Clemens Kolbitsch

Clemens Kolbitsch

General Information

Currently, I am working for Lastline Inc., focusing on malware analysis and detecting threats in the wild.

In 2011, I have finished my PhD studies at the International Secure Systems Lab. My main research interests are malware analysis and detection as well as virtualization. In previous projects, I was working on memory protection, race condition detection, and wireless communication and its security.

In beginning of February 2010, I have become the lead developer of Anubis, our public system for analyzing potentially malicious binary programs. In this project, I am currently focusing on improving stability, supporting a wider spectrum of malware, and making the sandbox more resistant to being detected by a sample under analysis.

In spring 2011, I was a research intern at Microsoft working with Ben Livshits and Ben Zorn. In this project, we were working on the detection of malicious websites on the Internet to filter Bing search results and thus protect its users.

Besides research work, I co-lecture two courses (Internet Security and Advanced Internet Security). The classes' main focus lies on teaching students to understand, detect, and fix vulnerabilities in network protocols, web applications, as well as binary programs.


  • Rozzle: De-Cloaking Internet Malware
    Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
    IEEE Symposium on Security and Privacy
    San Francisco, USA, May 2012.
    Article. Bibtex. Technical report

  • The Power of Procrastination: Detection and Mitigation of Execution-Stalling Malicious Code
    Clemens Kolbitsch, Engin Kirda, and Christopher Kruegel
    18th ACM Conference on Computer and Communications Security (CCS)
    Chicago, USA, October 2011.
    Article. Bibtex.

  • Detecting Environment-Sensitive Malware
    Martina Lindorfer, Clemens Kolbitsch, and Paolo Milani Comparetti
    International Symposium on Recent Advances in Intrusion Detection (RAID 2011)
    Menlo Park, USA, September 2011.
    Article. Bibtex

  • Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries
    Clemens Kolbitsch, Thorsten Holz, Christopher Kruegel, and Engin Kirda
    IEEE Symposium on Security and Privacy
    Oakland, USA, May 2010.
    Article. Bibtex

  • Identifying Dormant Functionality in Malware Programs
    Paolo Milani Comparetti, Guido Salvaneschi, Engin Kirda, Clemens Kolbitsch, Christopher Kruegel, and Stefano Zanero
    IEEE Symposium on Security and Privacy
    Oakland, USA, May 2010.
    Article. Bibtex

  • Effective and Efficient Malware Detection at the End Host
    Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiaoyong Zhou, and Xiaofeng Wang
    Usenix Security Symposium
    Montreal, Canada, August 2009.
    Article. Bibtex

  • Removing Web Spam Links from Search Engine Results
    Manuel Egele, Clemens Kolbitsch, and Christian Platzer
    Journal of Computer Virology, Springer Verlag, DOI 10.1007/s11416-009-0132-6
    August 2009.

  • Master Thesis
    My thesis dealt with a the idea of protecting certain memory regions not only on a per-page but also on a per-word basis. This involved changing the Linux kernel to realize this new idea, enhance a compiler (the tiny c compiler) and implement the necessary processor-instructions in the system emulator Qemu.

    Using this system, we designed new approaches to protect agains stack- and heap-based buffer overflows. Further, we implemented a dynamic race condition detector. Evaluation on various large scale code projects (e.g. Apache) demonstrate the usability of the race condition detection system.

    Extending Mondrian Memory Protection
    Clemens Kolbitsch, Christopher Kruegel, and Engin Kirda
    NATO RTO IST-091 Symposium
    Antalya, Turkey, April 2010.
    Article. Bibtex

  • Virtual 802.11 Fuzzing
    Together with Sylvester Keil, I was working on a stateful fuzzer for the 802.11 protocol. For more information refer to the project website.

    Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment
    Sylvester Keil and Clemens Kolbitsch
    Black Hat Japan
    Tokyo, Japan, October 2007.
    White paper. Bibtex



I can be reached under ck (at)

You can find my public key here.

You can find my official TU-contact information here.

Last Modified: Thu Apr 5 04:30:21 CEST 2012

International Secure Systems Lab