Popularity and complexity of malicious mobile applications are rising, making their analysis difficult and labor intensive. Mobile application analysis is indeed inherently different from desktop application analysis: In the latter, the... more
Popularity and complexity of malicious mobile applications are rising, making their analysis difficult and labor intensive. Mobile application analysis is indeed inherently different from desktop application analysis: In the latter, the interaction of the user (i.e., victim) is crucial for the malware to correctly expose all its malicious behaviors. We propose a novel approach to analyze (malicious) mobile applications. The goal is to exercise the user interface (UI) of an Android application to effectively trigger malicious behaviors, automatically. Our key intuition is to record and reproduce the UI interactions of a potential victim of the malware, so as to stimulate the relevant behaviors during dynamic analysis. To make our approach scale, we automatically re-execute the recorded UI interactions on apps that are similar to the original ones. These characteristics make our system orthogonal and complementary to current dynamic analysis and UI-exercising approaches. We developed ...
Research Interests:
Modern botnets rely on domain-generation algorithms (DGAs) to build resilient command-and-control infrastructures. Recent works focus on recognizing automatically generated domains (AGDs) from DNS traffic, which potentially allows to... more
Modern botnets rely on domain-generation algorithms (DGAs) to build resilient command-and-control infrastructures. Recent works focus on recognizing automatically generated domains (AGDs) from DNS traffic, which potentially allows to identify previously unknown AGDs to hinder or disrupt botnets' communication capabilities. The state-of-the-art approaches require to deploy low-level DNS sensors to access data whose collection poses practical and privacy issues, making their adoption problematic. We propose a mechanism that overcomes the above limitations by analyzing DNS traffic data through a combination of linguistic and IP-based features of suspicious domains. In this way, we are able to identify AGD names, characterize their DGAs and isolate logical groups of domains that represent the respective botnets. Moreover, our system enriches these groups with new, previously unknown AGD names, and produce novel knowledge about the evolving behavior of each tracked botnet. We used ou...
In this whitepaper we briey describe Masibty, a novel anomaly-based web application rewall we devised. It has a modular and extensible structure. We give an overview of the anomaly detection models we im- plemented in it, and show that it... more
In this whitepaper we briey describe Masibty, a novel anomaly-based web application rewall we devised. It has a modular and extensible structure. We give an overview of the anomaly detection models we im- plemented in it, and show that it is able to detect dierent kind of real world attacks on common web applications. We also evaluate its perfor- mance
Research Interests:
Research Interests:
In this paper we analyze the use of different types of statistical tests for the correlation of anomaly detection alerts. We show that the Granger Causality Test, one of the few proposals that can be extended to the anomaly detection... more
In this paper we analyze the use of different types of statistical tests for the correlation of anomaly detection alerts. We show that the Granger Causality Test, one of the few proposals that can be extended to the anomaly detection domain, strongly depends on good choices of a parameter which proves to be both sensitive and difficult to estimate. We
Research Interests:
ABSTRACT With the continuous evolution of the types of attacks against computer networks, traditional intrusion detection systems, based on pattern matching and static signatures, are in-creasingly limited by their need of an up-to-date... more
ABSTRACT With the continuous evolution of the types of attacks against computer networks, traditional intrusion detection systems, based on pattern matching and static signatures, are in-creasingly limited by their need of an up-to-date and com-prehensive knowledge ...
Research Interests:
As the world witnesses what has been dubbed the Information Age, the need to investigate digital crimes, or to retrieve digital evidence to investigate real world crimes, grows exponentially. More and more often, computer scientists and... more
As the world witnesses what has been dubbed the Information Age, the need to investigate digital crimes, or to retrieve digital evidence to investigate real world crimes, grows exponentially. More and more often, computer scientists and engi-neers are called upon ...
Research Interests:
Research Interests:
I. INTRODUCTION One of the most daunting tasks in the operations and man-agement of large and complex networks today is ensuring their overall security. One of the key processes in the management of network security is the detection of... more
I. INTRODUCTION One of the most daunting tasks in the operations and man-agement of large and complex networks today is ensuring their overall security. One of the key processes in the management of network security is the detection of security incidents, followed by ...
Research Interests:
Abstract. The availability of reliable models of computer virus propa-gation would prove useful in a number of ways, in order both to predict future threats, and to develop new containment measures. In this paper, we review the most... more
Abstract. The availability of reliable models of computer virus propa-gation would prove useful in a number of ways, in order both to predict future threats, and to develop new containment measures. In this paper, we review the most popular models of virus propagation, ...
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
ABSTRACT URL shortening services facilitate the need of exchanging long URLs using limited space, by creating compact URL aliases that redirect users to the original URLs when followed. Some of these services show advertisements (ads) to... more
ABSTRACT URL shortening services facilitate the need of exchanging long URLs using limited space, by creating compact URL aliases that redirect users to the original URLs when followed. Some of these services show advertisements (ads) to link-clicking users and pay a commission of their advertising earnings to link-shortening users. In this paper, we investigate the ecosystem of these increasingly popular ad-based URL shortening services. Even though traditional URL shortening services have been thoroughly investigated in previous research, we argue that, due to the monetary incentives and the presence of third-party advertising networks, ad-based URL shortening services and their users are exposed to more hazards than traditional shortening services. By analyzing the services themselves, the advertisers involved, and their users, we uncover a series of issues that are actively exploited by malicious advertisers and endanger the users. Moreover, next to documenting the ongoing abuse, we suggest a series of defense mechanisms that services and users can adopt to protect themselves.
Research Interests:
... The attackers may encrypt it, or securely delete it from filesystems (this process is some-times called counter-forensics) with varying degrees of suc-cess [13, 12]. ... Catch me if you can.... ... Remembrance of data passed: a... more
... The attackers may encrypt it, or securely delete it from filesystems (this process is some-times called counter-forensics) with varying degrees of suc-cess [13, 12]. ... Catch me if you can.... ... Remembrance of data passed: a study of disk sanitization practices. ...
Research Interests:
Research Interests:
Phishers nowadays rely on a variety of channels, ranging from old-fashioned emails to instant messages, social networks, and the phone system (with both calls and text messages), with the goal of reaching more victims. As a consequence,... more
Phishers nowadays rely on a variety of channels, ranging from old-fashioned emails to instant messages, social networks, and the phone system (with both calls and text messages), with the goal of reaching more victims. As a consequence, modern phishing be-came a multi-...
P M Dipartimento di Elettronica e Informazione Piazza Leonardo da Vinci , I- Milano ... is thesis embraces all the efforts that I put during the last three years as a PhD student at Politecnico di Milano. I... more
P M Dipartimento di Elettronica e Informazione Piazza Leonardo da Vinci , I- Milano ... is thesis embraces all the efforts that I put during the last three years as a PhD student at Politecnico di Milano. I have been work-ing under the ...
In this paper we discuss the potential role of virtual environments in the analysis phase of computer forensics investigations. We argue that commercial closed source computer forensics software has certain limitations, and we propose a... more
In this paper we discuss the potential role of virtual environments in the analysis phase of computer forensics investigations. We argue that commercial closed source computer forensics software has certain limitations, and we propose a method which may lead to gradual shift to open source software (OSS). A brief overview of virtual environments and open source software tools is presented
Research Interests:
Research Interests:
ABSTRACT Modern vehicles are increasingly being interconnected with computer systems, which collect information both from vehicular sources and Internet services. Unfortunately, this creates a nonnegligible attack surface, which extends... more
ABSTRACT Modern vehicles are increasingly being interconnected with computer systems, which collect information both from vehicular sources and Internet services. Unfortunately, this creates a nonnegligible attack surface, which extends when vehicles are partly operated via smartphones. In this letter, a hierarchically distributed control system architecture which integrates a smartphone with classical embedded systems is presented, and an ad-hoc, end-to-end security layer is designed to demonstrate how a smartphone can interact securely with a modern vehicle without requiring modifications to the existing in-vehicle network. Experimental results demonstrate the effectiveness of the approach.
FLOSS (Free Libre Open Source Software) in computer forensics. It presents the motivations for using FLOSS applications as tools for collection, preservation and analysis of digital evidence in computer and network forensics. It also... more
FLOSS (Free Libre Open Source Software) in computer forensics. It presents the motivations for using FLOSS applications as tools for collection, preservation and analysis of digital evidence in computer and network forensics. It also covers, extensively, several forensic FLOSS ...
This paper summarizes the past, present and future lines of research in the systems security area pursued by the Performance Evaluation Lab (VPLab) of Politecnico di Milano. We describe our past research in the area of learning algorithms... more
This paper summarizes the past, present and future lines of research in the systems security area pursued by the Performance Evaluation Lab (VPLab) of Politecnico di Milano. We describe our past research in the area of learning algorithms applied to intrusion detection, our current work in the area of malware analysis, and our future research outlook, oriented to the cloud,
Research Interests:
... George Andrews, Evan Pugh Professor of Mathematics at The Pennsylvania State University ... Problems for Ordinary Differential Equations (Johnny Henderson) 2) The Topology of Continua ... Equation Problems with Applications (Tim... more
... George Andrews, Evan Pugh Professor of Mathematics at The Pennsylvania State University ... Problems for Ordinary Differential Equations (Johnny Henderson) 2) The Topology of Continua ... Equation Problems with Applications (Tim Sheng) 4) Mathematical Aspects of Spectral ...