About      Publications      Services      Teaching      Advising      Projects

Sergio Pastrana Portillo

Associate Professor

Computer Securiry Lab (COSEC)
Universidad Carlos III de Madrid


Contact
E-mail:  spastran [at] inf [dot] uc3m [dot] es
Address:
Escuela Politécnica Superior, Universidad Carlos III de Madrid
Avenida de la Universidad 30
28911, Leganés, Madrid


About me

I'm Associate Professor at the Computer Security Lab from the University Carlos III of Madrid. Formerly, I worked in the Cambridge Cybercrime Centre from the University of Cambridge. My research interests are manyfold through the field of cybersecurity and cybercrime. Please, see my list of publications (or my Google profile) to get a glimpse of my current interests

I received a PhD in Computer Science and Technology in 2014 by University of Carlos III de Madrid, my alma mater, where I have also taught courses in official studies offered at the University Carlos III about Security and Computer Programming as well as ocassional participation in Master courses, summer schools and workshops.






Publications

Journal papers
  1. "Redefining Malware Sandboxing: Enhancing Analysis Through Sysmon and ELK Integration", Rasmi-Vlad Mahmoud, Marios Anagnostopoulos, Sergio Pastrana, Jens Myrup Pedersen, IEEE Access, vol 12, pp 68624-68636, 2024. [doi] (open access).

  2. "The Art of Cybercrime Community Research", Jack Hughes, Sergio Pastrana, Alice Hutchings, Sadia Afroz, Sagar Samtani, Weifeng Li, Ericsson Santana Marin. "ACM Computing Surveys". Volume 56 (6), num 155. April 2024. [doi] (open access).

  3. "Towards automated homomorphic encryption parameter selection with fuzzy logic and linear programming". José Cabrero-Holgueras and Sergio Pastrana. "Expert Systems with Applications", Volume 229, p.120460, November 2023. [doi] (open access).

  4. "HEFactory: A symbolic execution compiler for privacy-preserving Deep Learning with Homomorphic Encryption". José Cabrero-Holgueras and Sergio Pastrana. "SoftwareX", Volume 22, p.101396, May 2023. [doi] (open access).

  5. "Towards Realistic Privacy-Preserving Deep Learning over Encrypted Medical Data". José Cabrero-Holgueras and Sergio Pastrana. "Frontiers in Cardiovascular Medicine", Volume 10, p.641, April 2023. [doi] (open access).

  6. "An analysis of fake social media engagement services". David Nevado-Catalán, Sergio Pastrana, Narseo Vallina-Rodriguez, Juan Tapiador. "Computers & Security". Volume 124, January 2023 [doi] (open access).

  7. "A Methodology for Large-Scale Identification of Related Accounts in Underground Forums". José Cabrero-Holgueras, Sergio Pastrana. "Computers & Security". Volume 111, December 2021 [accepted version] [doi]

  8. "Avaddon ransomware: an in-depth analysis and decryption of infected systems". Javier Yuste, Sergio Pastrana. "Computers & Security". Volume 109-C, October 2021 [accepted version] [doi]

  9. "Blocklist Babel: On the Transparency and Dynamics of Open Source Blocklisting". Álvaro Feal, Pelayo Vallina, Julien Gamba, Sergio Pastrana, Antonio Nappa, Oliver Hohlfeld, Narseo Vallina-Rodriguez, Juan Tapiador."IEEE Transactions on Network and Service Management". Volume 18, pp 1334-1349 June 2021. [pdf] [doi]

  10. "Automatically identifying the function and intent of posts in underground forums". Andrew Caines, Sergio Pastrana , Alice Hutchings, Paula Buttery."Crime Science". Volume 7. November 2018. [doi] (open Access).

  11. "PAgIoT: Privacy-preserving Aggregation protocol for Internet of Things". L. Gonzalez-Manzano, J.M. de Fuentes, S. Pastrana, P.Peris-Lopez, L. Hernandez."Journal of Network and Computer Applications". Volume 71 pp 59-71. 2016. (JCR index: 2.331) [pdf] [doi]

  12. "Probabilistic Yoking Proofs For Large Scale IoT Systems".J.M. de Fuentes, P. Peris-Lopez, J.E. Tapiador, S. Pastrana."Ad Hoc Networks". Volume 32. pp 43-53. September 2015. (JCR index: 1,660). [pdf] [doi]

  13. "DEFIDNET: A framework for optimal allocation of cyberdefenses in Intrusion Detection Networks" S. Pastrana, A. Orfila, J.E. Tapiador, P. Peris-Lopez."Computer Networks". Volume 80. pp 66-84, April 2015. (JCR index: 1,446) [pdf] [doi] [prototype]

  14. "Power-aware anomaly detection in smartphones: An analysis of on-platform versus externalized operation".G. Suarez-Tangil, J.E. Tapiador, P. Peris-Lopez, S. Pastrana."Pervasive and Mobile Computing". Elsevier. Volume 18. pp 137-151. April 2015. (JCR index: 1.719). [doi] [pdf]

  15. "Randomized Anagram revisited". Sergio Pastrana, Agustin Orfila, Juan E. Tapiador, Pedro Peris-Lopez. "Journal of Network and Computer Applications". Volume 41. pp 182-196, May 2014.(JCR index: 2.229). [doi] [pdf]

  16. "Evaluation of Classification Algorithms for Intrusion Detection in MANETs". Sergio Pastrana, Aikaterina Mitrokotsa, Agustin Orfila, Pedro Peris-Lopez. "Knowledge Based Systems". Volume 36. pp 217-225. December 2012. (JCR index: 4,104). [doi] [pdf]
Conference papers
  1. "Reversing the Virtual Maze: An Overview of the Technical and Methodological Challenges for Metaverse App Analysis". Alfonso Rodriguez Barredo, Sergio Pastrana, Narseo Vallina-Rodriguez, Guillermo Suarez-Tangil Proceedings of IEEE MetaCom. 2024 [doi] [pdf]

  2. "Reviewing War: Unconventional User Reviews as a Side Channel to Circumvent Information Controls". Jose Miguel Moreno, Sergio Pastrana, Jens Helge Reelfs, Pelayo Vallina, Savvas Zannettou, Andriy Panchenko, Georgios Smaragdakis, Oliver Hohlfeld, Narseo Vallina-Rodriguez and Juan Tapiador. In Proceedings of the International AAAI Conference on Web and Social Media 2024. [doi] [pdf]

  3. "Threat Analysis and Adversarial Model for Smart Grids". Javier Sande-Ríos, Jesus Canal-Sánchez, Carmen Manzano-Hernández and Sergio Pastrana 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) 2024 [doi] [pdf] [Reviews]

  4. "Understanding Crypter-as-a-Service in a Popular Underground Marketplace". Alejandro de la Cruz Alvarado and Sergio Pastrana 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) 2024 [doi] [pdf] [Reviews]

  5. "Examining the trends and operations of modern Dark-Web marketplaces". Victor Labrador, Sergio Pastrana Proceedings of IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). 2022 [doi] [pdf] [code] [Reviews]

  6. "Towards Improving Code-Stylometry Analysis in Underground Forums". Michal Tereszkowski-Kaminski, Sergio Pastrana, Jorge Blasco, Guillermo Suarez-Tangil Proceedings of the 22st Privacy Enhancing Technologies Symposium (PoPETS). 2022 [doi] [pdf]

  7. "Detecting video-game injectors exchanged in game cheating communities". Panicos Karkallis, Jorge Blasco, Sergio Pastrana, Guillermo Suarez-Tangil Proceedings of the 26th European Symposium on Research in Computer Security (ESORICS) 2021. October 2021 [doi] [preprint]

  8. "SoK: Privacy-Preserving Computation Techniques for Deep Learning". José Cabrero-Holgueras and Sergio Pastrana Proceedings of the 21st Privacy Enhancing Technologies Symposium (PoPETS). July 2021 [doi] [pdf]

  9. "Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem". Eduardo Blazquez, Sergio Pastrana, Alvaro Feal, Julien Gamba, Platon Kotzias, Narseo Vallina-Rodriguez, Juan Tapiador. 42nd IEEE Symposium on Security and Privacy (IEEE S&P). May 2021 [doi] [pdf]

  10. "A tight scrape: methodological approaches to cybercrime research data collection in adversarial environments", Kieron Turk, Sergio Pastrana, Ben Collier. 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO) , Digital Conference, September 7th, 2020. [doi] [pdf]

  11. "A first look at the crypto-mining malware ecosystem: A decade of unrestricted wealth", Sergio Pastrana, Guillermo Suarez-Tangil. ACM Internet Measurement Conference (IMC) , Amsterdam, Netherlands, October 2019. [doi] [pdf extended version]

  12. "Measuring eWhoring", Sergio Pastrana, Alice Hutchings, Daniel Thomas, Juan E. Tapiador. ACM Internet Measurement Conference (IMC) , Amsterdam, Netherlands, October 2019. [doi] [pdf] [video]

  13. "Understanding eWhoring", Alice Hutchings, Sergio Pastrana. 4th IEEE European Symposium on Security and Privacy , Stockholm, Sweden, June 2019 [pdf]

  14. "Aggressive language in an online hacking forum", Andrew Caines, Sergio Pastrana , Alice Hutchings, Paula Buttery. Second Workshop on Abusive Language Online (ALW2) , Brussels, Belgium, October 2018 [pdf]

  15. "Characterizing Eve: Analysing Cybercrime Actors in a Large Underground Forum", Sergio Pastrana , Alice Hutchings, Andrew Caines, Paula Buttery. Research in Attacks, Intrusions and Defences (RAID) , Heraklion, Crete, September 2018 [pdf]

  16. "CrimeBB: Enabling Cybercrime Research on Underground Forums at Scale", Sergio Pastrana, Daniel R. Thomas, Alice Hutchings, and Richard Clayton. ACM The Web Conference 2018 (WWW) , Lyon, France, April 2018. [pdf]

  17. "Ethical issues of research using datasets of illicit origin", Daniel R. Thomas, Sergio Pastrana, Alice Hutchings, Richard Clayton, and Alastair R. Beresford. ACM Internet Measurement Conference (IMC) , London, UK, November 2017. [pdf]

  18. "Shall we collaborate? A model to analyse the benefits of information sharing", Roberto Garrido, Lorena Gonzalez and Sergio Pastrana. ACM CCS Worshop on Information Sharing and Collaborative Security (WISCS) , Vienna, Austria, October 2016. [pdf]

  19. "AVRAND: A Software Based Defense Against Code Reuse Attacks in AVR Architectures", Sergio Pastrana, Juan E. Tapiador, Guillermo Suarez-Tangil, Pedro Peris-Lopez. "13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)", San Sebastian, Spain, July 2016. [pdf]

  20. "ArduWorm: A Practical Malware Targeting Arduino Devices", Sergio Pastrana, Jorge Rodriguez-Canseco, Alejandro Calleja. "Jornadas Nacionales de Investigacion en Seguridad (JNIC)", Granada, Spain, June 2016. [pdf] Best paper award!

  21. "Security Analysis and Exploitation of Arduino Devices in the Internet of Things", Carlos Alberca, Sergio Pastrana, Guillermo Suarez-Tangil, Paolo Palmieri. " Workshop on Malicious Software and Hardware in Internet of Things (Mal-IoT)", Como, Italy, May 2016 [doi] [pdf]

  22. "Interactive activities: the key to learning programming with MOOCs.",Carlos Alario, Carlos Delgado, Iria Estevez, Carmen Fernandez, Jorge Blasco, Sergio Pastrana, Guillermo Suarez, and Julio Villena. "Proceedings of the European Stakeholder Summit on experiences and best practices in and around MOOCs (EMOOCS)", Graz (Austria), February 2016

  23. "Anomalous Web Payload Detection: Evaluating the Resilience of 1-gram Based Classifiers", Sergio Pastrana, Carmen Torrano-Gimenez, Hai Than Nguyen, Agustin Orfila. "Proceedings of the VIII Conference on Intelligent Distributed Computing (IDC) ", pp 195-201, Madrid, Spain, September 2014 [pdf]

  24. "A functional framework to evade Network IDS", Sergio Pastrana, Agustin Orfila and Arturo Ribagorda. "Proceedings of the 44th Hawaii International Conference on Systems Sciences (HICSS44)", Kauai, USA, January 2011 [doi] [pdf]

  25. "Artificial Immunity-Based Correlation System (poster)", Guillermo Suarez-Tangil, Esther Palomar, Sergio Pastrana, Arturo Ribagorda. "SECRYPT - International Conference on Security and Cryptography", Sevilla, Spain, July 2011 [doi] [pdf]

  26. "Modeling NIDS evasion using Genetic Programming", Sergio Pastrana, Agustin Orfila and Arturo Ribagorda. "Proceedings of the 2010 World Congress in Computer Science, Computer Engineering and Applied Computing, WORLDCOMP'10", Las Vegas, USA, July 2010 [pdf]

  27. "EVADIR: una metodologia para la evasion de IDS de red", Sergio Pastrana, Agustin Orfila and Arturo Ribagorda. "Actas de la XI Reunion Espanola sobre Criptologia y Seguridad de la Informacion, RECSI'10", Tarragona, Spain, September 2010 [pdf]

PhD Thesis Book chapters
  1. "Displacing big data: How criminals cheat the system", in "The Human Factor of Cybercrime". Alice Hutchings, Sergio Pastrana, Richard Clayton. Taylor & Francis; ISBN 978-0-42946-059-3 (2019)
  2. "Evading IDS and Firewalls as Fundamental Sources of Information in SIEMS", in "Advances in Security Information Management: perceptions and outcomes". Sergio Pastrana, José Montero, Agustin Orfila, NOVA Publishers, ISBN 978-1-62417-221-2(2013)

Services

Reviewer of the following journals
  • IEEE Security & Privacy
  • Journal of Cybersecurity
  • Computers in Human Behavior
  • DTRAP
  • Information Fusion
  • Computers&Security
  • Knowledge Based Systems
  • Future Generation Computer Systems
  • Information Sciences
  • KSII Transactions on Internet and Information Systems
  • AdHoc Networks
PC chair/co-chair PC Member or conference sub-reviewer
  • International Symposium on Security and Privacy in Social Networks and Big Data (SocialSec) 2023.
  • International Conference on Cryptology and Network Security (CANS) 2023 and 2022.
  • The Web Conference 2022.
  • APWG eCrime 2022 and 2021.
  • Workshop on Attackers and Cyber-Crime Operations (WACCO) 2019.
  • 9th International Conference on Emerging Ubiquitous Systems and Pervasive Networks 2018.
  • International Conference on Networks & Communications 2016.
  • 12th International Conference on Security and Cryptography (SECRYPT) 2015.
  • IEEE International Conference on Trust, Security and Privacy 2015.
  • International Conference on Information Security Practice and Experience 2015.
  • 13th International Conference on Security and Cryptography (SECRYPT) 2016.
Others
  • Project reviewer at Spanish Association for Standardisation and Certification (AENOR).
  • Project reviewer at Israeli Ministry of Science, Technology and Space.

Teaching experience

MSc courses BSc and other courses Online Open Courses

Supervision

Current PhD Students
Past PhD Students

Projects

Current
  • CIARRES: Cybersecurity and Artificial Intelligence for a more resilient Smart Grid
  • APAMCiber: Prevention and Attribution of Cyberthreats against Cybersecurity Stakeholders
  • Trustaware: Enhancing Digital Security, Privacy and TRUST in software
  • ECYSAP: European Cyber Situational Awareness Platform
Past