examining Mirai s Battle over the Internet of Things
Examining Mirai's Battle over the Internet of Things
Harm Griffioen, Christian Doerr
Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security  ·  30 Oct 2020  ·  doi:10.1145/3372297.3417277
Quantifying autonomous system IP churn using attack traffic of botnets
Quantifying autonomous system IP churn using attack traffic of botnets
Harm Griffioen, Christian Doerr
Proceedings of the 15th International Conference on Availability, Reliability and Security  ·  25 Aug 2020  ·  doi:10.1145/3407023.3407051
Quality Evaluation of Cyber Threat Intelligence Feeds
Quality Evaluation of Cyber Threat Intelligence Feeds
Harm Griffioen, Tim Booij, Christian Doerr
Lecture Notes in Computer Science  ·  01 Jan 2020  ·  doi:10.1007/978-3-030-57878-7_14