A5032367579- Network Security and Intrusion Detection
- Advanced Malware Detection Techniques
- Spam and Phishing Detection
- Anomaly Detection Techniques and Applications
- Adversarial Robustness in Machine Learning
- Internet Traffic Analysis and Secure E-voting
- Digital and Cyber Forensics
- Pharmaceutical Quality and Counterfeiting
- Cybercrime and Law Enforcement Studies
- Forensic Toxicology and Drug Analysis
- Web Application Security Vulnerabilities
- Smart Grid Security and Resilience
- Authorship Attribution and Profiling
- Software Testing and Debugging Techniques
- Artificial Immune Systems Applications
University of Cagliari
2008-2018
To cope with the increasing variability and sophistication of modern attacks, machine learning has been widely adopted as a statistically-sound tool for malware detection. However, its security against well-crafted attacks not only recently questioned, but it shown that exhibits inherent vulnerabilities can be exploited to evade detection at test time. In other words, itself weakest link in system. this paper, we rely upon previously-proposed attack framework categorize potential scenarios...
Clustering algorithms have become a popular tool in computer security to analyze the behavior of malware variants, identify novel families, and generate signatures for antivirus systems. However, suitability clustering security-sensitive settings has been recently questioned by showing that they can be significantly compromised if an attacker exercise some control over input data. In this paper, we revisit problem focusing on behavioral approaches, investigate whether what extent may able...
PDF files have proved to be excellent malicious-code bearing vectors. Thanks their flexible logical structure, an attack can hidden in several ways, and easily deceive protection mechanisms based on file-type filtering. Recent work showed that malicious accurately detected by analyzing with results. In this paper, we present practically demonstrate a novel evasion technique, called reverse mimicry, defeat such kind of analysis. We implement it using real samples validate our approach testing...
Cyber attacks are currently blooming, as the attackers reap significant profits from them and face a limited risk when compared to committing "classical" crimes. One of major components that leads successful compromising targeted system is malicious software. It allows using victim's machine for various nefarious purposes, e.g., making it part botnet, mining cryptocurrencies, or holding hostage data stored there. At present, complexity, proliferation, variety malware pose real challenge...
In this paper we propose a novel, passive approach for detecting and tracking malicious flux service networks. Our detection system is based on analysis of recursive DNS (RDNS) traffic traces collected from multiple large Contrary to previous work, our not limited the suspicious domain names extracted spam emails or precompiled blacklists. Instead, able detect networks in-the-wild, i.e., as they are accessed by users who fall victims content advertised through blog spam, instant messaging...
In this paper, we present FluxBuster, a novel passive DNS traffic analysis system for detecting and tracking malicious flux networks. FluxBuster applies large-scale monitoring of traces generated by recursive (RDNS) servers located in hundreds different networks scattered across several geographical locations. Unlike most previous work, our detection approach is not limited to the suspicious domain names extracted from spam emails or precompiled blacklists. Instead, able detect service...
JavaScript is a dynamic programming language adopted in variety of applications, including web pages, PDF Readers, widget engines, network platforms, office suites. Given its widespread presence throughout different software primary tool for the development novel -rapidly evolving- malicious exploits. If classical signature- and heuristic-based detection approaches are clearly inadequate to cope with this kind threat, machine learning solutions proposed so far suffer from high false-alarm...
Nowadays, the web-based architecture is most frequently used for a wide range of internet services, as it allows to easily access and manage information software on remote machines. The input web applications made up queries, i.e. sequences pairs attributelarrvalue. A attacks exploits application vulnerabilities, typically derived from validation flaws. In this work we propose new formulation query analysis through Hidden Markov Models (HMM) show that HMM are effective in detecting either...
During the past years, malicious PDF files have become a serious threat for security of modern computer systems.They are characterized by complex structure and their variety is considerably high.Several solutions been academically developed to mitigate such attacks.However, they leveraged on information that were extracted from either only or content file.This creates problems when trying detect non-Javascript targeted attacks.In this paper, we present novel machine learning system automatic...
To cope with the increasing variability and sophistication of modern attacks, machine learning has been widely adopted as a statistically-sound tool for malware detection. However, its security against well-crafted attacks not only recently questioned, but it shown that exhibits inherent vulnerabilities can be exploited to evade detection at test time. In other words, itself weakest link in system. this paper, we rely upon previously-proposed attack framework categorize potential scenarios...