A5083686418- Access Control and Trust
- Information and Cyber Security
- Privacy-Preserving Technologies in Data
- Cryptography and Data Security
- Privacy, Security, and Data Protection
- Business Process Modeling and Analysis
- Service-Oriented Architecture and Web Services
- Network Security and Intrusion Detection
- Security and Verification in Computing
- Advanced Malware Detection Techniques
- Internet Traffic Analysis and Secure E-voting
- Spam and Phishing Detection
- Software System Performance and Reliability
- Software Engineering Research
- Cloud Data Security Solutions
- Multi-Agent Systems and Negotiation
- Advanced Software Engineering Methodologies
- Misinformation and Its Impacts
- Data Quality and Management
- User Authentication and Security Systems
- Imbalanced Data Classification Techniques
- Advanced Authentication Protocols Security
- Digital and Cyber Forensics
- Logic, Reasoning, and Knowledge
- Distributed systems and fault tolerance
Eindhoven University of Technology
2015-2024
Institute of Electrical and Electronics Engineers
2020
Regional Municipality of Niagara
2020
IEEE Computer Society
2020
The University of Texas at San Antonio
2018
University of Trento
2004-2011
University of Toronto
2008-2009
University of Bologna
2008
Security requirements engineering is emerging as a branch of software engineering, spurred by the realization that security must be dealt with early on during phase. Methodologies in this field are challenging, they take into account subtle notions such trust (or lack thereof), delegation, and permission; also model entire organizations not only systems-to-be. In our previous work we introduced Secure Tropos, formal framework for modeling analyzing requirements. Tropos founded three main...
Phishing attacks are a critical and escalating cybersecurity threat in the modern digital landscape. As cybercriminals continually adapt their techniques, automated phishing detection systems have become essential for safeguarding Internet users. However, many current rely on single-analysis models, making them vulnerable to sophisticated bypass attempts by hackers. This research delves into potential of hybrid approaches, which combine multiple models enhance both robustness effectiveness...
Data loss, i.e. the unauthorized/unwanted disclosure of data, is a major threat for modern organizations. Loss Protection (DLP) solutions in use nowadays, either employ patterns known attacks (signature-based) or try to find deviations from normal behavior (anomaly-based). While signature-based provide accurate identification and, thus, are suitable prevention these attacks, they cannot cope with unknown nor attackers who follow unusual paths (like those only insiders) carry out their...
In this study, we provide extensive analysis of the (unique) characteristics phishing and spear-phishing attacks, argue that attacks cannot be well captured by current countermeasures, identify ways forward, analyze an advanced campaign targeting white-collar workers in 32 countries.
Phishing attacks are a main threat to organizations and individuals. Current widespread defenses based on spam filters domain blacklisting unfortunately insufficient. Prior work identifies phishing reporting as key, largely untapped resource mitigate threats. Yet, its practice suffers from very low rates generally too an uptake users. Whereas it is known that behavior affected by number of 'human factors', comprehensive view the different theories their effects (intent to) report not yet...
The importance of critical systems has been widely recognized and several efforts are devoted to integrate dependability requirements in their development process. Such result a number models, frameworks, methodologies that have proposed model assess the systems. Among them, risk analysis considers likelihood severity failures for evaluating affecting system. In our previous work, we introduced Tropos goal-risk framework, formal framework modeling, assessing, treating risks on basis...