CUING 2022

The 6th International Workshop on Criminal Use of Information Hiding (CUING 2022)

to be held in conjunction with the 17th International Conference on Availability, Reliability and Security
(ARES 2022 –

August 23 – August 26, 2022

With the constant rise of the number of Internet users, available bandwidth and an increasing number of services shifting into the connected world, criminals are increasingly active in the virtual world. With improving defensive methods cybercriminals have to utilize more and more sophisticated ways to perform their malicious activities. While protecting the privacy of users, many technologies used in current malware and network attacks have been abused in order to allow criminals to carry out their activities undetected. This poses a lot of new challenges for digital forensics analysts, academics, law enforcement agencies (LEAs), and security professionals.

The aim of the International Workshop on Criminal Use of Information Hiding (CUIng) is to bring together researchers, practitioners, law enforcement representatives, and security professionals in the area of analysis of information hiding. However data hiding is understood here in a wider manner than in the academic world i.e. all techniques that pertain to camouflaging/masking/hiding various types of data (e.g. identities, behavior, communication, etc.) are included here. This means not only digital steganography/covert channels but also obfuscation/anti-forensics techniques and even underground networks (darknets) or activities related to behavior impersonation or mimicking. This will allow to present a more complete picture on novel research regarding the use of data and communication hiding methods in criminal environments and discuss ideas for fighting misuse of privacy enhancing technologies.

Moreover, this year the CUING workshop is co-organized together with the SIMARGL (Secure Intelligent Methods for Advanced RecoGnition of malware and stegomalware) and DISSIMILAR (Detection of fake newS on SocIal MedIa pLAtfoRms) projects.

Topics of interest include, but are not limited to

Information hiding techniques
Studies regarding the use of information hiding in cybercrime
Analysis of cybercrime cases related to CUIng
Large scale coordinated actions by LEAs from CUIng perspective
New steganographic & steganalysis methods
Local, air-gapped, and network covert channels
Side channels and less obvious usage of information hiding techniques
Novel countermeasures against information hiding techniques: detection, prevention, limitation
Evasion, obfuscation and anti-forensics techniques used by cybercriminals
Traffic type obfuscation techniques e.g. traffic morphing
Masking network attacks with another types of threats
Hiding covert communication within network attacks e.g. DDoS, SPAM, etc.
Impersonation of one cybercriminals groups by the other

Underground marketplaces and their business models
Botnet analysis from CUIng perspective
Methods for botnet detection and mitigation from CUIng perspective
Banking Trojans from CUIng perspective
IoT-botnets from CUIng perspective
Privacy enhancing techniques
Analysis of underground environments
Legal and technical aspects of Darknet research
Cybercrime and CPS from CUIng perspective
Future scenarios in cybercrime from CUIng perspective
Aspects and methods for sharing strategic intelligence
Abusing legitimate cloud-based services for masking criminal activities
Abusing legitimate social media services for masking criminal activities

Important Dates
Submission Deadline May 15, 2022 May 25, 2022
Author Notification June 01, 2022 June 10, 2022
Proceedings Version June 19, 2022
ARES EU Symposium August 23, 2022
ARES Conference August 23 – August 26, 2022
Workshop Chairs

Wojciech Mazurczyk
Warsaw University of Technology, Poland

Philipp Amann
Europol, European Cybercrime Centre, The Netherlands

Jart Armin
CyberDefcon, The Netherlands

Angelo Consoli
Scuola universitaria professionale della Svizzera italiana (SUPSI), Switzerland

Peter Kieseberg
FH St. Pölten, Austria

Joerg Keller
FernUniversität in Hagen, Germany


Milad Taleby Ahvanooey, Nanjing University, China
Soumya Banerjee, CNAM-CEDRIC LAB, INRIA-EVA, Paris, France
Krzysztof Cabaj, Warsaw University of Technology, Poland
Luca Caviglione, IMATI CNR, Italy
Michal Choras, Bydgoszcz University of Science and Technology, Poland
Marco Cremonini, University of Milan, Italy
Jana Dittmann, Otto-von-Guericke University Magdeburg, Germany
Mattia Epifani, CNR, Italy
Mordechai Guri, Ben-Gurion University of the Negev, Israel
Julio Hernandez-Castro, School of Computing, University of Kent, UK
Stefan Katzenbeisser, TU Darmstadt, Germany
Zbigniew Kotulski, Warsaw University of Technology, Poland
Rafal Kozik, Bydgoszcz University of Science and Technology, Poland
Christian Kraetzer, Otto-von-Guericke University Magdeburg, Germany
Minoru Kuribayashi, Okayama University, Japan
Jean-Francois Lalande, CentraleSupélec, France
Daniel Lerch-Hostalot, Universitat Oberta de Catalunya, Spain
Shujun Li, University of Kent, UK
David Megias, Universitat Oberta de Catalunya, Spain
Aleksandra Mileva, University Goce Delcev, Republic of Macedonia
Marek Pawlicki, Bydgoszcz University of Science and Technology, Poland
Zbigniew Piotrowski, Military University of Technology, Poland
Pawel Rajba, University of Wroclaw, Poland
Avinash    Srinivasan, United States Naval Academy, USA
Martin Steinebach, Fraunhofer SIT, Germany
Hui Tian, National Huaqiao University, China
Steffen Wendzel, Worms University of Applied Sciences and Fraunhofer FKIE, Germany
Tanja Zseby, Vienna University of Technology, Austria

Submission Guidelines

The submission guidelines valid for the workshop are the same as for the ARES conference. They can be found at

Moreover, the extended versions of all accepted papers will be considered for publication in a special issue of the Journal of Cyber Security and Mobility (Indexed in Scopus,


Steffen Wendzel
Scientific Director Center of Technology & Transfer and Professor, Hochschule Worms
Lecturer, University of Hagen

Describing Steganography Hiding Methods with a Unified Taxonomy
Steganography embraces several hiding techniques which spawn across multiple domains, such as digital media steganography, text steganography, cyber-physical systems steganography, network steganography (network covert channels), and filesystem steganography. However, the related terminology is not unified among the different domains. To cope with this, an attempt has been made in 2015 with the introduction of the so-called “hiding patterns”. Hiding patterns allow to describe hiding techniques in a more abstract manner. Despite significant enhancements, the main limitation of the original taxonomy is that it only considers the case of network steganography. The 2015-taxonomy was optimized over the years (see but a major revision (presented at ARES’ CUING’21) has paved the path towards a taxonomy that covers all steganography domains.

This keynote introduces the concept of hiding patterns and reviews the development of the methodology. It will also present a major revision of the patterns-taxonomy, which was developed by a consortium with members from several countries (HS Worms (Germany), CNR (Italy), WUT (Poland), Univ. Goce Delcev (North Macedonia), University of Magdeburg (Germany), and TH Brandenburg (Germany)). The new version of the taxonomy will be made publicly available in mid-August (

Steffen Wendzel is a professor of information security and computer networks at Hochschule Worms, Germany, where he is also the scientific director of the Center for Technology and Transfer (ZTT). In addition, he is a lecturer at the Faculty of Mathematics & Computer Science at the FernUniversität in Hagen, Germany, from which he also received his Ph.D. (2013) and Habilitation (2020). Before joining Hochschule Worms, he led a smart building security research team at Fraunhofer FKIE in Bonn, Germany. Steffen (co-)authored more than 170 publications and (co-)organized several conferences and workshops (incl. ARES IWSMR’19-’22) and special issues for major journals, such as IEEE Security & Privacy (S&P), Elsevier Future Generation Computer Systems (FGCS), and IEEE Transactions Industrial Informatics (TII). He is editorial board member of J.UCS and JCSM. His major research focus is on covert channels, network steganography, scientific taxonomy, and IoT security. Website: