The First International Workshop on Criminal Use of Information Hiding
(CUING 2017) to be held 
   in conjunction with the 12th International
   Conference on Availability, Reliability and Security (ARES 2017

August 29 - September 1, 2017, Reggio Calabria, Italy

CUING website:


Submission Deadline April 4, 2017
Author Notification May 15, 2017
Proceedings Version June 08, 2017
Conference August 29 - September 1, 2017


With the constant rise of the number of Internet users, available
bandwidth and an increasing number of services shifting into the
connected world, criminals are increasingly active in the virtual world.
With improving defensive methods cybercriminals have to utilize more and
more sophisticated ways to perform their malicious activities. While
protecting the privacy of users, many technologies used in current
malware and network attacks have been abused in order to allow criminals
to carry out their activities undetected.

The aim of the First International Workshop on Criminal Use of
Information Hiding (CUIng) is to bring together researchers,
practitioners, law enforcement representatives, and security
professionals in the area of analysis of information hiding (e.g.
steganography, covert channels), obfuscation techniques and underground
networks (darknets) in order to present novel research regarding the use
of data and communication hiding methods in criminal environments and
discuss ideas for fighting misuse of privacy enhancing technologies.


- Novel countermeasures against information hiding techniques:
  detection, prevention, limitation
- Evasion, obfuscation and anti-forensics techniques used by cybercriminals
- Hiding covert communication within network attacks e.g. DDoS, SPAM, etc.
- Abusing legitimate social media services for masking criminal activities
- Abusing legitimate cloud-based services for masking criminal activities
- Methods for botnet detection and mitigation from CUIng perspective
- Large scale coordinated actions by LEAs from CUIng perspective
- Studies regarding the use of information hiding in cybercrime
- Traffic type obfuscation techniques e.g. traffic morphing
- Impersonation of one cybercriminals groups by the other
- Aspects and methods for sharing strategic intelligence
- Masking network attacks with another types of threats
- Future scenarios in cybercrime from CUIng perspective
- Underground marketplaces and their business models
- Legal and technical aspects of Darknet research
- Local, air-gapped, and network covert channels
- Analysis of cybercrime cases related to CUIng
- New steganographic & steganalysis methods
- Cybercrime and CPS from CUIng perspective
- Botnet analysis from CUIng perspective
- Banking Trojans from CUIng perspective
- Analysis of underground environments
- IoT-botnets from CUIng perspective
- Information hiding techniques
- Privacy enhancing techniques


Philipp Amann (Chair)
Europol, European Cybercrime Centre, The Netherlands

Jart Armin (Chair)
CyberDefcon, The Netherlands

Wojciech Mazurczyk (Chair)
Warsaw University of Technology, Poland

Angelo Consoli (Chair)
Scuola universitaria professionale della Svizzera italiana (SUPSI),

Peter Kieseberg (Chair)
SBA Research, Austria

Joerg Keller (Chair)
FernUniversitaet in Hagen, Germany


The submission guidelines valid for the CUING workshop are the same as
for the ARES conference. They can be found

Submission of a paper implies that should the paper be accepted, at
least one of the authors will register and present the paper in the


In case of questions, please feel free to contact us via