-
Notifications
You must be signed in to change notification settings - Fork 1
/
journals.bib
338 lines (328 loc) · 20.1 KB
/
journals.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
@Article{ pogliani_article_2019,
author = {Pogliani, Marcello and Quarta, Davide and Polino, Mario and
Vittone, Martino and Maggi, Federico and Zanero, Stefano},
title = {Security of controlled manufacturing systems in the
connected factory: the case of industrial robots},
journal = {Journal of Computer Virology and Hacking Techniques},
abstract = {In modern factories, ``controlled'' manufacturing systems,
such as industrial robots, CNC machines, or 3D printers, are
often connected in a control network, together with a
plethora of heterogeneous control devices. Despite the
obvious advantages in terms of production and ease of
maintenance, this trend raises non-trivial cybersecurity
concerns. Often, the devices employed are not designed for an
interconnected world, but cannot be promptly replaced: In
fact, they have essentially become legacy systems, embodying
design patterns where components and networks are accounted
as trusted elements. In this paper, we take a holistic view
of the security issues (and challenges) that arise in
designing and securely deploying controlled manufacturing
systems, using industrial robots as a case study---indeed,
robots are the most representative instance of a complex
automatically controlled industrial device. Following up to
our previous experimental analysis, we take a broad look at
the deployment of industrial robots in a typical factory
network and at the security challenges that arise from the
interaction between operators and machines; then, we propose
actionable points to secure industrial cyber-physical
systems, and we discuss the limitations of the current
standards in industrial robotics to account for active
attackers.},
doi = {10.1007/s11416-019-00329-8},
issn = {2263-8733},
year = {2019},
month = {Feb},
day = {13},
file = {files/papers/journal-papers/pogliani_article_2019.pdf}
}
@Article{ continella_prometheus_article_2017,
shorttitle = {Prometheus},
author = {Continella, Andrea and Carminati, Michele and Polino, Mario
and Lanzi, Andrea and Zanero, Stefano and Maggi, Federico},
title = {Prometheus: Analyzing WebInject-based information stealers},
journal = {Journal of Computer Security},
number = {Preprint},
pages = {1--21},
abstract = {Nowadays Information stealers are reaching high levels of
sophistication. The number of families and variants observed
increased exponentially in the last years. Furthermore, these
trojans are sold on underground markets along with automatic
frameworks that include web-based administration panels,
builders and customization procedures. From a technical point
of view such malware is equipped with a functionality, called
WebInject, that exploits API hooking techniques to intercept
all sensitive data in a browser context and modify web pages
on infected hosts. In this paper we propose Prometheus, an
automatic system that is able to analyze trojans that base
their attack technique on DOM modifications. Prometheus is
able to identify the injection operations performed by
malware, and generate signatures based on the injection
behavior. Furthermore, it is able to extract the WebInject
targets by using memory forensic techniques. We evaluated
Prometheus against real-world, online websites and a dataset
of distinct variants of financial trojans. In our experiments
we show that our approach correctly recognizes known variants
of WebInject-based malware and successfully extracts the
WebInject targets. },
publisher = {IOS Press},
date = {2017-05-02},
file = {files/papers/journal-papers/continella_prometheus_article_2017.pdf}
}
@Article{ dalla-preda_aamo_article_2016,
shorttitle = {AAMO},
author = {Dalla Preda, Mila and Maggi, Federico},
title = {Testing android malware detectors against code obfuscation:
a systematization of knowledge and unified methodology},
journal = {Journal of Computer Virology and Hacking Techniques},
pages = {1--24},
abstract = {The authors of mobile-malware have started to leverage
program protection techniques to circumvent anti-viruses, or
simply hinder reverse engineering. In response to the
diffusion of anti-virus applications, several researches have
proposed a plethora of analyses and approaches to highlight
their limitations when malware authors employ
program-protection techniques. An important contribution of
this work is a systematization of the state of the art of
anti-virus apps, comparing the existing approaches and
providing a detailed analysis of their pros and cons. As a
result of our systematization, we notice the lack of openness
and reproducibility that, in our opinion, are crucial for any
analysis methodology. Following this observation, the second
contribution of this work is an open, reproducible, rigorous
methodology to assess the effectiveness of mobile anti-virus
tools against code-transformation attacks. Our unified
workflow, released in the form of an open-source prototype,
comprises a comprehensive set of obfuscation operators. It is
intended to be used by anti-virus developers and vendors to
test the resilience of their products against a large dataset
of malware samples and obfuscations, and to obtain insights
on how to improve their products with respect to particular
classes of code-transformation attacks.},
doi = {10.1007/s11416-016-0282-2},
issn = {2263-8733},
url = {http://dx.doi.org/10.1007/s11416-016-0282-2},
date = {2016-09-20},
file = {files/papers/journal-papers/dalla-preda_aamo_article_2016.pdf}
}
@Article{ valdi_andrototal_article_2015,
shorttitle = {AndroTotal},
author = {Valdi, Andrea and Lever, Eros and Benefico, Simone and
Quarta, Davide and Zanero, Stefano and Maggi, Federico},
title = {Scalable Testing of Mobile Antivirus Applications},
journaltitle = {Computer},
volume = {48},
number = {11},
pages = {60--68},
abstract = {AndroTotal, a scalable antivirus evaluation system for
mobile devices, creates reproducible, self-contained testing
environments for each antivirus application and malware pair
and stores them in a repository, benefiting both the research
community and Android device users.},
doi = {10.1109/MC.2015.320},
issn = {0018-9162},
date = {2015-11},
file = {files/papers/journal-papers/valdi_andrototal_article_2015.pdf}
}
@Article{ carminati_banksealer_article_2015,
shorttitle = {BankSealer},
author = {Carminati, Michele and Caron, Roberto and Maggi, Federico
and Epifani, Ilenia and Zanero, Stefano},
title = {BankSealer: A decision support system for online banking
fraud analysis and investigation},
journaltitle = {Computers \& Security},
abstract = {The significant growth of online banking frauds, fueled by
the underground economy of malware, raised the need for
effective fraud analysis systems. Unfortunately, almost all
of the existing approaches adopt black box models and
mechanisms that do not give any justifications to analysts.
Also, the development of such methods is stifled by limited
Internet banking data availability for the scientific
community. In this paper we describe BankSealer, a decision
support system for online banking fraud analysis and
investigation. During a training phase, BankSealer builds
easy-to-understand models for each customer's spending
habits, based on past transactions. First, it quantifies the
anomaly of each transaction with respect to the customer
historical profile. Second, it finds global clusters of
customers with similar spending habits. Third, it uses a
temporal threshold system that measures the anomaly of the
current spending pattern of each customer, with respect to
his or her past spending behavior. With this threefold
profiling approach, it mitigates the under-training due to
the lack of historical data for building well-trained
profiles, and the evolution of users' spending habits over
time. At runtime, BankSealer supports analysts by ranking new
transactions that deviate from the learned profiles, with an
output that has an easily understandable, immediate
statistical meaning.
Our evaluation on real data, based on fraud scenarios built
in collaboration with domain experts that replicate typical,
real-world attacks (e.g., credential stealing, banking trojan
activity, and frauds repeated over time), shows that our
approach correctly ranks complex frauds. In particular, we
measure the effectiveness, the computational resource
requirements and the capabilities of BankSealer to mitigate
the problem of users that performed a low number of
transactions. Our system ranks frauds and anomalies with up
to 98\% detection rate and with a maximum daily computation
time of 4~min. Given the good results, a leading Italian bank
deployed a version of BankSealer in their environment to
analyze frauds.},
doi = {10.1016/j.cose.2015.04.002},
issn = {0167-4048},
date = {2015-04},
url = {http://www.sciencedirect.com/science/article/pii/S0167404815000437},
shortjournal = {Computers \& Security},
file = {files/papers/journal-papers/carminati_banksealer_article_2015.pdf}
}
@Article{ nacci_mpower_article_2013,
shorttitle = {MPower},
author = {Nacci, Alessandro and Trov{\`o}, Francesco and Maggi,
Federico and Ferroni, Matteo and Cazzola, Andrea and Sciuto,
Donatella and Santambrogio, Marco},
title = {Adaptive and Flexible Smartphone Power Modeling},
journaltitle = {Mobile Networks and Applications},
pages = {1--10},
abstract = {Mobile devices have become the main interaction mean between
users and the surrounding environment. An indirect measure of
this trend is the increasing amount of security threats
against mobile devices, which in turn created a demand for
protection tools. Protection tools, unfortunately, add an
additional burden for the smartphone's battery power, which
is a precious resource. This observation motivates the need
for smarter (security) applications, designed and capable of
running within adaptive energy goals. Although this problem
affects other areas, in the security area this research
direction is referred to as "green security". In general, a
fundamental need to the researches toward creating
energy-aware applications, consist in having appropriate
power models that capture the full dynamic of devices and
users. This is not an easy task because of the highly dynamic
environment and usage habits. In practice, this goal requires
easy mechanisms to measure the power consumption and
approaches to create accurate models. The existing approaches
that tackle this problem are either not accurate or not
applicable in practice due to their limiting requirements. We
propose MPower, a power-sensing platform and adaptive power
modeling platform for Android mobile devices. The MPower
approach creates an adequate and precise knowledge base of
the power "behavior" of several different devices and users,
which allows us to create better device-centric power models
that considers the main hardware components and how they
contributed to the overall power consumption. In this paper
we consolidate our perspective work on MPower by providing
the implementation details and evaluation on 278 users and
about 22.5 million power-related data. Also, we explain how
MPower is useful in those scenarios where low-power,
unobtrusive, accurate power modeling is necessary (e.g.,
green security applications).},
doi = {10.1007/s11036-013-0470-y},
issn = {1383-469X},
date = {2013-10-01},
file = {files/papers/journal-papers/nacci_mpower_article_2013.pdf}
}
@Article{ dardanelli_cartox_article_2013,
shorttitle = {CarToX},
author = {Dardanelli, Andrea and Maggi, Federico and Tanelli, Mara and
Zanero, Stefano and Savaresi, Sergio M and Kochanek, Roman
and Holz, Thorsten},
title = {A Security Layer for Smartphone-to-Vehicle Communication
over Bluetooth},
journaltitle = {Embedded Systems Letters},
volume = {5},
number = {3},
pages = {34--37},
abstract = {Modern vehicles are increasingly being interconnected with
computer systems, which collect information both from
vehicular sources and Internet services. Unfortunately, this
creates a non negligible attack surface, which extends when
vehicles are partly operated via smartphones. In this letter,
a hierarchically distributed control system architecture
which integrates a smartphone with classical embedded systems
is presented, and an ad-hoc, end-to-end security layer is
designed to demonstrate how a smartphone can interact
securely with a modern vehicle without requiring
modifications to the existing in-vehicle network.
Experimental results demonstrate the effectiveness of the
approach.},
doi = {10.1109/LES.2013.2264594},
issn = {1943-0663},
date = {2013-06-21},
file = {files/papers/journal-papers/dardanelli_cartox_article_2013.pdf}
}
@Article{ maggi_fuzzyalertaggregation_article_2009,
shorttitle = {FuzzyAlertAggregation},
author = {Maggi, Federico and Matteucci, Matteo and Zanero, Stefano},
title = {Reducing false positives in anomaly detectors through fuzzy
alert aggregation},
journaltitle = {Information Fusion},
volume = {10},
number = {4},
pages = {300--311},
abstract = {In this paper we focus on the aggregation of IDS alerts, an
important component of the alert fusion process. We exploit
fuzzy measures and fuzzy sets to design simple and robust
alert aggregation algorithms. Exploiting fuzzy sets, we are
able to robustly state whether or not two alerts are ``close
in time'', dealing with noisy and delayed detections. A
performance metric for the evaluation of fusion systems is
also proposed. Finally, we evaluate the fusion method with
alert streams from anomaly-based IDS.},
doi = {10.1016/j.inffus.2009.01.004},
issn = {1566-2535},
date = {2009-10-01},
file = {files/papers/journal-papers/maggi_fuzzyalertaggregation_article_2009.pdf}
}
@Article{ maggi_syscallseq_article_2008,
shorttitle = {SyscallSeq},
author = {Maggi, Federico and Matteucci, Matteo and Zanero, Stefano},
title = {Detecting Intrusions through System Call Sequence and
Argument Analysis},
journaltitle = {IEEE Transactions on Dependable and Secure Computing
(TODS)},
volume = {7},
number = {4},
pages = {381--395},
abstract = {We describe an unsupervised host-based intrusion detection
system based on system calls arguments and sequences. We
define a set of anomaly detection models for the individual
parameters of the call. We then describe a clustering process
which helps to better fit models to system call arguments,
and creates inter-relations among different arguments of a
system call. Finally, we add a behavioral Markov model in
order to capture time correlations and abnormal behaviors.
The whole system needs no prior knowledge input; it has a
good signal to noise ratio, and it is also able to correctly
contextualize alarms, giving the user more information to
understand whether a true or false positive happened, and to
detect variations over the entire execution flow, as opposed
to punctual variations over individual instances.},
doi = {10.1109/TDSC.2008.69},
issn = {1545-5971},
date = {2008-11-17},
file = {files/papers/journal-papers/maggi_syscallseq_article_2008.pdf}
}
@Article{ maggi_antiforensics_article_2008,
shorttitle = {AntiForensics},
author = {Maggi, Federico and Zanero, Stefano and Iozzo, Vincenzo},
title = {Seeing the invisible: forensic uses of anomaly detection and
machine learning},
journaltitle = {Operating Systems Review of the ACM Special Interest Group
on Operating Systems (SIGOPS)},
volume = {42},
number = {3},
pages = {51--58},
abstract = {Anti-forensics is the practice of circumventing classical
forensics analysis procedures making them either unreliable
or impossible. In this paper we propose the use of machine
learning algorithms and anomaly detection to cope with a wide
class of definitive anti-forensics techniques. We test the
proposed system on a dataset we created through the
implementation of an innovative technique of anti-forensics,
and we show that our approach yields promising results in
terms of detection.},
doi = {10.1145/1368506.1368514},
issn = {0163-5980},
date = {2008-04-01},
file = {files/papers/journal-papers/maggi_antiforensics_article_2008.pdf}
}