Workshop on Machine Learning for Cyber-Crime Investigation and Cybersecurity (MaL2CSec)

June 20, 2019 in Stockholm, Sweden

Machine Learning for Cyber-Crime Investigation and Cybersecurity (affiliated with Euro S&P)

The Internet has become in the key piece of any business activity. The crime activity is not an exception. Some crimes previous to Internet, such as thefts and scams, have found in Internet the perfect tool for developing their activity. The Internet allows criminals hiding their real identity and the possibility to purchase specific tools for thieving sensitive data with a very low investment. Over the last years, Internet Crime (e-Crime) has changed its business model, becoming more professional. The more skilled criminals offer their services to other criminals with less IT skills. An example of this is the Malware sophistication, that is increasing more intelligent, versatile, available, and is affecting a broader range of targets and devices. Malware serves a multitude of malign purposes: From logging keystrokes for steal sensitive user data, to sophisticated and professional malware which can intercept and alter data or hijack the victim’s user session.
In consequence, Cybersecurity acquires major relevance for every organization. The right controls and procedures must be put in place to detect potential attacks and protect against them. However, the number of cyber-attacks will be always bigger than the number of people trying to protect against attacks. New threats are being discovered on a daily basis making it harder for current solutions to cope with the large amount of data to analyse. Machine learning systems can be trained to find attacks, which are similar to known attacks. This way we can extract hidden value (e.g. anomaly detection, pattern identification, predictions…) from the security-related data and to detect even the first intrusions of their kind and develop better security measures.
The sophistication of threats has also increased substantially. Sophisticated zero-day attacks may go undetected for months at a time. Attack patterns may be engineered to take place over extended periods of time, making them very difficult for traditional intrusion detection technologies to detect. Worse, new attack tools and strategies can now be developed using adversarial machine learning techniques, requiring rapid co-evolution of defenses that match the speed and sophistication of machine learning-based offensive techniques.
This workshop aims at providing a forum for people from academia and industry to communicate their latest results on theoretical advances, industrial case studies, that combines machine learning techniques such as reinforcement learning, adversarial machine learning, and deep learning to help detect, predict and solve e-crimes much faster rate. Research papers can be focused, also, on offensive and defensive applications of machine learning to security.


Thurday, June 20, 2019
08:45 - 09:00Registration
09:00 – 09:15Welcome and opening remarks
09:15 – 10:00Keynote I
RAMSES: Internet Forensic Platform for Tracking the Money Flow of Financially-Motivated Malware
10:00 – 10:30Coffee Break
10:30 - 12:30Research papers
  • Feature Selection Strategies for HTTP Botnet Traffic Detection
  • Recessive Social Networking: Preventing Privacy Leakage against Reverse Image Search
  • Generation of Static YARA-Signatures Using Genetic Algorithm
  • AutoAttacker: A reinforcement learning approach for black-box adversarial attacks
  • An Semi-supervised Learning Methodology for Malware Categorization using Weighted Word Embeddings
  • Malware Detection Using 1-Dimensional Convolutional Neural Networks
12:30 - 14:00Lunch Break
14:00 - 14:45Invited Paper
Towards Fully Integrated Real-time Detection Framework for Online Contents Analysis - RED-Alert Approach
14:45 - 15:30Research papers
  • RC-PUF: A Machine Learning Attack Resistant Lightweight PUF Construction
  • Adversarial out-domain examples for generative models
15:30 - 16:00Coffee Break
16:00 - 16:40Research papers
  • Exploiting the Auto-Encoder Residual Error for Intrusion Detection
  • Using a Deep-Learning Approach for Smart IoT Network Packet Analysis

Venue and registration

The workshop is colocated with the 4th IEEE European Symposium on Security and Privacy (EuroS&P 2019). Please refer to the conference website for further information and registration.


Program Committee


Programme Committee

Call for Papers

This workshop aims at providing a forum for people from academia and industry to communicate their latest results on theoretical advances, industrial case studies, that combines machine learning techniques such as reinforcement learning, adversarial machine learning, and deep learning with significant problems in cybersecurity. Research papers can be focused on offensive and defensive applications of machine learning to security. Potential topics include, but are not limited to:

This topic list is not meant to be exhaustive. Papers that are considered out of scope may be rejected without full review. We encourage submissions that are "far-reaching" and "risky."

Instructions for Paper Submissions

All submissions must be original work. Plagiarism (whether of others or self) will be grounds for rejection. The submitter must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Failure to point out and explain overlap will be grounds for rejection. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed and will be grounds for automatic rejection. Submitting multiple distinct papers is of course allowed. EuroS&P 2019 includes an author response period, which gives authors the chance to comment on reviews their papers received. Papers may not be withdrawn between the start of the author response period and acceptance notification. Contact the program committee chairs if there are questions about this policy.

Anonymous Submission

Papers must be submitted in a form suitable for anonymous review: no author names or affiliations may appear on the title page, and papers should avoid revealing their identity in the text. When referring to your previous work, do so in the third person, as though it were written by someone else. Only blind the reference itself in the (unusual) case that a third-person reference is infeasible. Contact the program chairs if you have any questions. Papers that are not properly anonymized may be rejected without review.

Page Limit and Formatting

Papers must not exceed 10 pages total (including the references and appendices). Papers must be typeset in LaTeX in A4 format (not "US Letter") using the IEEE conference proceeding template with the appropriate options [LaTeX template, Template instructions, IEEE Template Repository]. Failure to adhere to the page limit and formatting requirements can be grounds for rejection.


Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Your document should render correctly in Adobe Reader XI and when printed in black and white.

Conference Submission Server

Papers must be submitted using Easychair platform and submissions may be updated at any time until the deadline for submissions.

Publication and Presentation

Authors are responsible for obtaining appropriate publication clearances. One of the authors of the accepted paper is expected to present the paper at the conference. Submissions received after the submission deadline or failing to conform to the submission guidelines risk rejection without review. For more information, contact the program chairs.


If your research contains studies with human subjects please include a paragraph on ethical approval of your experiments (e.g. IRB approval). Authors are also encouraged to review:Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them.


The proceedings will be presented at the workshop and included in the Euro S&P 2019 proceedings. After the conference, extended versions of selected contributions will be considered for publication in a Special Issue of the following journals:

Those papers will undergo at least another review round.