AHANS - Second Annual SASO Workshop on:
Adaptive Host and Network Security

9 September, 2013
@ SASO 2013, Drexel University, Philadelphia, USA, 9-13 September, 2013


Over the past decade the threat of cyber attacks on critical commercial and government infrastructure has been growing at an alarming rate to a point where it is now considered to be a major threat in the world.  Current approaches to cyber security involve building fast-growing multi-million line systems that attempt to detect and remove attacking software.  Meanwhile, cyber exploits continue to multiply in number, but their size continues to be a couple of hundred lines of code.  This disparity of effort means that the current defensive approaches to cyber security can at best fight a holding action.  The workshop is intended to explore game-changing approaches to cyber security that focus on adaptation.  There is a clear need to develop systems at both the host level and the network level to actively adapt to cyber attacks and to provide greater protection for networked computation at all levels.


The format for this full day workshop is to have a number of short paper presentations, thematically organized discussion, and invited speakers.   This will be the second year for this workshop at SASO, and the quality of papers and discussion that animated the first workshop, gives every reason to expect an intellectually challenging and exciting workshop this year as well.

This year we will have two invited speakers: Professor Jonathan M. Smith, of the University of Pennsylvania, and Mark Lee Badger of NIST.  Professor Smith has supplied the following abstract of his talk:

Adaptive Distributed Attack Pushback Techniques (ADAPT)

Jonathan M. Smith, University of Pennsylvania

For Distributed Denial of Service (DDoS) attacks initiated by botnets, the challenges for the defender include distributed control of the botnet, evolution of its command and control, and its scale. The botnet relies on the network for both signalling, and in the case of DDoS, effects. In the ONR-supported Networks Opposing BOTnets (NOBOT) effort with Cornell and Princeton, we concentrate on these effects, first by DoS detection with collaborating sets of programmable routers, and second, by triggering Ioannidis-BellovinDDoS Pushback” upon detection. Preliminary results using the Frenetic programming language on software defined network nodes are promising, and the talk will report on the current state of the collaborative detection system.

The significance of this workshop is to bring together researchers from different areas such as networking, programming languages, computer hardware, and operating systems to gain broad insights into specific research issues related to adaptive host and network security, and to foster discussions about ongoing research, establish directions for future research and collaborations, and identify best practices for adaptive security.

Specific topics of interest include:


Tentative Agenda

The tentative agenda for our workshop Monday is as follows:

Jonathan Smith (Keynote 1)            9:00 - 9:45
Jordan Thayer (submission 2)             9:45 - 10:30
Break                                                   10:30 - 10:45
Stu Wagner (submission 1)                 10:45 - 11:30
Yu Xiang (submission 3)                    11:30 - 12:15
Lunch                                                  12:15 - 1:15
Lee Badger (Keynote 2)                    1:15 - 2:00
Brett Benyo (submission 4)                2:00 - 2:45
Break                                                   2:45 - 3:00
David Musliner (submission 5)           3:00 - 3:45
Wrap-up                                              3:45 - 4:15

Organizing committee chairs.

Stuart Wagner                                               Robert Laddaga (primary email contact)

Applied Communication Sciences                  DOLL, Inc.

swagner@appcomsci.com                               rladdaga@dollabs.com


Robert N. M. Watson 

University of Cambridge, UK
Computer Laboratory


The length of a workshop paper may not exceed 6 pages including references and follow the IEEE Computer Society Press proceedings style guide. Shorter papers, including position papers, are also welcome. A Latex package and Word template can be downloaded here:

All papers should be submitted in PDF format using the EasyChair login page for Adaptive Host and Network Security 2013:

By submitting a paper, the authors confirm that in case of acceptance, at least one author will attend the workshop to present the work. More information for authors can be found on the SASO webpage:

Should you have any questions please contact Robert Laddaga (rladdaga@dollabs.com).