CUING 2017

The First International Workshop on Criminal Use of Information Hiding

to be held in conjunction with the 12th International Conference on Availability, Reliability and Security
(ARES 2017 –

August 29 – September 1, 2017, Reggio Calabria, Italy

With the constant rise of the number of Internet users, available bandwidth and an increasing number of services shifting into the connected world, criminals are increasingly active in the virtual world. With improving defensive methods cybercriminals have to utilize more and more sophisticated ways to perform their malicious activities. While protecting the privacy of users, many technologies used in current malware and network attacks have been abused in order to allow criminals to carry out their activities undetected.

The aim of the First International Workshop on Criminal Use of Information Hiding (CUIng) is to bring together researchers, practitioners, law enforcement representatives, and security professionals in the area of analysis of information hiding (e.g. steganography, covert channels), obfuscation techniques and underground networks (darknets) in order to present novel research regarding the use of data and communication hiding methods in criminal environments and discuss ideas for fighting misuse of privacy enhancing technologies.


Novel countermeasures against information hiding techniques: detection, prevention, limitation
Evasion, obfuscation and anti-forensics techniques used by cybercriminals
Hiding covert communication within network attacks e.g. DDoS, SPAM, etc.
Abusing legitimate social media services for masking criminal activities
Abusing legitimate cloud-based services for masking criminal activities
Methods for botnet detection and mitigation from CUIng perspective
Large scale coordinated actions by LEAs from CUIng perspective
Studies regarding the use of information hiding in cybercrime
Traffic type obfuscation techniques e.g. traffic morphing
Impersonation of one cybercriminals groups by the other
Aspects and methods for sharing strategic intelligence
Masking network attacks with another types of threats
Future scenarios in cybercrime from CUIng perspective

Underground marketplaces and their business models
Legal and technical aspects of Darknet research
Local, air-gapped, and network covert channels
Analysis of cybercrime cases related to CUIng
New steganographic & steganalysis methods
Cybercrime and CPS from CUIng perspective
Botnet analysis from CUIng perspective
Banking Trojans from CUIng perspective
Analysis of underground environments
IoT-botnets from CUIng perspective
Information hiding techniques
Privacy enhancing techniques

Submission Deadline  May 24, 2017
Author Notification  June 6, 2017
Proceedings Version  June 20, 2017
Conference  August 29 – September 1, 2017

Philipp Amann (Chair)
Europol, European Cybercrime Centre, The Netherlands

Jart Armin (Chair)
CyberDefcon, The Netherlands 

Wojciech Mazurczyk (Chair)
Warsaw University of Technology, Poland

Angelo Consoli (Chair)
Scuola universitaria professionale della Svizzera italiana (SUPSI), Switzerland

Peter Kieseberg (Chair)
SBA Research, Austria

Joerg Keller (Chair)
FernUniversitaet in Hagen, Germany


Francesca Bosco, UNICRI, Italy
Brent Carrara, University of Ottawa, Canada
Luca Caviglione, CNR, Italy
Marc Chaumont, LIRMM Montpellier – University of Nimes, France
Marco Cremonini, University of Milan, Italy
Jana Dittmann, Otto-von-Guericke University Magdeburg, Germany
Mattia Epifani, CNR, Italy
Zeno Geradts, Netherlands Forensic Institute, Netherland
Dipak Ghosal, University of California, Davis, USA
Julio Hernandez-Castro, University of Kent, UK
David-Olivier Jaquet-Chiffelle, University of Lausanne, Switzerland
Stefan Katzenbeisser, Technische Universitat Darmstadt, Germany
Piotr Kijewski, Shadowserver, Poland
Pawel Korus, AGH University of Science and Technology, Poland
Christian Kraetzer, Otto-von-Guericke University Magdeburg, Germany
Jean-Francois Lalande, INSA Centre Val de Loire, France
Shujun Li, University of Surrey, UK
Foy Shiver, APWG, USA
Edgar Weippl, SBA Research, Austria
Steffen Wendzel, Worms University of Applied Sciences, Germany
Alan Woodward, University of Surrey, UK
Sebastian Zander, Murdoch University, Australia
Hui Tian, National Huaqiao University, China
and several LEA representatives (however they sometimes do not want to be listed openly)


The submission guidelines valid for the CUING workshop are the same as for the ARES conference. They can be found >>here<<.


In case of questions, please feel free to contact us via

Invited speakers

Dr Shujun Li

University of Surrey, UK

A new paradigm of information hiding? Hiding in activities of the cyber-physical-social world

: In this talk, the speaker will discuss how information hiding has evolved from traditional approaches based on digital objects to network based approaches and more recently to even more general approaches based on diverse activities in the cyber-physical-social world including observable behaviors of human users and activities of automated programs (e.g., bots) and devices (e.g., smart sensors). He will introduce some recent work he and his collaborators have been working on, which started several years ago from a small feasibility research project called “Mobile Magic Mirror (M3): Steganography and Cryptography on the move”
and has led to a pending EU patent recently filed in June 2017 (originally filed as a UK patent application in November 2014, published by WIPO in May 2015 under Publication No. WO/2016/075459). He will explain how the new information technology is linked with other previous and ongoing work of the information hiding and steganography community.
He will also express his view on how the new approaches to information hiding will create (or have created) new challenges for law enforcement agencies to investigate criminal activities in the cyber space and what we can do to meet such challenges.

Dr Shujun Li
will join the University of Kent later in 2017 as a Professor of Cyber Security and Director of its Interdisciplinary Research Centre in Cyber Security. He is currently a Reader (Associate Professor) at the Department of Computer Science, University of Surrey, and has been a Deputy Director of the Surrey Centre for Cyber Security (SCCS) since July 2014. SCCS has been a UK government recognized Academic Centres of Excellence in Cyber Security Research (ACE-CSR) since 2015 and its status has been recently re-recognized until 2022. Dr Li’s research interests are mostly around interdisciplinary topics covering cyber security, digital forensics and cybercrime, human factors and human-centric computing, multimedia computing and information visualization, and applications of artificial intelligence and discrete optimization. Due to the interdisciplinary nature of his research, Dr Li is actively working with researchers from other disciplines especially Electronic Engineering, Psychology, Business and Sociology. He has been leading a number interdisciplinary research projects including one on better approaches to understanding and influencing human behaviors for reducing human-related risks (ACCEPT), one on applications of cognitive modelling in cyber security (COMMANDO-HUMANS), and one on human-assisted machine learning for data loss prevention (H-DLP). Several projects he has been involved are about crime investigation and prevention (e.g. POLARBEAR), digital forensics (e.g. one on digital forensics standards), and information hiding (e.g. M3 and another research project on digital watermarking). He has been working very closely with industry and public bodies especially law enforcement agencies (LEAs) including a number of UK LEAs and Europol. Dr Li has published around 100 publications at international conferences and journals, and his work has attracted over 5500 citations with an h-index of 38 (Google Scholar). He is the co-editor of the Handbook of Digital Forensics of Multimedia Data and Devices, co-published by Wiley and IEEE Press in 2015. He is currently on the editorial boards of 5 international journals and has been on the organizing and technical program committees of many international conferences and workshops. He has one pending EU patent application on a new information hiding technology and another UK patent application on a new user authentication framework. Although not a mathematician or a theoretical computer scientist, his interdisciplinary work with at least two groups of researchers gives him a current Erdös Number of 3. Dr Li is a Senior Member of IEEE, a Professional Member of ACM, and a Global Member of the Internet Society. From 2009-2011 he was a member of MPEG (ISO/IEC JCT 1/SC 29/WG 11), and in 2012 was awarded an ISO/IEC Certificate of Appreciation for being the lead editor of ISO/IEC 23001-4:2011, the 2nd edition of the MPEG RVC standard. More about Dr Li’s research can be found at

Wojciech Mazurczyk

Warsaw University of Technology, Poland

Criminal Use of Information Hiding (CUIng) initiative: past, present and future

: In this keynote the main facts and activities related to the newly formed Criminal Use of Information Hiding (CUIng) initiative launched in cooperation with Europol EC3 will be presented. Moreover, the rising trend of information hiding-based malware will be characterized and the challenges for digital forensics experts related to this new phenomenon will be discussed.

Wojciech Mazurczyk
is an Associate Professor at Cybersecurity Division, Institute of Telecommunications (IT), Faculty of Electronics and Information Technology, Warsaw University of Technology (WUT), Poland. Co-founder of Cybersecurity Division and the head of the Bio-inspired
Security Research Group (BSRG) at WUT. Mazurczyk also works as a researcher at the Parallelism and VLSI Group at Faculty of Mathematics and Computer Science at FernUniversitaet in Germany.
He is an author or co-author of 2 books, over 120 papers, 2 patent applications and over 35 invited talks. He has been involved in many international (H2020, FP7, FP6, etc.) as well as domestic research
projects as a principal investigator or as a senior researcher. A guest editor of many special issues devoted to network security. He serves also as Editor-in-Chief for the open access Journal of Cyber Security and Mobility.
From 2016 he is a member of the Academic Advisory Network for Europol EC3 (European Cybercrime Center). A founder and a coordinator of the Criminal Use of Information Hiding (CUIng) Initiative launched in cooperation with Europol EC3. A founding member of EURASIP “Biometrics, Data Forensics and Security” (B.For.Sec) Special Area Team. Wojciech Mazurczyk is an IEEE Senior Member (2013-) and EURASIP member (2015-). For over 10 years has been serving as the independent consultant in the fields of network security and telecommunications. His research was
covered by worldwide media numerous times including in “IEEE Spectrum”, “New Scientist”, “MIT Technology Review”, “The Economist”, “Der Spiegel”, etc.