IMPORTANT NOTICE: The NOMS 2020 Organizing Committee, with full support of the IEEE Communications Society, has decided that the conference will run as a virtual conference and physical participation of the conference has been cancelled. Information of the virtual platform will be confirmed in the coming days [].

The following program is based on Hungarian time zone (UTC+2). For each speaker or attendees, Check your time zone.


12:00-12:15 CEST

Welcome & Introduction

12:15-13:15 CEST
KEYNOTE: Dr. Martin Husák

Bio: Martin Husák is a researcher at the Institute of Computer Science at Masaryk University, a member of the university’s security team (CSIRT-MU), and a contributor to The Honeynet Project. His thesis addressed the problem of early detection and prediction of network attacks using information sharing. His research interests are related to cyber situational awareness and threat intelligence with a special focus on the effective sharing of data from honeypots and network monitoring.

  • Title: Graph-based models in prediction and projection of cyber attacks
  • Abstract: Predictive analysis allows next-generation cyber defense that is more proactive than current approaches based solely on intrusion detection. In this talk, we will discuss various approaches to predicting and projecting cyber attacks. Graph-based models are dominating the field since the foundation of this research area. Attack graphs were used to traverse through the attacker’s actions and project the continuation of an ongoing attack. Later, attack graphs were combined with Bayesian networks and Markov models to reflect the probabilistic nature of predictions and overcome uncertainties in observation of attack steps. However, there are still open issues, such as how to create such models and evaluate the predictions. The talk will shed light on using graphs in this research area and summarize resolved and open issues.

Technical program

13:15-13:40 CEST

Characterising Network-Connected Devices Using Affiliation Graphs.

  • Kyle Millar, Adriel Cheng, Hong Gunn Chew, and Cheng-Chew Lim.
  • School of Electrical and Electronic Engineering, The University of Adelaide, Cyber and Electronic Warfare Division, Defence Science & Technology Group, Australia
13:40-14:05 CEST

Graph-based evaluation of probability of disclosing the network structure by targeted attacks.

  • Andrei Privalov, Ekaterina Skudneva, Igor Kotenko, and Igor Saenko.
  • Emperor Alexander I St. Petersburg State Transport University (PGUPS). St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, Russia
14:05-14:20 CEST

On the Detection of Persistent Attacks using Alert Graphs and Event Feature Embeddings.

  • Benjamin Burr and Shelly Wang, Geoff Salmon and Hazem Soliman.
  • Dept. of Mathematics and Statistics Carleton University Ottawa, RANK Software Toronto, Canada
14:20-14:30 CEST
Closing Remarks


About GraSec

Most of the existing security monitoring solutions cannot cope with unknown and complex attacks due to the continual apparition of new threats, botnet propagation and command-and-control mechanisms. Recently, botnet detection systems  which leverage communication graph analysis using machine learning have gained attention to overcome these limitations. Graph-based modeling and mining approaches have been proposed and provide interesting results.

Graph-based modeling offers the advantage of understanding complex attacks and determining the root cause of an attack. However, existing graph mining tools for anomaly detection over streaming events are not adapted for cyber-security problems while the corresponding data continuously appears in the form of complex graphs.

The workshop serves to bring together people from industry and academia including researchers, developers, and practitioners from a variety of fields working on graphs and their applications to network, cybersecurity, and  blockchain. Moreover, the workshop allows attendees to share and discuss their latest findings from both theoretical and practical perspectives in several techniques and methods for graph modeling, mining, learning, and visualizing. The main goal of GraSec is to present research and experience results in graph applications on network and cybersecurity as well as the defensive and offensive tools.


Click here to download the Call for Papers in a PDF.


  • Graph modeling/mining/learning-based intrusion/botnet/threats detection
  • Graph learning-driven access controls, security policies, etc.
  • Attack graphs modeling, analysis, etc.
  • Sampling and summarizing techniques of graphs for network and cybersecurity.
  • Big graph analytics, parallel algorithms for dynamic/big graph analysis on HPC (CPU-GPU) systems.
  • Autoencoders, representation learning for graphs
  • Graph embedding techniques and applications on network data.
  • Visualization of dynamic and large-scale graphs
  • Detection of threats with evolving behaviors using graphs
  • Novel applications of static/dynamic and large graph problems in network, cybersecurity, blockchain, cryptocurrency, robot, etc.


Paper submissions must present original, unpublished research, development or experiences. Only original papers that have not been published or submitted for publication elsewhere can be submitted. Each submission must be written in English, accompanied by a 50 to 200 words abstract that clearly outlines the scope and contributions of the paper. Self-plagiarized papers will be rejected without further review.

Authors should submit their papers via JEMS:


There is a length limitation of 6 pages (including title, abstract, all figures, tables, and references) for regular papers, and 4 pages for short papers describing work in progress. Submissions must be in IEEE 2-column style.


Accepted regular papers, they will have a 25 minutes time slot for oral presentation (including Q&A) at assigned time slot. Accepted short papers, they will have a 20 minutes time slot for oral presentation (including Q&A).


Paper Submission Deadline: January 5th, 2020   January 19th, 2020
Notification of Acceptance: January 26th, 2020   February 18th, 2020
Camera-ready submissions: February 16th, 2020  March 1st, 2020

Workshop Date: April 24, 2020


Papers accepted for GraSec 2020 will be included in the conference proceedings, IEEE Xplore, IFIP database and EI Index. IFIP and IEEE reserve the right to remove any paper from the IFIP database and IEEE Xplore if the paper is not presented at the workshop.



The IEEE/IFIP International Workshop on Graph-based network security (GraSec 2020) will be held on 20 April 2020 in conjunction with the IEEE/IFIP Network Operations and Management Symposium (NOMS 2020) in Budapest, Hungary.

  • Registration: For more details, please visit the registration webpage of IEEE/IFIP NOMS 2020.
  • Venue: For more details, please visit the venue webpage of IEEE/IFIP NOMS 2020.



  • Sofiane Lagraa (SnT, University of Luxembourg)
  • Radu State (SnT, University of Luxembourg)
  • Hamida Seba (LIRIS, University of Lyon, France)
  • Christian Hammerschmidt (Delft University of Technology, Netherlands)

Contact us:

Technical Program Committee (TPC):

  • Martin Husák, Masaryk University, Czech.
  • Abdelkader Lahmadi, University of Lorraine, France.
  • Igor V. Kotenko, St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, Russia
  • Satyanarayana Vuppala, UTRC-Ireland
  • Mohammed Haddad,  University of Lyon, France.
  • Elias Bou-Harb, Cyber Security Research, Development and Operations | CISSP, Texas, USA
  • Steven Noel, George Mason University, USA
  • Alina Oprea, Northeastern University, USA
  • Pierre Parrend, University of Strasbourg, France
  • Martin Kappes, Frankfurt University of Applied Sciences Frankfurt, Germany