Publications

Tobias Fiebig, Kevin Borgolte, Shuang Hao, Christopher Kruegel, and Giovanni Vigna Something From Nothing (There): Collecting Global IPv6 Datasets From DNS In Proceedings of the Passive and Active Measurement Conference. PAM. Sydney, Australia. March 2017
Download
Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, and Giovanni Vigna Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS). San Diego. February 2017
Download
Enrico Mariconti, Jeremiah Onaolapo, Syed Sharique Ahmad, Nicolas Nikiforou, Manuel Egele, Nick Nikiforakis, and Gianluca Stringhini What’s in a Name? Understanding Profile Name Reuse on Twitter In International World Wide Web Conference (WWW). Perth, Australia: ACM. February 2017
Download
Enrico Mariconti, Lucky Onwuzurike, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon Ross, and Gianluca Stringhini MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models In ISOC Network and Distributed Systems Security Symposiym (NDSS). San Diego, CA. 2017
Download
Enrico Mariconti, Jeremiah Onaolapo, Gordon Ross, and Gianluca Stringhini What’s your major threat? On the differences between the network behavior of targeted and commodity malware In International Workshop on Malware Analysis (WMA). Salzburg. 9–3, 2016
Download
Martin Lazarov, Jeremiah Onaolapo, and Gianluca Stringhini Honey Sheets: What Happens to Leaked Google Spreadsheets? In Proceedings of the 2016 USENIX Workshop on Cyber Security Experimentation and Test (CSET). Austin, TX: USENIX. 8, 2016
Download
Ingolf Becker, Alice Hutchings, Ruba Abu-Salma, Ross Anderson, Nicholas Bohm, Steven Murdoch, Angela Sasse, and Gianluca Stringhini International Comparison of Bank Fraud Reimbursement: Customer Perceptions and Contractual Terms In Workshop on the Economics of Information Security (WEIS). Berkeley. 6–13, 2016
Download
Enrico Mariconti, Jeremiah Onaolapo, Syed Sharique Ahmad, Nicolas Nikiforou, Manuel Egele, Nick Nikiforakis, and Gianluca Stringhini Why Allowing Profile Name Reuse Is A Bad Idea In European Workshop on System Security (EUROSEC). London: ACM. February 2016
Download
Steven J. Murdoch, Ingolf Becker, Ruba Abu-Salma, Ross Anderson, Nicholas Bohm, Alice Hutchings, M. Angela Sasse, and Gianluca Stringhini Are Payment Card Contracts Unfair? In Financial Cryptography and Data Security. Barbados: Springer. February 2016
Download
Alberto Coletta, Victor Van Der Veen, and Federico Maggi DroydSeuss: A Mobile Banking Trojan Tracker - Short Paper In Financial Cryptography and Data Security. Lecture Notes in Computer Science (LNCS). Springer Berlin Heidelberg. February 2016
Download
Daming Chen, Manuel Egele, Maverick Woo, and David Brumley Towards Fully Automated Dynamic Analysis for Embedded Firmware In Proceedings of the Network and Distributed System Security Symposium. San Diego, CA. February 2016
Jeremiah Onaolapo, Enrico Mariconti, and Gianluca Stringhini What Happens After You Are Pwnd: Understanding The Use of Stolen Webmail Credentials In The Wild In ACM SIGCOMM Internet Measurement Conference. Santa Monica: ACM. 2016
Download
Luca Falsina, Yanick Fratantonio, Stefano Zanero, Christopher Kruegel, Giovanni Vigna, and Federico Maggi Grab ’n Run: Secure and Practical Dynamic Code Loading for Android Applications In Proceedings of the 31st Annual Computer Security Applications Conference. ACSAC ’15. Los Angeles, USA: ACM. DOI: http://dx.doi.org/10.1145/2818000.2818042 December 2015
Download
Nicoló Andronio, Stefano Zanero, and Federico Maggi HelDroid: Dissecting and Detecting Mobile Ransomware In Herbert Bos, Fabian Monrose, & Gregory Blanc, eds. Proceedings of the 18th international conference on Research in Attacks, Intrusions, and Defenses. Lecture Notes in Computer Science. Springer International Publishing, 382–404. November 2015
Download
Andrea Valdi, Eros Lever, Simone Benefico, Davide Quarta, Stefano Zanero, and Federico Maggi Scalable Testing of Mobile Antivirus ApplicationsComputer 48, 11 (November 2015), 60–68. DOI: http://dx.doi.org/10.1109/MC.2015.320 November 2015
Download
Shuang Hao, Kevin Borgolte, Nick Nikiforakis, Gianluca Stringhini, Manuel Egele, Michael Eubanks, Brian Krebs, and Giovanni Vigna Drops for Stuff: An Analysis of Reshipping Mule Scams In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS. New York, NY, USA: ACM, 1081–1092. DOI: http://dx.doi.org/10.1145/2810103.2813620 October 2015
Download
Panagiotis Ilia, Iasonas Polakis, Elias Athanasopoulos, Federico Maggi, and Sotiris Ioannidis Face/Off: Preventing Privacy Leakage From Photos in Social Networks In Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security. CCS ’15. Denver, USA: ACM. October 12, 2015
Download
Gianluca Stringhini, Pierre Mourlanne, Gregoire Jacob, Manuel Egele, Christopher Kruegel, and Giovanni Vigna EvilCohort: Detecting Communities of Malicious Accounts on Online Services In Proceedings of the USENIX Security Symposium. Washington, D.C. August 2015
Download
Alessandro Di Federico, Amat Cama, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna How the ELF Ruined Christmas In 24th USENIX Security Symposium (USENIX Security 15). Washington, D.C.: USENIX Association, 643–658. August 2015
Download
Kevin Borgolte, Christopher Kruegel, and Giovanni Vigna Meerkat: Detecting Website Defacements through Image-based Object Recognition In Proceedings of the 24th USENIX Security Symposium. SEC. Washington, D.C., USA: USENIX Association. August 2015
Download
Yanick Fratantonio, Antonio Bianchi, William Robertson, Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users In Magnus Almgren, Vincenzo Gulisano, & Federico Maggi, eds. Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture Notes in Computer Science. Springer International Publishing, 282–303. July 9, 2015
Download
Mario Polino, Andrea Scorti, Federico Maggi, and Stefano Zanero Jackdaw: Towards Automatic Reverse Engineering of Large Datasets of Binaries In Magnus Almgren, Vincenzo Gulisano, & Federico Maggi, eds. Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture Notes in Computer Science. Springer International Publishing, 121–143. July 9, 2015
Download
Michele Carminati, Roberto Caron, Federico Maggi, Ilenia Epifani, and Stefano Zanero BankSealer: A decision support system for online banking fraud analysis and investigationComputers & Security (April 2015). DOI: http://dx.doi.org/10.1016/j.cose.2015.04.002 April 2015
Download
Yinzhi Cao, Yanick Fratantonio, Antonio Bianchi, Manuel Egele, Christopher Kruegel, Giovanni Vigna, and Yan Chen EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework In Proceedings of the Network and Distributed System Security Symposium. San Diego, CA. February 2015
Download
Antonio Bianchi, Yanick Fratantonio, Christopher Kruegel, and Giovanni Vigna NJAS: Sandboxing Unmodified Applications in Non-rooted Devices Running Stock Android In Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices. SPSM ’15. New York, NY, USA: ACM, 27–38. DOI: http://dx.doi.org/10.1145/2808117.2808122 2015
Download
Yanick Fratantonio, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, and Giovanni Vigna CLAPP: Characterizing Loops in Android Applications In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering. ESEC/FSE 2015. New York, NY, USA: ACM, 687–697. DOI: http://dx.doi.org/10.1145/2786805.2786873 2015
Download
Dhilung Kirat and Giovanni Vigna MalGene: Automatic Extraction of Malware Analysis Evasion Signature In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security. CCS ’15. New York, NY, USA: ACM, 769–780. DOI: http://dx.doi.org/10.1145/2810103.2813642 2015
Download
Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, and Moheeb Abu Rajab Ad Injection at Scale: Assessing Deceptive Advertisement Modifications In Proceedings of the IEEE Symposium on Security and Privacy. 2015
Download
Yanick Fratantonio, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, and Giovanni Vigna CLAPP: Characterizing Loops in Android Applications (Invited Talk) In Proceedings of the 3rd International Workshop on Software Development Lifecycle for Mobile. DeMobile 2015. New York, NY, USA: ACM, 33–34. DOI: http://dx.doi.org/10.1145/2804345.2804355 2015
Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel, and Giovanni Vigna What the App is That? Deception and Countermeasures in the Android User Interface In Proceedings of the 2015 IEEE Symposium on Security and Privacy. SSP 39;15. IEEE. 2015
Download
Iasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, and Angelos D. Keromytis Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. CCS ’14. New York, NY, USA: ACM, 501–512. DOI: http://dx.doi.org/10.1145/2660267.2660317 November 2014
Download
Iasonas Polakis, Federico Maggi, Stefano Zanero, and Angelos D. Keromytis Security and Privacy Measurements on Social Networks: Experiences and Lessons Learned In Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security. BADGERS’14. Wroclaw, Poland. September 2014
Download
Alessio Antonini, Federico Maggi, and Stefano Zanero A Practical Attack Against a KNX-based Building Automation System In Proceedings of the 2Nd International Symposium on ICS & SCADA Cyber Security Research 2014. ICS-CSR 2014. UK: BCS, 53–60. DOI: http://dx.doi.org/10.14236/ewic/ics-csr2014.7 September 2014
Download
Yinzhi Cao, Yan Shoshitaishvili, Kevin Borgolte, Christopher Kruegel, Giovanni Vigna, and Yan Chen Protecting Web Single Sign-on against Relying party Impersonation Attacks through a Bi-directional Secure Channel with Authentication In Proceedings of the 17th International Symposium on Research in Attacks, Intrusions and Defense. RAID. Gothenburg, Sweden: Springer. September 2014
Download
Jacopo Corbetta, Luca Invernizzi, Christopher Kruegel, and Giovanni Vigna Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection In Angelos Stavrou, Herbert Bos, & Georgios Portokalidis, eds. Research in Attacks, Intrusions and Defenses. Lecture Notes in Computer Science. Springer International Publishing, 130–149. September 17, 2014
Download
Manuel Egele, Maverick Woo, Peter Chapman, and David Brumley Blanket Execution: Dynamic Similarity Testing for Program Binaries and Components In Proceedings of the USENIX Security Symposium. San Diego, CA. August 2014
Download
Giovanni Vigna, Kevin Borgolte, Jacopo Corbetta, Adam Doupé, Yanick Fratantonio, Luca Invernizzi, Dhilung Kirat, and Yan Shoshitaishvili Ten Years of iCTF: The Good, The Bad, and The Ugly In Proceedings of the 1st USENIX Summit on Gaming, Games and Gamification in Security Education. 3GSE. San Diego, CA, USA: USENIX. August 2014
Download
Claudio Criscione, Fabio Bosatelli, Stefano Zanero, and Federico Maggi Zarathustra: Extracting WebInject Signatures from Banking Trojans In Proceedings of the Twelfth Annual International Conference on Privacy, Security and Trust (PST). Toronto, Canada: IEEE Computer Society, 139–148. DOI: http://dx.doi.org/10.1109/PST.2014.6890933 July 2014
Download
Martina Lindorfer, Stamatis Volanis, Alessandro Sisto, Matthias Neugschwandtner, Elias Athanasopoulos, Federico Maggi, Christian Platzer, Stefano Zanero, and Sotiris Ioannidis AndRadar: Fast Discovery of Android Applications in Alternative Markets In Sven Dietrich, ed. Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture Notes in Computer Science. Springer International Publishing, 51–71. DOI: http://dx.doi.org/10.1007/978-3-319-08509-8_4 July 2014
Download
Stefano Schiavoni, Federico Maggi, Lorenzo Cavallaro, and Stefano Zanero Phoenix: DGA-Based Botnet Tracking and Intelligence In Sven Dietrich, ed. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Lecture Notes in Computer Science. Springer International Publishing, 192–211. DOI: http://dx.doi.org/10.1007/978-3-319-08509-8_11 July 2014
Download
Giancarlo De Maio, Alexandros Kapravelos, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna PExy: The Other Side of Exploit Kits In Sven Dietrich, ed. Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture Notes in Computer Science. Springer International Publishing, 132–151. July 10, 2014
Download
Michele Carminati, Roberto Caron, Federico Maggi, Ilenia Epifani, and Stefano Zanero BankSealer: An Online Banking Fraud Analysis and Decision Support System In Nora Cuppens-Boulahia, Frédéric Cuppens, Sushil Jajodia, Anas Abou El Kalam, & Thierry Sans, eds. ICT Systems Security and Privacy Protection. IFIP Advances in Information and Communication Technology. Springer Berlin Heidelberg, 380–394. DOI: http://dx.doi.org/10.1007/978-3-642-55415-5_32 June 2, 2014
Download
Nick Nikiforakis, Federico Maggi, Gianluca Stringhini, M. Zubair Rafique, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna, and Stefano Zanero Stranger Danger: Exploring the Ecosystem of Ad-based URL Shortening Services In Proceedings of the 23rd International Conference on World Wide Web. WWW ’14. Seoul, Korea: International World Wide Web Conferences Steering Committee, 51–62. DOI: http://dx.doi.org/10.1145/2566486.2567983 April 2014
Download
Kevin Borgolte, Christopher Kruegel, and Giovanni Vigna Relevant Change Detection: A Framework for the Precise Extraction of Modified and Novel Web-based Content As a Filtering Technique for Analysis Engines In Proceedings of the 23rd International Conference on World Wide Web. WWW ’14 Companion. Seoul, South Korea: International World Wide Web Conferences Steering Committee, 595–598. DOI: http://dx.doi.org/10.1145/2567948.2578039 April 2014
Download
Michele Spagnuolo, Federico Maggi, and Stefano Zanero BitIodine: Extracting Intelligence from the Bitcoin Network In Financial Cryptography and Data Security. Lecture Notes in Computer Science (LNCS). Barbados: Springer Berlin Heidelberg, 457–468. DOI: http://dx.doi.org/10.1007/978-3-662-45472-5_29 March 3, 2014
Download
Luca Invernizzi, Stanislav Miskovic, Ruben Torres, Sabyaschi Saha, Sung-Ju Lee, Christopher Kruegel, and Giovanni Vigna Nazca: Detecting Malware Distribution in Large-Scale Networks In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 39;14). February 2014
Download
Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel, and Giovanni Vigna Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS). San Diego, CA. February 2014
Download
Yan Shoshitaishvili, Luca Invernizzi, Adam Doupé, and Giovanni Vigna Do you feel lucky?: a large-scale analysis of risk-rewards trade-offs in cyber security In Proceedings of the 29th Annual ACM Symposium on Applied Computing. ACM, 1649–1656. 2014
Download
Ali Zand, Giovanni Vigna, Richard A. Kemmerer, and Christopher Kruegel Rippler: Delay injection for service dependency detection In 2014 IEEE Conference on Computer Communications, INFOCOM 2014, Toronto, Canada, April 27 - May 2, 2014. 2157–2165. DOI: http://dx.doi.org/10.1109/INFOCOM.2014.6848158 2014
Download
Jane Iedemska, Gianluca Stringhini, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna The Tricks of the Trade: What Makes Spam Campaigns Successful? In Proceedings of the 2014 IEEE Security and Privacy Workshops. SPW ’14. Washington, DC, USA: IEEE Computer Society, 77–83. DOI: http://dx.doi.org/10.1109/SPW.2014.21 2014
Download
Martina Lindorfer, Matthias Neugschw, Lukas Weichselbaum, Yanick Fratantonio, Victor Van Der Veen, and Christian Platzer ANDRUBIS- 1,000,000 Apps Later: A View on Current Android Malware Behaviors In Proceedings of the International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). 2014
Download
Maria B. Line, Ali Zand, Gianluca Stringhini, and Richard Kemmerer Targeted Attacks Against Industrial Control Systems: Is the Power Industry Prepared? In Proceedings of the 2Nd Workshop on Smart Energy Grid Security. SEGS ’14. New York, NY, USA: ACM, 13–22. DOI: http://dx.doi.org/10.1145/2667190.2667192 2014
Download
Gianluca Stringhini, Oliver Hohlfeld, Christopher Kruegel, and Giovanni Vigna The Harvester, the Botmaster, and the Spammer: On the Relations Between the Different Actors in the Spam Landscape In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. ASIA CCS ’14. New York, NY, USA: ACM, 353–364. DOI: http://dx.doi.org/10.1145/2590296.2590302 2014
Download
Ali Zand, Giovanni Vigna, Xifeng Yan, and Christopher Kruegel Extracting Probable Command and Control Signatures for Detecting Botnets In Proceedings of the 29th Annual ACM Symposium on Applied Computing. SAC ’14. New York, NY, USA: ACM, 1657–1662. DOI: http://dx.doi.org/10.1145/2554850.2554896 2014
Download
Apostolis Zarras, Alexandros Kapravelos, Gianluca Stringhini, Thorsten Holz, Christopher Kruegel, and Giovanni Vigna The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements In Proceedings of the 2014 Conference on Internet Measurement Conference. IMC ’14. New York, NY, USA: ACM, 373–380. DOI: http://dx.doi.org/10.1145/2663716.2663719 2014
Download
Dhilung Kirat, Giovanni Vigna, and Christopher Kruegel Barecloud: Bare-metal Analysis-based Evasive Malware Detection In Proceedings of the 23rd USENIX Conference on Security Symposium. SEC’14. Berkeley, CA, USA: USENIX Association, 287–301. 2014
Download
Lukas Weichselbaum, Matthias Neugschwandtner, Martina Lindorfer, Yanick Fratantonio, Victor van der Veen, and Christian Platzer Andrubis: Android Malware Under the Magnifying Glass Vienna University of Technology. 2014
Download
Gabriele Bonetti, Marco Viglione, Alessandro Frossi, Federico Maggi, and Stefano Zanero A Comprehensive Black-box Methodology for Testing the Forensic Characteristics of Solid-state Drives In Proceedings of the 29th Annual Computer Security Applications Conference. ACSAC ’13. New York, NY, USA: ACM, 269–278. DOI: http://dx.doi.org/10.1145/2523649.2523660 December 2013
Download
Kevin Borgolte, Christopher Kruegel, and Giovanni Vigna Delta: Automatic Identification of Unknown Web-based Infection Campaigns In Proceedings of the 2013 ACM Conference on Computer and Communications Security. ACM Press, 109–120. DOI: http://dx.doi.org/10.1145/2508859.2516725 November 2013
Download
Adam Doupé and Janet L. Kayfetz Writing Groups in Computer Science Research Labs In Proceedings of the Frontiers in Education Conference (FIE). Oklahoma City, OK. October 2013
Download
Alessandro Nacci, Francesco Trovò, Federico Maggi, Matteo Ferroni, Andrea Cazzola, Donatella Sciuto, and Marco Santambrogio Adaptive and Flexible Smartphone Power ModelingMobile Networks and Applications (October 2013), 1–10. DOI: http://dx.doi.org/10.1007/s11036-013-0470-y October 1, 2013
Download
Andrea Dardanelli, Federico Maggi, Mara Tanelli, Stefano Zanero, Sergio M. Savaresi, Roman Kochanek, and Thorsten Holz A Security Layer for Smartphone-to-Vehicle Communication over BluetoothEmbedded Systems Letters 5, 3 (June 2013), 34–37. DOI: http://dx.doi.org/10.1109/LES.2013.2264594 June 21, 2013
Download
Federico Maggi, Alessandro Frossi, Stefano Zanero, Gianluca Stringhini, Brett Stone-Gross, Christopher Kruegel, and Vigna, Giovanni Two years of short URLs internet measurement: security threats and countermeasures In Proceedings of the 22nd international conference on World Wide Web (WWW). Republic and Canton of Geneva, Switzerland: International World Wide Web Conferences Steering Committee, 861–872. May 2013
Download
Adam Doupé, Weidong Cui, Mariusz H. Jakubowski, Marcus Peinado, Christopher Kruegel, and Giovanni Vigna deDacota: toward preventing server-side XSS via automatic code and data separation In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Berlin, Germany: ACM Press, 1205–1216. DOI: http://dx.doi.org/10.1145/2508859.2516708 2013
Download
Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna Shady paths: leveraging surfing crowds to detect malicious web pages In Proceedings of the ACM Conference on Computer and Communications Security (CCS). ACM Press, 133–144. DOI: http://dx.doi.org/10.1145/2508859.2516682 2013
Download
Gianluca Stringhini, Gang Wang, Manuel Egele, Christopher Kruegel, Giovanni Vigna, Haitao Zheng, and Ben Y. Zhao Follow the Green: Growth and Dynamics in Twitter Follower Markets In Proceedings of the 2013 Conference on Internet Measurement Conference. IMC ’13. New York, NY, USA: ACM, 163–176. DOI: http://dx.doi.org/10.1145/2504730.2504731 2013
Download
Manuel Egele, Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna COMPA: Detecting Compromised Accounts on Social Networks. In Proceedings of the Network and Distributed System Security Symposium. San Diego, CA. 2013
Download
Alexandros Kapravelos, Yan Shoshitaishvili, Marco Cova, Christopher Kruegel, and Giovanni Vigna Revolver: An Automated Approach to the Detection of Evasive Web-based Malware. In USENIX Security. 637–652. 2013
Download
Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna Cookieless monster: Exploring the ecosystem of web-based device fingerprinting In Proceedings of the IEEE Symposium on Security and Privacy. S. Francisco, CA: IEEE, 541–555. 2013
Download
Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna Steal This Movie - Automatically Bypassing DRM Protection in Streaming Media Services In Proceedings of the 22Nd USENIX Conference on Security. SEC’13. Berkeley, CA, USA: USENIX Association, 687–702. 2013
Download
Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel An Empirical Study of Cryptographic Misuse in Android Applications In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. CCS ’13. New York, NY, USA: ACM, 73–84. DOI: http://dx.doi.org/10.1145/2508859.2516693 2013
Download
Luca Invernizzi, Christopher Kruegel, and Giovanni Vigna Message in a Bottle: Sailing Past Censorship In Proceedings of the 29th Annual Computer Security Applications Conference. ACSAC ’13. New York, NY, USA: ACM, 39–48. DOI: http://dx.doi.org/10.1145/2523649.2523654 2013
Download
Dhilung Kirat, Lakshmanan Nataraj, Giovanni Vigna, and B.S. Manjunath SigMal: A Static Signal Processing Based Malware Triage In Proceedings of the 29th Annual Computer Security Applications Conference. ACSAC ’13. New York, NY, USA: ACM, 89–98. DOI: http://dx.doi.org/10.1145/2523649.2523682 2013
Download
Brett Stone-Gross, Ryan Abman, Richard A. Kemmerer, Christopher Kruegel, Douglas G. Steigerwald, and Giovanni Vigna The underground economy of fake antivirus software In Economics of Information Security and Privacy III. Springer, 55–78. 2013
Download
Federico Maggi, Andrea Valdi, and Stefano Zanero AndroTotal: A Flexible, Scalable Toolbox and Service for Testing Mobile Malware Detectors In Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices. SPSM ’13. New York, NY, USA: ACM, 49–54. DOI: http://dx.doi.org/10.1145/2516760.2516768 2013
Download
Martina Lindorfer, Alessandro Di Federico, Federico Maggi, Paolo Milani Comparetti, and Stefano Zanero Lines of Malicious Code: Insights Into the Malicious Software Industry In Proceedings of the Annual Computer Security Applications Conference (ACSAC). New York, NY, USA: ACM, 349–358. DOI: http://dx.doi.org/10.1145/2420950.2421001 December 3, 2012
Download
Jason Polakis, Marco Lancini, Georgios Kontaxis, Federico Maggi, Sotiris Ioannidis, Angelos Keromytis, and Stefano Zanero All Your Face Are Belong to Us: Breaking Facebook’s Social Authentication In Proceedings of the Annual Computer Security Applications Conference (ACSAC). New York, NY, USA: ACM, 399–408. DOI: http://dx.doi.org/10.1145/2420950.2421008 December 3, 2012
Download
Gianluca Stringhini, Manuel Egele, Christopher Kruegel, and Giovanni Vigna Poultry Markets: On the Underground Economy of Twitter FollowersSIGCOMM Comput. Commun. Rev. 42, 4 (September 2012), 527–532. DOI: http://dx.doi.org/10.1145/2377677.2377781 September 2012
Adam Doupé, Ludovico Cavedon, Christopher Kruegel, and Giovanni Vigna Enemy of the State: A State-Aware Black-Box Vulnerability Scanner In Proceedings of the USENIX Security Symposium (USENIX). Bellevue, WA. August 2012
Manuel Egele, Andreas Moser, Christopher Kruegel, and Engin Kirda PoX: Protecting Users from Malicious Facebook ApplicationsComputer Communications 35, 12 (July 2012), 1507–1515. DOI: http://dx.doi.org/10.1016/j.comcom.2012.04.016 July 2012
Federico Maggi and Stefano Zanero Integrated Detection of Anomalous Behavior of Computer Infrastructures In Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS). IEEE, 866–871. DOI: http://dx.doi.org/10.1109/NOMS.2012.6212001 April 16, 2012
Download
Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel A Survey on Automated Dynamic Malware Analysis Techniques and ToolsACM Computing Surveys 44, 2 (March 2012), 6:1–6:42. DOI: http://dx.doi.org/10.1145/2089125.2089126 March 2012
Download
Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger, and Ahmad-Reza Sadeghi MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones In Proceedings of the Network and Distributed System Security Symposium. San Diego, CA. February 2012
Download
Davide Canali, Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, and Engin Kirda A quantitative study of accuracy in system call-based malware detection In Proceedings of the 2012 International Symposium on Software Testing and Analysis. Minneapolis, UNITED STATES: ACM, 122–132. DOI: http://dx.doi.org/http://dx.doi.org/10.1145/2338965.2336768 2012
Download
Luca Invernizzi, Paolo Milani Comparetti, Stefano Benvenuti, Christopher Kruegel, M. Cova, and Giovanni Vigna Evilseed: A guided approach to finding malicious web pages In Security and Privacy (SP), 2012 IEEE Symposium on. San Francisco, CA, USA: IEEE, 428–442. 2012
Download
Gianluca Stringhini, Manuel Egele, Apostolis Zarras, Thorsten Holz, Christopher Kruegel, and Giovanni Vigna B@bel: Leveraging Email Delivery for Spam Mitigation. In USENIX Security Symposium. Bellevue, WA, 16–32. 2012
Download
Gianluca Stringhini, Manuel Egele, Christopher Kruegel, and Giovanni Vigna Poultry markets: on the underground economy of twitter followers In Proceedings of the 2012 ACM workshop on Workshop on online social networks. ACM, 1–6. 2012
Download
Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna You are what you include: large-scale evaluation of remote javascript inclusions In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 736–747. 2012
Download
Bianchi A, Shoshitaishvili Y, Kruegel C, and Vigna G Blacksheep: Detecting Compromised Hosts in Homogeneous Crowds In Conference on Computer and Communications Security (CCS). ACM. 2012
Download
Federico Maggi, Andrea Bellini, Guido Salvaneschi, and Stefano Zanero Finding Non-trivial Malware Naming Inconsistencies In Proceedings of the 7th International Conference on Information Systems Security (ICISS). Lecture Notes in Computer Science. Springer-Verlag, 144–159. DOI: http://dx.doi.org/10.1007/978-3-642-25560-1_10 December 15, 2011
Download
Federico Maggi, Alberto Volpatto, Simone Gasparini, Giacomo Boracchi, and Stefano Zanero A Fast Eavesdropping Attack Against Touchscreens In Proceedings of the 7th International Conference on Information Assurance and Security (IAS). 320–325. DOI: http://dx.doi.org/10.1109/ISIAS.2011.6122840 December 5, 2011
Download
Adam Doupé, Bryce Boe, Christopher Kruegel, and Giovanni Vigna Fear the EAR: discovering and mitigating execution after redirect vulnerabilities In ACM, 251–262. DOI: http://dx.doi.org/10.1145/2046707.2046736 10–17, 2011
Download
Federico Maggi, Alberto Volpatto, Simone Gasparini, Giacomo Boracchi, and Stefano Zanero POSTER: Fast, Automatic iPhone Shoulder Surfing In Proceedings of the 18th Conference on Computer and Communication Security (CCS). ACM. DOI: http://dx.doi.org/10.1145/2093476.2093498 October 1, 2011
Download
Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Ralf Hund, Stefan Nürnberger, Ahmad-Reza Sadeghi, and Thorsten Holz CFI Goes Mobile: Control-Flow Integrity for Smartphones In International Workshop on Trustworthy Embedded Devices. Leuven, Belgium. September 2011
Greg Banks, Aristide Fattori, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna MISHIMA: Multilateration of Internet Hosts Hidden Using Malicious Fast-Flux Agents (Short Paper) In Springer Berlin Heidelberg, 184–193. DOI: http://dx.doi.org/10.1007/978-3-642-22424-9_11 July 7, 2011
Download
Federico Maggi and Stefano Zanero System Security research at Politecnico di Milano In Proceedings of the 1st SysSec Workshop (SysSec). IEEE Computer Society. DOI: http://dx.doi.org/10.1109/SysSec.2011.30 July 6, 2011
Download
Martin Szydlowski, Manuel Egele, Christopher Kruegel, and Giovanni Vigna Challenges for Dynamic Analysis of iOS Applications In iNetSec Open Research Problems in Network Security. Luzerne, Switzerland. June 2011
Francesco Roveta, Luca Di Mario, Federico Maggi, Giorgio Caviglia, Stefano Zanero, and Paolo Ciuccarelli BURN: Baring Unknown Rogue Networks In Proceedings of the 8th International Symposium on Visualization for Cyber Security (VizSec). New York, NY, USA: ACM, 6:1–6:10. DOI: http://dx.doi.org/10.1145/2016904.2016910 June 20, 2011
Download
Federico Maggi and Stefano Zanero Is the future Web more insecure? Distractions and solutions of new-old security issues and measures In Proceedings of the Worldwide Cybersecurity Summit. EWI, 1–9. June 1, 2011
Download
Brett Stone-Gross, Marco Cova, Christopher Kruegel, and Giovanni Vigna Peering Through the iFrame In Proceedings of the International Conference on Computer Communications (INFOCOM). Shanghai, China. April 2011
Federico Maggi, Alessandro Sisto, and Stefano Zanero A social-engineering-centric data collection initiative to study phishing In Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). New York, NY, USA: ACM, 107–108. DOI: http://dx.doi.org/10.1145/1978672.1978687 April 10, 2011
Download
Manuel Egele, Andreas Moser, Christopher Kruegel, and Engin Kirda PoX: Protecting Users from Malicious Facebook Applications In IEEE International Workshop on SEcurity and SOCial Networking. Seattle, WA. March 2011
D. Canali, M. Cova, C. Kruegel, and G. Vigna Prophiler: A Fast Filter for the Large-Scale Detection of Malicious Web Pages In Proceedings of the World Wide Web Conference (WWW). Hiderabad, India. March 2011
Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna PiOS: Detecting Privacy Leaks in iOS Applications In Proceedings of the Network and Distributed System Security Symposium. San Diego, CA. February 2011
Manuel Egele, Clemens Kolbitsch, and Christian Platzer Removing web spam links from search engine resultsJournal in Computer Virology 7, 1 (February 2011), 51–62. DOI: http://dx.doi.org/http://dx.doi.org/10.1007/s11416-009-0132-6 February 2011
M. Egele, C. Kruegel, E. Kirda, and G. Vigna PiOS: Detecting Privacy Leaks in iOS Applications In Proceedings of the Network and Distributed System Security Symposium (NDSS). San Diego, CA. February 2011
Yanick Fratantonio, Christopher Kruegel, and Giovanni Vigna Shellzer: a tool for the dynamic analysis of malicious shellcode In Proceedings of the Symposium on Recent Advances in Intrusion Detection (RAID). S. Francisco, CA: Springer, 61–80. 2011
Download
Casey Cipriano, Ali Zand, Amir Houmansadr, Christopher Kruegel, and Giovanni Vigna Nexat: A history-based approach to predict attacker actions In Proceedings of the 27th Annual Computer Security Applications Conference. Orlando, FL: ACM, 383–392. 2011
Download
Bob Gilbert, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Dymo: tracking dynamic code identity In Recent Advances in Intrusion Detection. Menlo Park, CA: Springer, 21–40. 2011
Download
Dhilung Kirat, Giovanni Vigna, and Christopher Kruegel BareBox: efficient malware analysis on bare-metal In Proceedings of the 27th Annual Computer Security Applications Conference. Orlando, FL: ACM, 403–412. 2011
Download
Adam Doupé, Manuel Egele, Benjamin Caillat, Gianluca Stringhini, Gorkem Yakin, Ali Zand, Ludovico Cavedon, and Giovanni Vigna Hit ’Em Where It Hurts: A Live Security Exercise on Cyber Situational Awareness In Proceedings of the 27th Annual Computer Security Applications Conference. ACSAC ’11. New York, NY, USA: ACM, 51–61. DOI: http://dx.doi.org/10.1145/2076732.2076740 2011
Download
B. Stone-Gross, Marco Cova, Bob Gilbert, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Analysis of a Botnet TakeoverIEEE Security Privacy 9, 1 (January 2011), 64–72. DOI: http://dx.doi.org/10.1109/MSP.2010.144 January 2011
Download
Alexandros Kapravelos, Marco Cova, Christopher Kruegel, and Giovanni Vigna Escape from Monkey Island: Evading High-interaction Honeyclients In Proceedings of the 8th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA’11. Berlin, Heidelberg: Springer-Verlag, 124–143. 2011
Download
Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, and Giovanni Vigna The Underground Economy of Spam: A Botmaster’s Perspective of Coordinating Large-scale Spam Campaigns In Proceedings of the 4th USENIX Conference on Large-scale Exploits and Emergent Threats. LEET’11. Berkeley, CA, USA: USENIX Association, 4–4. 2011
Gianluca Stringhini, Thorsten Holz, Brett Stone-Gross, Christopher Kruegel, and Giovanni Vigna BOTMAGNIFIER: Locating Spambots on the Internet In Proceedings of the 20th USENIX Conference on Security. SEC’11. Berkeley, CA, USA: USENIX Association, 28–28. 2011
Brett Stone-Gross, Ryan Stevens, Apostolis Zarras, Richard Kemmerer, Chris Kruegel, and Giovanni Vigna Understanding Fraudulent Activities in Online Ad Exchanges In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference. IMC ’11. New York, NY, USA: ACM, 279–294. DOI: http://dx.doi.org/10.1145/2068816.2068843 2011
G. Vigna Network Intrusion Detection: Dead or Alive? In Proceedings of the Annual Computer Security Applications Conference (ACSAC). Austin, TX. December 2010
Alberto Volpatto, Federico Maggi, and Stefano Zanero Effective Multimodel Anomaly Detection Using Cooperative Negotiation In Proceedings of the Decision and Game Theory for Security (GameSec). Lecture Notes in Computer Science. Springer Berlin/Heidelberg, 180–191. DOI: http://dx.doi.org/10.1007/978-3-642-17197-0_12 November 22, 2010
Download
V. Felmetsger, L. Cavedon, C. Kruegel, and G. Vigna Toward Automated Detection of Logic Vulnerabilities in Web Applications In Proceedings of the USENIX Security Symposium. Washington, DC. August 2010
Nicholas Childers, Bryce Boe, Lorenzo Cavallaro, Ludovico Cavedon, Marco Cova, Manuel Egele, and Giovanni Vigna Organizing large scale hacking competitions In Proceedings of the International Conference on Detection of Intrusions and Malware & Vulnerability Assessment. Bonn, Germany. July 2010
Download
A. Doup&39;e, M. Cova, and G. Vigna Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA). Bonn, Germany. July 2010
Federico Maggi Are the Con Artists Back? A Preliminary Analysis of Modern Phone Frauds In Proceedings of the International Conference on Computer and Information Technology (CIT). IEEE Computer Society, 824–831. DOI: http://dx.doi.org/10.1109/CIT.2010.156 June 29, 2010
Download
Federico Maggi A Recognizer of Rational Trace Languages In Proceedings of the International Conference on Computer and Information Technology (CIT). IEEE Computer Society, 257–264. DOI: http://dx.doi.org/10.1109/CIT.2010.77 June 2010
Download
Marco Cova, Christopher Kruegel, and Giovanni Vigna Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code In Proceedings of the World Wide Web Conference (WWW). Raleigh, NC. April 2010
Manuel Egele, Leyla Bilge, Engin Kirda, and Christopher Kruegel CAPTCHA smuggling: Hijacking web browsing sessions to create CAPTCHA farms In Proceedings of the ACM Symposium on Applied Computing. Sierre, Switzerland. March 2010
L. Cavedon, C. Kruegel, and G. Vigna Are BGP Routers Open To Attack? An Experiment In Proceedings of the iNetSec Conference. Sophia, Bulgaria. March 2010
William Robertson, Federico Maggi, Christopher Kruegel, and Giovanni Vigna Effective Anomaly Detection with Scarce Training Data In Proceedings of the Network and Distributed System Security Symposium (NDSS). The Internet Society. DOI: http://dx.doi.org/10.1.1.183.3323 March 1, 2010
Download
Davide Balzarotti, Marco Cova, Christoph Karlberger, Christopher Kruegel, Engin Kirda, and Giovanni Vigna Efficient Detection of Split Personalities in Malware In Proceedings of the Network and Distributed System Security Symposium (NDSS). San Diego, CA. February 2010
Marco Balduzzi, Manuel Egele, Engin Kirda, Davide Balzarotti, and Christopher Kruegel A solution for the automated detection of clickjacking attacks In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. ACM, 135–144. 2010
Download
Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna Detecting Spammers on Social Networks In Proceedings of the 26th Annual Computer Security Applications Conference. ACSAC ’10. New York, NY, USA: ACM, 1–9. DOI: http://dx.doi.org/10.1145/1920261.1920263 2010
Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, and Engin Kirda AccessMiner: using system-centric models for malware protection In ACM Conference on Computer and Communications Security. 399–412. 2010
Clemens Kolbitsch, Thorsten Holz, Christopher Kruegel, and Engin Kirda Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries In IEEE Symposium on Security and Privacy. 29–44. 2010
Gilbert Wondracek, Thorsten Holz, Engin Kirda, and Christopher Kruegel A Practical Attack to De-anonymize Social Network Users In IEEE Symposium on Security and Privacy. 223–238. 2010
Download
Paolo Milani Comparetti, Guido Salvaneschi, Engin Kirda, Clemens Kolbitsch, Christopher Kruegel, and Stefano Zanero Identifying Dormant Functionality in Malware Programs In IEEE Symposium on Security and Privacy. 61–76. 2010
Ulrich Bayer, Engin Kirda, and Christopher Kruegel Improving the efficiency of dynamic malware analysis In SAC. 1871–1878. 2010
Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide Balzarotti, and Christopher Kruegel Abusing Social Networks for Automated User Profiling In RAID. 422–441. 2010
Brett Stone-Gross, Andy Moser, Christopher Kruegel, Engin Kirda, and Kevin Almeroth FIRE: FInding Rogue nEtworks In Proceedings of the Annual Computer Security Applications Conference (ACSAC). Honolulu, HI. December 2009
Sean Ford, Marco Cova, Christopher Kruegel, and Giovanni Vigna Analyzing and Detecting Malicious Flash Advertisements In Proceedings of the Annual Computer Security Applications Conference (ACSAC). Honolulu, HI. December 2009
Brett Stone-Gross, Marco Cova, Bob Gilbert, Lorenzo Cavallaro, Martin Szydlowski, Christopher Kruegel, Giovanni Vigna, and Richard Kemmerer Your Botnet is My Botnet: Analysis of a Botnet Takeover In Proceedings of the Computer and Communications Security Conference (CCS). Chicago, IL. November 2009
Claudio Criscione, Federico Maggi, Guido Salvaneschi, and Stefano Zanero Integrated Detection of Attacks Against Browsers, Web Applications and Databases In Proceedings of the European Conference on Network Defense (EC2ND). IEEE Computer Society. DOI: http://dx.doi.org/10.1109/EC2ND.2009.13 November 9, 2009
Download
Federico Maggi, Matteo Matteucci, and Stefano Zanero Reducing false positives in anomaly detectors through fuzzy alert aggregationInformation Fusion 10, 4 (October 2009), 300–311. DOI: http://dx.doi.org/10.1016/j.inffus.2009.01.004 October 1, 2009
Download
Andreas Stamminger, Christopher Kruegel, Giovanni Vigna, and Engin Kirda Automated Spyware Collection and Analysis In Proceedings of the Information Security Conference (ISC). Pisa, Italy. September 2009
Federico Maggi, William Robertson, Christopher Kruegel, and Giovanni Vigna Protecting a Moving Target: Addressing Web Application Concept Drift In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID). DOI: http://dx.doi.org/10.1007/978-3-642-04342-0_2 September 23, 2009
Download
W. Robertson and G. Vigna Static Enforcement of Web Application Integrity Through Strong Typing In Proceedings of the USENIX Security Symposium. Montreal, Canada. August 2009
Manuel Egele, Peter Wurzinger, Christopher Kruegel, and Engin Kirda Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks In Proceedings of the International Conference on Detection of Intrusions and Malware & Vulnerability Assessment. Milan, Italy. July 2009
Alessandro Frossi, Federico Maggi, Gian∼Luigi Rizzo, and Stefano Zanero Selecting and Improving System Call Models for Anomaly Detection In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). DOI: http://dx.doi.org/10.1007/978-3-642-02918-9_13 July 9, 2009
Download
Manuel Egele, Christopher Kruegel, and Engin Kirda Removing web spam links from search engine results In European Institute for Computer Antivirus Research Conference. Berlin, Germany. May 2009
Manuel Egele, Engin Kirda, and Christopher Kruegel Mitigating Drive-by Download Attacks: Challenges and Open Problems In iNetSec Open Research Problems in Network Security. Zurich, Switzerland. April 2009
Giovanni Vigna, Fredrik Valeur, Davide Balzarotti, William Robertson, Christopher Kruegel, and Engin Kirda Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queriesJournal of Computer Security 17, 3 (2009), 305–329. 2009
Download
Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel, and Engin Kirda Automatically Generating Models for Botnet Detection In Proceedings of the 14th European Conference on Research in Computer Security. ESORICS’09. Berlin, Heidelberg: Springer-Verlag, 232–249. 2009
Download
Engin Kirda, Nenad Jovanovic, Christopher Kruegel, and Giovanni Vigna Client-Side Cross-Site Scripting ProtectionComputers & Security 28, 7 (2009), "592–604" 2009
Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiaoyong Zhou, and XiaoFeng Wang Effective and efficient malware detection at the end host In Proceedings of the 18th conference on USENIX security symposium. USENIX Association, 351–366. 2009
L. Foschini, A. Thapliyal, L. Cavallaro, C. Kruegel, and G. Vigna A Parallel Architecture for Stateful, High-Speed Intrusion Detection In Proceedings of the International Conference on Information Systems Security (ICISS). Hyderabad, India: Springer, 203–220. December 2008
Federico Maggi, Matteo Matteucci, and Stefano Zanero Detecting Intrusions through System Call Sequence and Argument AnalysisIEEE Transactions on Dependable and Secure Computing (TODS) 7, 4 (November 2008), 381–395. DOI: http://dx.doi.org/10.1109/TDSC.2008.69 November 17, 2008
Download
M. Cova, C. Kruegel, and G. Vigna There is No Free Phish: An Analysis of ``Free39;39; and Live Phishing Kits In Proceedings of the USENIX Workshop On Offensive Technologies (WOOT). San Jose, CA. August 2008
Brett Stone-Gross, David Sigal, Rob Cohn, John Morse, Kevin Almeroth, and Christopher Kruegel VeriKey: A Dynamic Certificate Verification System for Public Key Exchanges In Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Paris, France. July 2008
D. Balzarotti, G. Banks, M. Cova, V. Felmetsger, R. Kemmerer, W. Robertson, F. Valeur, and G. Vigna Are Your Votes Really Counted? Testing the Security of Real-world Electronic Voting Systems In Proceedings of he International Symposium on Software Testing and Analysis (ISSTA). Seattle, WA. July 2008
D. Balzarotti, M. Cova, and G. Vigna ClearShot: Eavesdropping on Keyboard Input from Video In Proceedings of the IEEE Symposium on Security and Privacy. Oakland, CA. May 2008
D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications In Proceedings of the IEEE Symposium on Security and Privacy. Oakland, CA. May 2008
Brett Stone-Gross, Christo Wilson, Kevin Almeroth, Elizabeth Belding, Heather Zheng, and Konstantina Papagiannaki Malware in IEEE 802.11 Wireless Networks In Proceedings of the Passive and Active Measurement Conference (PAM). Cleveland, OH. April 2008
Federico Maggi, Stefano Zanero, and Vincenzo Iozzo Seeing the invisible: forensic uses of anomaly detection and machine learningOperating Systems Review of the ACM Special Interest Group on Operating Systems (SIGOPS) 42, 3 (April 2008), 51–58. DOI: http://dx.doi.org/10.1145/1368506.1368514 April 1, 2008
Download
P. McDaniel, M. Blaze, and G. Vigna EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing (December 2007). December 2007
C. Kruegel, D. Balzarotti, W. Robertson, and G. Vigna Improving Signature Testing Through Dynamic Data Flow Analysis In Proceedings of the Annual Computer Security Applications Conference (ACSAC). Miami, FL, 53–63. December 2007
M. Van Gundy, H. Chen, Z. Su, and G. Vigna Feature Omission Vulnerabilities: Thwarting Signature Generation for Polymorphic Worms In Proceedings of the Annual Computer Security Applications Conference (ACSAC). Miami, FL, 74–83. December 2007
Heng Yin, Dawn Xiaodong Song, Manuel Egele, Christopher Kruegel, and Engin Kirda Panorama: Capturing system-wide information flow for malware detection and analysis In Proceedings of the ACM Conference on Computer and Communications Security. Alexandria, VA. October 2007
Download
D. Balzarotti, M. Cova, V. Felmetsger, and G. Vigna Multi-Module Vulnerability Analysis of Web-based Applications In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Alexandria, VA, 25–35. October 2007
P. Klinkoff, E. Kirda, C. Kruegel, and G. Vigna Extending .NET Security to Unmanaged CodeInternational Journal of Information Security 6, 6 (October 2007), 417–428. October 2007
D. Mutz, W. Robertson, G. Vigna, and R. Kemmerer Exploiting Execution Context for the Detection of Anomalous System Calls In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID). Gold Coast, Australia, 1–20. September 2007
M. Cova, D. Balzarotti, V. Felmetsger, and G. Vigna Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID). Gold Coast, Australia, 63–86. September 2007
Federico Maggi and Stefano Zanero On the Use of Different Statistical Tests for Alert Correlation - Short Paper In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID). 167–177. DOI: http://dx.doi.org/10.1007/978-3-540-74320-0_9 September 5, 2007
Download
M. Van Gundy, D. Balzarotti, and G. Vigna Catch Me, If You Can: Evading Network Signatures with Web-based Polymorphic Worms In Proceedings of the First USENIX Workshop on Offensive Technologies (WOOT). Boston, MA. August 2007
G. Vigna, R. Kemmerer, D. Balzarotti, G. Banks, M. Cova, V. Felmetsger, W. Robertson, and F. Valeur Security Evaluation of the Sequoia Voting System (July 2007). July 2007
Manuel Egele, Christopher Kruegel, Engin Kirda, Heng Yin, and Dawn Xiaodong Song Dynamic Spyware Analysis In Proceedings of the USENIX Annual Technical Conference. Santa Clara, CA. June 2007
A. Carzaniga, G.P. Picco, and G. Vigna Is Code Still Moving Around? Looking Back at a Decade of Code Mobility In Proceedings of the International Conference on Software Engineering (ICSE). 9–20. May 2007
Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In Proceeding of the Network and Distributed System Security Symposium (NDSS). San Diego, CA. 2007
Download Download
M. Cova, V. Felmetsger, and G. Vigna Vulnerability Analysis of Web Applications In L. Baresi & E. Dinitto, eds. Testing and Analysis of Web Services. Springer. 2007
G. Vigna Malware Detection In M. Christodorescu, S. Jha, D. Maughan, D. Song, & C. Wang, eds. Advances in Information Security. Springer. 2007
C. Mulliner and G. Vigna Vulnerability Analysis of MMS User Agents In Proceedings of the Annual Computer Security Applications Conference (ACSAC). Miami, FL. December 2006
M. Cova, V. Felmetsger, G. Banks, and G. Vigna Static Detection of Vulnerabilities in x86 Executables In Proceedings of the Annual Computer Security Applications Conference (ACSAC). Miami, FL. December 2006
André Årnes, Paul Haas, Giovanni Vigna, and Richard A. Kemmerer Using a virtual security testbed for digital forensic reconstructionJ Comput Virol 2, 4 (December 2006), 275–289. DOI: http://dx.doi.org/10.1007/s11416-006-0033-x December 21, 2006
Download
E. Kirda, C. Kruegel, G. Banks, G. Vigna, and R. Kemmerer Behavior-based Spyware Detection In Proceedings of the USENIX Security Symposium. Vancouver, Canada. August 2006
Manuel Egele, Martin Szydlowski, Engin Kirda, and Christopher Kruegel Using Static Program Analysis to Aid Intrusion Detection In Proceedings of the International Conference on Detection of Intrusions and Malware & Vulnerability Assessment. Berlin, Germany. July 2006
André Arnes, Fredrik Valeur, Giovanni Vigna, and Richard A. Kemmerer Using Hidden Markov Models to Evaluate the Risks of Intrusions: System Architecture and Model Validation In Recent Advances in Intrusion Detection. Springer, 145–164. 2006
Download
Manuel Egele Behavior-Based Spyware Detection Using Dynamic Taint Analysis. mastersthesis. Austria: Vienna University of Technology. 2006
C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna Polymorphic Worm Detection Using Structural Information of Executables In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID). LNCS. Seattle, WA: Springer-Verlag, 207–226. September 2005
Christopher Kruegel, Giovanni Vigna, and William Robertson A Multi-model Approach to the Detection of Web-based AttacksComput. Netw. 48, 5 (August 2005), 717–738. DOI: http://dx.doi.org/10.1016/j.comnet.2005.01.009 August 2005
Download
C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna Automating Mimicry Attacks Using Static Binary Analysis In Proceedings of the USENIX Security Symposium. Baltimore, MD. August 2005
O. Hallaraker and G. Vigna Detecting Malicious JavaScript Code in Mozilla In Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS). Shanghai, China, 85–94. June 2005
V. Felmetsger and G. Vigna Exploiting OS-level Mechanisms to Implement Mobile Code Security In Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS). Shanghai, China. June 2005
C. Kruegel, D. Mutz, W. Robertson, G. Vigna, and R. Kemmerer Reverse Engineering of Network Signatures In Proceedings of the AusCERT Asia Pacific Information Technology Security Conference. Gold Coast, Australia. May 2005
Fredrik Valeur, Darren Mutz, and Giovanni Vigna A Learning-based Approach to the Detection of SQL Attacks In Proceedings of the Second International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA’05. Berlin, Heidelberg: Springer-Verlag, 123–140. DOI: http://dx.doi.org/10.1007/115068818 2005
Download
R.A. Kemmerer and G. Vigna Sensor Families for Intrusion Detection Infrastructures In V. Kumar, J. Srivastava, & A. Lazarevic, eds. Managing Cyber Threats: Issues, Approaches and Challenges. Massive Computing. Springer-Verlag. 2005
C. Kruegel, F. Valeur, and G. Vigna Intrusion Detection and Correlation: Challenges and Solutions Springer. 2005
J. Zhou and G. Vigna Detecting Attacks That Exploit Application-Logic Errors Through Application-Level Auditing In Proceedings of the Annual Computer Security Applications Conference (ACSAC). Tucson, AZ, 168–178. December 2004
Download
G. Vigna, S. Gwalani, K. Srinivasan, E. Belding-Royer, and R. Kemmerer An Intrusion Detection Tool for AODV-based Ad Hoc Wireless Networks In Proceedings of the Annual Computer Security Applications Conference (ACSAC). Tucson, AZ, 16–27. December 2004
C. Kruegel, W. Robertson, and G. Vigna Detecting Kernel-Level Rootkits Through Binary Analysis In Proceedings of the Annual Computer Security Applications Conference (ACSAC). Tucson, AZ, 91–100. December 2004
G. Vigna, W. Robertson, and D. Balzarotti Testing Network-based Intrusion Detection Signatures Using Mutant Exploits In Proceedings of the ACM Conference on Computer and Communication Security (ACM CCS). Washington, DC, 21–30. October 2004
C. Kruegel, W. Robertson, F. Valeur, and G. Vigna Static Disassembly of Obfuscated Binaries In Proceedings of USENIX Security 2004. San Diego, CA, 255–270. August 2004
Fredrik Valeur, Giovanni Vigna, Christopher Kruegel, and Richard A. Kemmerer A Comprehensive Approach to Intrusion Detection Alert CorrelationIEEE Trans. Dependable Secur. Comput. 1, 3 (July 2004), 146–169. DOI: http://dx.doi.org/10.1109/TDSC.2004.21 July 2004
Download
G. Vigna Mobile Agents: Ten Reasons For Failure In Proceedings of the IEEE International Conference on Mobile Data Management (MDM 39;04). Berkeley, CA, 298–299. January 2004
G. Vigna, W. Robertson, V. Kher, and R.A. Kemmerer A Stateful Intrusion Detection System for World-Wide Web Servers In Proceedings of the Annual Computer Security Applications Conference (ACSAC 2003). Las Vegas, NV, 34–43. December 2003
D. Mutz, G. Vigna, and R.A. Kemmerer An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems In Proceedings of the 2003 Annual Computer Security Applications Conference (ACSAC 39;03). Las Vegas, Nevada, 374–383. December 2003
C. Kruegel and G. Vigna Anomaly Detection of Web-based Attacks In Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS 39;03). Washington, DC: ACM Press, 251–261. October 2003
C. Kruegel, D. Mutz, F. Valeur, and G. Vigna On the Detection of Anomalous System Call Arguments In Proceedings of the 8th European Symposium on Research in Computer Security (ESORICS 39;03). LNCS. Gjovik, Norway: Springer-Verlag, 326–343. October 2003
G. Vigna A Topological Characterization of TCP/IP Security In Proceedings of the 12th International Symposium of Formal Methods Europe (FME 39;03). LNCS. Pisa, Italy: Springer-Verlag, 914–940. September 2003
G. Vigna, F. Valeur, and R.A. Kemmerer Designing and Implementing a Family of Intrusion Detection Systems In Proceedings of the European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2003). Helsinki, Finland, 88–97. September 2003
S. Soman, C. Krintz, and G. Vigna Detecting Malicious Java Code Using Virtual Machine Auditing In V. Paxson, ed. Proceedings of 12th USENIX Security Symposium. Washington, DC: USENIX, 153–167. August 2003
G. Vigna Teaching Network Security Through Live Exercises In C. Irvine & H. Armstrong, eds. Proceedings of the Third Annual World Conference on Information Security Education (WISE 3). Monterey, CA: Kluwer Academic Publishers, 3–18. June 2003
G. Vigna Teaching Hands-On Network Security: Testbeds and Live ExercisesJournal of Information Warfare 3, 2 (2003), 8–25. 2003
G. Vigna, F. Valeur, J. Zhou, and R.A. Kemmerer Composable Tools For Network Discovery and Security Analysis In Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC 39;02). Las Vegas, NV: IEEE Press, 14–24. December 2002
G. Vigna and A. Mitchell Mnemosyne: Designing and Implementing Network Short-Term Memory In Proceedings of the 8th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS 39;02). Greenbelt, MD: IEEE Press, 91–100. December 2002
V. Mittal and G. Vigna Sensor-Based Intrusion Detection for Intra-Domain Distance-Vector Routing In R. Sandhu, ed. Proceedings of the ACM Conference on Computer and Communication Security (CCS 39;02). Washington, DC: ACM Press, 127–137. November 2002
G. Vigna, B. Cassell, and D. Fayram An Intrusion Detection System for Aglets In N. Suri, ed. Proceedings of the 6th International Conference on Mobile Agents (MA 39;02). LNCS. Barcelona, Spain: Springer-Verlag, 64–77. October 2002
C. Kruegel, F. Valeur, G. Vigna, and R.A. Kemmerer Stateful Intrusion Detection for High-Speed Networks In Proceedings of the IEEE Symposium on Security and Privacy. Oakland, CA: IEEE Press, 285–293. May 2002
R.A. Kemmerer and G. Vigna Intrusion Detection: A Brief History and OverviewIEEE Computer (April 2002), 27–30. April 2002
S.T. Eckmann, G. Vigna, and R.A. Kemmerer STATL: An Attack Language for State-based Intrusion DetectionJournal of Computer Security 10, 1/2 (2002), 71–104. 2002
S. Fischmeister, G. Vigna, and R.A. Kemmerer Evaluating the Security Of Three Java-Based Mobile Agent Systems In G. P. Picco, ed. Proceedings of the 5th International Conference on Mobile Agents (MA 39;01). LNCS. Atlanta, GA: Springer-Verlag, 31–41. December 2001
G. Vigna, R.A. Kemmerer, and P. Blix Designing a Web of Highly-Configurable Intrusion Detection Sensors In W. Lee, L. Mè, & A. Wespi, eds. Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001). LNCS. Davis, CA: Springer-Verlag, 69–84. October 2001
A. Orso, M.J. Harrold, and G. Vigna MASSA: Mobile Agents Security through Static/Dynamic Analysis In Proceedings of the First ICSE Workshop on Software Engineering and Mobility (WSEM 2001). Toronto, Canada. April 2001
A.L.M. dos Santos, G. Vigna, and R.A. Kemmerer Security Testing of an Online Banking Service In A. Ghosh, ed. E-Commerce Security and Privacy. Advances in Information Security. Kluwer Academic Publishers, 3–15. 2001
A.L.M. dos Santos, G. Vigna, and R.A. Kemmerer Security Testing of the Online Banking Service of a Large International Bank In Proceedings of the First ACM Workshop on Security and Privacy in E-Commerce (WSPEC 2000). Athens, Greece, 1–13. November 2000
G. Vigna, S.T. Eckmann, and R.A. Kemmerer Attack Languages In Proceedings of the 3rd IEEE Information Survivability Workshop (ISW 2000). Boston, MA, 163–166. October 2000
G. Vigna, S.T. Eckmann, and R.A. Kemmerer The STAT Tool Suite In Proceedings of DISCEX 2000. Hilton Head, SC: IEEE Press, 46–55. January 2000
G. Vigna and R.A. Kemmerer NetSTAT: A Network-based Intrusion Detection SystemJournal of Computer Security 7, 1 (1999), 37–71. 1999
G. Vigna and R.A. Kemmerer NetSTAT: A Network-based Intrusion Detection Approach In Proceedings of the 14th Annual Computer Security Applications Conference (ACSAC 39;98). Scottsdale, AZ: IEEE Press, 25–34. December 1998
C. Ghezzi and G. Vigna Software Engineering Issues in Network Computing In M. Broy & B. Rumpe, eds. Requirements Targeting Software and Systems Engineering. LNCS. Springer-Verlag, 101–123. August 1998
Giovanni Vigna and Leonardo Bonomi A Model-Centered Electronic Commerce Middleware In Proceedings of the International IFIP Working Conference on Trends in Electronic Commerce (TrEC). Hamburg, Germany. June 1998
G. Vigna Cryptographic Traces for Mobile Agents In Mobile Agents and Security. LNCS State-of-the-Art Survey. Springer-Verlag, 137–153. June 1998
G. Vigna ed. Mobile Agents and Security Springer-Verlag. June 1998