I am currently an assistant professor at University of Twente. In the period between 2013 and 2017, I was a Ph.D. candidate at the same university. A number of solutions proposed in my Ph.D. thesis were deployed by network operators worldwide and some methodologies will be used by the Dutch High Tech Crime Unit. During my Ph.D., I also acted as technical advisor to the Dutch National Cyber Security Center and to the Japanese Ministry of Internal Affairs and Communications, both on the topic of Cyber Security and DDoS attacks. I presented my work in more than 30 countries. The most frequent words to describe my presentations/lectures by attendees are enthusiastic, entertaining and easy to understand (see more at http://jairsantanna. com/others_judgement). My professional objective is to become an internationally recognized researcher and teacher in Internet security, DDoS attack, and (big) data analysis. I aim to transfer my enthusiasm, knowledge, skills and experience into meaningful innovation to improve the security in all types of computer networks, especially the Internet. 


  • Computer Science

    • Internet
    • Attack
    • Websites
    • Distributed Denial of Service
    • Distributed Denial of Service Attack
    • Service
    • Honeypots
    • Events


Research Information (CTIT)


The Effect of the Russian-Ukrainian Conflict from the Perspective of Internet eXchangesIn 18th International Conference on Network and Service Management, CNSM 2022. Trusin, C., Santanna, J. & Bertholdo, L.
Characterising attacks targeting low-cost routers: a MikroTik case study (Extended). ArXiv.org. Ceron, J. M., Scholten, C., Pras, A., Lastdrager, E. & Santanna, J.MikroTik Devices Landscape, Realistic Honeypots, and Automated Attack ClassificationIn Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, Article 9110336. IEEE. Ceron, J. M., Scholten, C., Pras, A. & Santanna, J.https://doi.org/10.1109/NOMS47738.2020.9110336
DDoS Hide & Seek: On the effectiveness of a booter services takedownIn IMC 2019 - Proceedings of the 2019 ACM Internet Measurement Conference (pp. 65-72). Association for Computing Machinery. Kopp, D., Santanna, J., Wichtlhuber, M., Hohlfeld, O., Poese, I. & Dietzel, C.https://doi.org/10.1145/3355369.3355590Are darknets all the same? On darknet visibility for security monitoringIn 25th IEEE International Symposium on Local and Metropolitan Area Networks, LANMAN 2019, Article 8847113. IEEE. Soro, F., Drago, I., Trevisan, M., Mellia, M., Ceron, J. & Santanna, J. J.https://doi.org/10.1109/LANMAN.2019.8847113

Research profiles

Courses academic year 2023/2024

Courses in the current academic year are added at the moment they are finalised in the Osiris system. Therefore it is possible that the list is not yet complete for the whole academic year.

Courses academic year 2022/2023


Visiting address

University of Twente

Zilverling (building no. 11), room 5098
Hallenweg 19
7522 NH Enschede

Navigate to location


Scan the QR code or
Download vCard