About      Publications      Research activities      Teaching      Advising      Projects

Sergio Pastrana Portillo

Assistant Professor

Computer Security Lab (COSEC)
Department of Computer Science
University Carlos III of Madrid

E-mail:  spastran [at] inf [dot] uc3m [dot] es
Phone: +34916246260
Address: Avda. de la Universidad, 30. 28911 Leganés (Madrid) Spain
Office: 2.2.C02B

About me

I'm assistant professor at University Carlos III de Madrid, affiliated at the Computer Security Lab. I received a PhD in Computer Science and Technology in 2014 for my research on the assessment of the robustness of different architectures of cybersecurity against adversarial attacks and the analysis of the applications of Machine Learning and other heuristic-based algorithms in the network intrusion detection domain. My current research interest is widespread in the area of cybersecurity, though i'm currently focused in the security and exploitation of smart devices and embedded systems. Regarding my teaching activities, I have taught courses in official studies offered at the University Carlos III about Security and Computer Programming as well as ocassional participation in Master courses, summer schools and workshops. Google profile


PhD Thesis Journal papers
  1. "PAgIoT: Privacy-preserving Aggregation protocol for Internet of Things". L. Gonzalez-Manzano, J.M. de Fuentes, S. Pastrana, P.Peris-Lopez, L. Hernandez."Journal of Network and Computer Applications". In Press. 2016. (JCR index: 2.331) [pdf] [doi]

  2. "Probabilistic Yoking Proofs For Large Scale IoT Systems".J.M. de Fuentes, P. Peris-Lopez, J.E. Tapiador, S. Pastrana."Ad Hoc Networks". Volume 32. pp 43-53. September 2015. (JCR index: 1,660). [pdf] [doi]

  3. "DEFIDNET: A framework for optimal allocation of cyberdefenses in Intrusion Detection Networks" S. Pastrana, A. Orfila, J.E. Tapiador, P. Peris-Lopez."Computer Networks". Volume 80. pp 66-84, April 2015. (JCR index: 1,446) [pdf] [doi] [prototype]

  4. "Power-aware anomaly detection in smartphones: An analysis of on-platform versus externalized operation".G. Suarez-Tangil, J.E. Tapiador, P. Peris-Lopez, S. Pastrana."Pervasive and Mobile Computing". Elsevier. Volume 18. pp 137-151. April 2015. (JCR index: 1.719). [doi] [pdf]

  5. "Randomized Anagram revisited". Sergio Pastrana, Agustin Orfila, Juan E. Tapiador, Pedro Peris-Lopez. "Journal of Network and Computer Applications". Volume 41. pp 182-196, May 2014.(JCR index: 2.229). [doi] [pdf]

  6. "Evaluation of Classification Algorithms for Intrusion Detection in MANETs". Sergio Pastrana, Aikaterina Mitrokotsa, Agustin Orfila, Pedro Peris-Lopez. "Knowledge Based Systems". Volume 36. pp 217-225. December 2012. (JCR index: 4,104). [doi] [pdf]
Conference papers
  1. "AVRAND: A Software Based Defense Against Code Reuse Attacks in AVR Architectures", Sergio Pastrana, Juan E. Tapiador, Guillermo Suarez-Tangil, Pedro Peris-Lopez. "13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)", San Sebastian, Spain, July 2016. [pdf]

  2. "ArduWorm: A Practical Malware Targeting Arduino Devices", Sergio Pastrana, Jorge Rodriguez-Canseco, Alejandro Calleja. "Jornadas Nacionales de Investigacion en Seguridad (JNIC)", Granada, Spain, June 2016. [pdf] Best paper award!

  3. "Security Analysis and Exploitation of Arduino Devices in the Internet of Things", Carlos Alberca, Sergio Pastrana, Guillermo Suarez-Tangil, Paolo Palmieri. " Workshop on Malicious Software and Hardware in Internet of Things (Mal-IoT)", Como, Italy, May 2016 [doi] [pdf]

  4. "Interactive activities: the key to learning programming with MOOCs.",Carlos Alario, Carlos Delgado, Iria Estevez, Carmen Fernandez, Jorge Blasco, Sergio Pastrana, Guillermo Suarez, and Julio Villena. "Proceedings of the European Stakeholder Summit on experiences and best practices in and around MOOCs (EMOOCS)", Graz (Austria), February 2016

  5. "Anomalous Web Payload Detection: Evaluating the Resilience of 1-gram Based Classifiers", Sergio Pastrana, Carmen Torrano-Gimenez, Hai Than Nguyen, Agustin Orfila. "Proceedings of the VIII Conference on Intelligent Distributed Computing (IDC) ", pp 195-201, Madrid, Spain, September 2014 [pdf]

  6. "A functional framework to evade Network IDS", Sergio Pastrana, Agustin Orfila and Arturo Ribagorda. "Proceedings of the 44th Hawaii International Conference on Systems Sciences (HICSS44)", Kauai, USA, January 2011 [doi] [pdf]

  7. "Artificial Immunity-Based Correlation System (poster)", Guillermo Suarez-Tangil, Esther Palomar, Sergio Pastrana, Arturo Ribagorda. "SECRYPT – International Conference on Security and Cryptography", Sevilla, Spain, July 2011 [doi] [pdf]

  8. "Modeling NIDS evasion using Genetic Programming", Sergio Pastrana, Agustin Orfila and Arturo Ribagorda. "Proceedings of the 2010 World Congress in Computer Science, Computer Engineering and Applied Computing, WORLDCOMP'10", Las Vegas, USA, July 2010 [pdf]

  9. "EVADIR: una metodologia para la evasion de IDS de red", Sergio Pastrana, Agustin Orfila and Arturo Ribagorda. "Actas de la XI Reunion Espanola sobre Criptologia y Seguridad de la Informacion, RECSI'10", Tarragona, Spain, September 2010 [pdf]

Book chapters
  1. "Evading IDS and Firewalls as Fundamental Sources of Information in SIEMS", in "Advances in Security Information Management: perceptions and outcomes". Sergio Pastrana, José Montero, Agustin Orfila, NOVA Publishers, ISBN 978-1-62417-221-2(2013)

Research Activities

Reviewer of the following journals
  • Knowledge Based Systems
  • Future Generation Computer Systems
  • Information Sciences
  • KSII Transactions on Internet and Information Systems
PC Member or conference sub-reviewer
  • 12th International Conference on Security and Cryptography (SECRYPT) 2015
  • IEEE International Conference on Trust, Security and Privacy 2015
  • International Conference on Information Security Practice and Experience 2015
  • International Conference on Networks & Communications 2016
  • 13th International Conference on Security and Cryptography (SECRYPT) 2016
  • Project reviewer at Spanish Association for Standardisation and Certification
  • Project reviewer at Israeli Ministry of Science, Technology and Space


Current courses Past courses Online Open Courses


If you want to develop your Master Thesis or Bachelor Project in some security related field, I'll be pleased to supervise you. Send me an email or visit me at my office in Leganés campus.
Requirements: being a uc3m student, having high grades (i.e.: upper 8) in the security-related courses from the bachelor program in Computer Science, and programming skills in C/C++, Java and Python.

Master Students
  1. José María Alonso (expected 2016). Topic: Security in SCADA
  2. Iñigo Serrano, (expected 2016). Topic: Stego-malware
  3. Jaime Morales, (expected 2016). Topic: Information Sharing
  4. Luis Nuñez, (expected 2016). Topic: Malware analysis
  5. Fernando Vañó, (expected 2016). Topic: IoT Honeypot
  6. Roberto Garrido, 2016. Topic: Cooperative Cyberdefense
  7. Victor Sánchez, 2015. Topic: SIEM systems
  8. Eric Mendillo, 2015. Topic: Cybersecurity simulator
  9. José Ramón Rapallo, 2015. Topic: Military Cyber-ranges
  10. Carlos Alberca, 2015. Topic: Security in IoT
  11. Christian López, 2015, Topic: SIEM systems
Bachelor Students
  1. Guillermo Izquierdo (expected 2016). Topic: Android security
  2. Luis Buendía (expected 2016). Topic: Malware engineering
  3. Antonio Requena, 2016. Topic: Android Security
  4. Carlos Alberca, 2014. Topic: Security in RFID
  5. Marta Canes, 2014. Topic: Intrusion Detection Networks
  6. Ricardo Ramirez, 2014, Topic: Security Legislation
  7. Javier Alvarez, 2014, Topic: Bio-engineering
  8. Antonio Parra, 2013, Topic: Malware analysis
  9. Joel Barra, 2012, Topic: Linux security


Current Past