Scope
Cybercrime has increasingly evolved into Crime-as-a-Service (CaaS) ecosystems, where specialized actors provide tools, infrastructure, and services that lower barriers to entry and enable both purely digital and cyber-assisted physical crime. These developments demand security research that goes beyond malware analysis to include detection pipelines, adversarial marketplaces, and a human-centered understanding of cybercriminal behavior.
The TAKEDOWN Workshop seeks to bring together researchers and practitioners studying the technical, behavioral, and systemic dimensions of cybercrime, with particular emphasis on detecting and disrupting service-based criminal ecosystems and the human actors who operate them.
We invite submissions across three categories: full papers, short papers (including position papers and experience reports), and dataset papers, covering original research, work-in-progress, and novel datasets.
Topics of Interest
Topics include, but are not limited to, the following areas.
- Measurement and modeling of CaaS markets (phishing-, ransomware-, access-as-a-service)
- Roles, specialization, and trust mechanisms in underground services
- Automation and commodification of cybercrime
- Interdependencies between service providers and downstream criminal activity
- Detection and attribution of bulletproof hosting providers
- Hosting migration patterns and infrastructure resilience
- Relationships between bulletproof hosts and downstream criminal services
- Economic models and pricing structures of abuse-tolerant hosting
- Detection of scams, phishing, fraud, and malware delivery infrastructure
- Network-, system-, and platform-level detection of cybercriminal services
- Tracking bulletproof hosting via passive and active measurement
- AS-level and BGP-based detection of malicious infrastructure
- ML- and AI-based detection under adversarial conditions
- Early-warning systems for emerging cybercrime campaigns
- Profiling and behavioral analysis of cybercriminals
- Incentive structures, reputation, and decision-making in underground markets
- Socio-technical analysis of cybercriminal communities
- Human factors in attacker / defender dynamics
- Technical mechanisms enabling cyber-assisted physical crime
- Online facilitation of fraud, extortion, trafficking, and financial crime
- Linking online criminal infrastructure to offline harms
- Detection and mitigation of hybrid cyber-physical activity
- Technical approaches to disrupting CaaS supply chains
- Measuring real-world impact of takedowns and interventions
- Infrastructure resilience and criminal adaptation post-disruption
- Case studies from industry, ISPs, platforms, and CERTs
- Legal, ethical, and operational constraints on countermeasures
Submission guidelines
Papers that do not comply with the following requirements will be desk-rejected.
- Submissions must be written in English.
- All submissions must be received by 11:59 PM AoE (UTC-12) on the day of the corresponding deadline.
- Submitted papers must not substantially overlap with papers that have been published or accepted for publication, or that are simultaneously in submission to a journal, conference, or workshop with published proceedings. All submissions should be properly anonymized. Papers should avoid revealing authors' identity in the text. When referring to their previous work, authors are required to cite their papers in the third person, without identifying themselves. In the unusual case in which a third-person reference is infeasible, authors can blind the reference itself. Papers not properly anonymized may be rejected without review.
- All articles must respect the page limits of the corresponding category (full, short, and dataset) excluding references and clearly labeled appendices, with an absolute maximum length of 12 pages. Reviewers are not obligated to read appendices, so the main paper should remain self-contained and understandable without them.
- Submissions must be provided in PDF format and adhere strictly to the ACM formatting guidelines. Authors should follow the main ACM CCS'26 formatting instructions, except for the page limits specified above. Moreover, all submissions must comply with the "Use of Generative AI" policy described in the main page of CCS.
- At least one author of each accepted paper must attend the workshop and present the work in order for the paper to appear in the proceedings.
Ethical Considerations
All papers must contain an Ethical Considerations appendix that follows the requirements laid out in the CCS Submission Policies and Instructions. For more details you may refer to the corresponding part of the CCS Call for Papers.
Important Dates
All deadlines are Anywhere on Earth (AoE).
Submissions
Submission Site
Submission link: https://takedown26.hotcrp.com/
Review Process
The workshop follows a double-blind review process with at least 3 reviews per submission. Conflicts of interest are declared and managed via HotCRP. All accepted papers will be published in the ACM CCS workshops’ proceedings.
Committee
Program Chairs
Constantinos Patsakis
University of Piraeus, Greece
George Smaragdakis
Delft University of Technology, Netherlands
Program Committee
Ioannis Agrafiotis
Oxford University
David Arroyo
Spanish National Research Council
Alastair Beresford
University of Cambridge
Juan Caballero
IMDEA Software Institute
Yi Ting Chua
University of Tulsa
David Decary-Hetu
University of Montreal
Harm Griffioen
Delft University of Technology
Alice Hutchings
University of Cambridge
Vasilios Katos
Bournemouth University
Platon Kotzias
BforeAI
Shujun Li
University of Kent
David Maimon
Georgia State University
Tobias Mattes
Bavarian State Police
Wojciech Mazurczyk
Warsaw University of Technology
Marco Musumeci
United Nations InterregionalCrime and Justice Research Institute
Juha Nurmi
Tampere University
Raul Orduna
Vicomtech
George Stergiopoulos
Athens University of Economics and Business
Francesco Zola
Vicomtech