Your search keyword '"Marchetti, Mirco"' showing total 13 results

1. Detection and Threat Prioritization of Pivoting Attacks in Large Networks

Author

Mirco Marchetti, Giovanni Apruzzese, Fabio Pierazzi, Michele Colajanni, APRUZZESE, GIOVANNI, Pierazzi, Fabio, Colajanni, Michele, and Marchetti, Mirco

Subjects

Computer science, Proposal, 0211 other engineering and technologies, Evasion (network security), Information System, 02 engineering and technology, Algorithm design and analysis, Detection algorithms, graph, island-hopping, lateral movement, Malware, Organizations, pivoting, Proposals, Protocols, Security, Computer Science (miscellaneous), Information Systems, Human-Computer Interaction, Computer Science Applications1707 Computer Vision and Pattern Recognition, Computer security, computer.software_genre, Set (abstract data type), Protocol, 0202 electrical engineering, electronic engineering, information engineering, Information system, Algorithm design and analysi, 021110 strategic, defence & security studies, Event (computing), Flow network, Computer Science Applications, Graph (abstract data type), 020201 artificial intelligence & image processing, Algorithm design, Detection algorithm, computer, Organization

Abstract

Several advanced cyber attacks adopt the technique of "pivoting" through which attackers create a command propagation tunnel through two or more hosts in order to reach their final target. Identifying such malicious activities is one of the most tough research problems because of several challenges: command propagation is a rare event that cannot be detected through signatures, the huge amount of internal communications facilitates attackers evasion, timely pivoting discovery is computationally demanding. This paper describes the first pivoting detection algorithm that is based on network flows analyses, does not rely on any a-priori assumption on protocols and hosts, and leverages an original problem formalization in terms of temporal graph analytics. We also introduce a prioritization algorithm that ranks the detected paths on the basis of a threat score thus letting security analysts investigate just the most suspicious pivoting tunnels. Feasibility and effectiveness of our proposal are assessed through a broad set of experiments that demonstrate its higher accuracy and performance against related algorithms.

Published

2020

2. A symmetric cryptographic scheme for data integrity verification in cloud databases

Author

Mirco Marchetti, Michele Colajanni, Luca Ferretti, Mauro Andreolini, Ferretti, Luca, Marchetti, Mirco, Andreolini, Mauro, and Colajanni, Michele

Subjects

Integrity, Information Systems and Management, Computer science, Cryptography, Cloud computing, 02 engineering and technology, computer.software_genre, Encryption, Theoretical Computer Science, Outsourcing, Database, Bloom filter, Artificial Intelligence, Data integrity, 0202 electrical engineering, electronic engineering, information engineering, Cloud database, Authentication, MAC, business.industry, Computer Science Applications1707 Computer Vision and Pattern Recognition, 020206 networking & telecommunications, Workload, Computer Science Applications, Cloud, Software, Control and Systems Engineering, 020201 artificial intelligence & image processing, business, computer

Abstract

Cloud database services represent a great opportunity for companies and organizations in terms of management and cost savings. However, outsourcing private data to external providers leads to risks of confidentiality and integrity violations. We propose an original solution based on encrypted Bloom filters that addresses the latter problem by allowing a cloud service user to detect unauthorized modifications to his outsourced data. Moreover, we propose an original analytical model that can be used to minimize storage and network overhead depending on the database structure and workload. We assess the effectiveness of the proposal as well as its performance improvements with respect to existing solutions by evaluating storage and network costs through micro-benchmarks and the TPC-C workload standard.

Published

2018

3. Analysis of high volumes of network traffic for Advanced Persistent Threat detection

Author

Michele Colajanni, Alessandro Guido, Mirco Marchetti, Fabio Pierazzi, MARCHETTI, Mirco, PIERAZZI, FABIO, COLAJANNI, Michele, and GUIDO, ALESSANDRO

Subjects

Advanced Persistent Threat, Data exfiltration, Focus (computing), Advanced persistent threat, Traffic analysis, Computer Networks and Communications, business.industry, Computer science, Rank (computer programming), 020206 networking & telecommunications, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Advanced Persistent Threats, Security analytics, Security analytic, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Traffic analysi, computer

Abstract

Advanced Persistent Threats (APTs) are the most critical menaces to modern organizations and the most challenging attacks to detect. They span over long periods of time, use encrypted connections and mimic normal behaviors in order to evade detection based on traditional defensive solutions. We propose an innovative approach that is able to analyze efficiently high volumes of network traffic to reveal weak signals related to data exfiltrations and other suspect APT activities. The final result is a ranking of the most suspicious internal hosts; this rank allows security specialists to focus their analyses on a small set of hosts out of the thousands of machines that typically characterize large organizations. Experimental evaluations in a network environment consisting of about 10K hosts show the feasibility and effectiveness of the proposed approach. Our proposal based on security analytics paves the way to novel forms of automatic defense aimed at early detection of APTs in large and continuously varying networked systems.

Published

2016

4. Verifiable Delegated Authorization for User-Centric Architectures and an OAuth2 Implementation

Author

Michele Colajanni, Mirco Marchetti, Luca Ferretti, Ferretti, Luca, Marchetti, Mirco, and Colajanni, Michele

Subjects

correctness, Delegate, Computer science, Cryptography, Cloud computing, Access control, 02 engineering and technology, computer.software_genre, Computer security, access control, authorization, cloud, identity, integrity, oauth, outsourcing, Software, Computer Science Applications1707 Computer Vision and Pattern Recognition, Server, 0202 electrical engineering, electronic engineering, information engineering, Web application, correctne, 020203 distributed computing, Revocation, business.industry, Authorization, 020201 artificial intelligence & image processing, Verifiable secret sharing, Web service, business, computer

Abstract

Delegated authorization protocols have become wide-spread to implement Web applications and services, where some popular providers managing people identity information and personal data allow their users to delegate third party Web services to access their data. In this paper, we analyze the risks related to untrusted providers not behaving correctly, and we solve this problem by proposing the first verifiable delegated authorization protocol that allows third party services to verify the correctness of users data returned by the provider. The contribution of the paper is twofold: we show how delegated authorization can be cryptographically enforced through authenticated data structures protocols, we extend the standard OAuth2 protocol by supporting efficient and verifiable delegated authorization including database updates and privileges revocation.

Published

2017

5. Exploratory security analytics for anomaly detection

Author

Michele Colajanni, Sara Casolari, Mirco Marchetti, Fabio Pierazzi, PIERAZZI, FABIO, CASOLARI, Sara, COLAJANNI, Michele, and MARCHETTI, Mirco

Subjects

Security analytics, General Computer Science, Computer science, Anomaly detection, Network alerts, Temporal characterization, Time series analysis, Computer Science, Time series analysi, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Data science, Work (electrical), 020204 information systems, Security analytic, 0202 electrical engineering, electronic engineering, information engineering, Network alert, Data mining, Law, computer

Abstract

The huge number of alerts generated by network-based defense systems prevents detailed manual inspections of security events. Existing proposals for automatic alerts analysis work well in relatively stable and homogeneous environments, but in modern networks, that are characterized by extremely complex and dynamic behaviors, understanding which approaches can be effective requires exploratory data analysis and descriptive modeling. We propose a novel framework for automatically investigating temporal trends and patterns of security alerts with the goal of understanding whether and which anomaly detection approaches can be adopted for identifying relevant security events. Several examples referring to a real large network show that, despite the high intrinsic dynamism of the system, the proposed framework is able to extract relevant descriptive statistics that allow to determine the effectiveness of popular anomaly detection approaches on different alerts groups.

Published

2016

6. Guaranteeing correctness of bulk operations in outsourced databases

Author

Mirco Marchetti, Luca Ferretti, Michele Colajanni, FERRETTI, LUCA, COLAJANNI, Michele, and MARCHETTI, Mirco

Subjects

Completeness, Integrity, Correctness, Computer science, BLS, Distributed computing, Hash function, Cloud computing, computer.software_genre, Signature, Outsourcing, Theoretical Computer Science, Database, Completene, Data integrity, Confidentiality, Accumulator, Aggregate, Authenticity, Bilinear map, Cloud, ECRH, Computer Science (all), business.industry, Collision, business, computer

Abstract

The adoption of public cloud services, as well as other data outsourcing solutions, raises concerns about confidentiality and integrity of information managed by a third party. By focusing on data integrity, we propose a novel protocol that allows cloud customers to verify the correctness of results produced by key-value databases. The protocol is designed for supporting efficient insertion and retrieval of large sets of data through bulk operations in read and append-only workloads. In these contexts, the proposed protocol improves state-of-the-art by reducing network overheads thanks to an original combination of aggregate bilinear map signatures and extractable collision resistant hash functions.

Published

2016

7. Evaluation of anomaly detection for in-vehicle networks through information-theoretic algorithms

Author

Michele Colajanni, Dario Stabili, Alessandro Guido, Mirco Marchetti, MARCHETTI, Mirco, Stabili, Dario, GUIDO, ALESSANDRO, and COLAJANNI, Michele

Subjects

050210 logistics & transportation, Engineering, cybersecurity, business.industry, 05 social sciences, Detector, 020206 networking & telecommunications, ComputerApplications_COMPUTERSINOTHERSYSTEMS, 02 engineering and technology, Information security, computer.software_genre, anomaly detection, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, In vehicle, Entropy (information theory), Anomaly detection, Data mining, automotive, business, entropy, Algorithm, computer

Abstract

This paper evaluates the effectiveness of information-theoretic anomaly detection algorithms applied to networks included in modern vehicles. In particular, we focus on providing an experimental evaluation of anomaly detectors based on entropy. Attacks to in-vehicle networks were simulated by injecting different classes of forged CAN messages in traces captured from a modern licensed vehicle. Experimental results show that if entropy-based anomaly detection is applied to all CAN messages it is only possible to detect attacks that comprise a high volume of forged CAN messages. On the other hand, attacks characterized by the injection of few forged CAN messages attacks can be detected only by applying several independent instances of the entropy based anomaly detector, one for each class of CAN messages.

Published

2016

8. Enforcing Correct Behavior without Trust in Cloud Key-Value Databases

Author

Luca Ferretti, Mirco Marchetti, Andrea Andreoli, Michele Colajanni, ANDREOLI, ANDREA, FERRETTI, LUCA, MARCHETTI, Mirco, and COLAJANNI, Michele

Subjects

Risk, Service (business), Correctness, Cloud computing security, Key-value database, Database, Computer science, business.industry, key-value database, Data security, trust, cloud services, integrity, Computer Networks and Communications, Safety, Risk, Reliability and Quality, Cloud computing, Service provider, computer.software_genre, Computer security, Computer Networks and Communication, Reliability and Quality, Cloud testing, cloud service, Safety, business, computer

Abstract

Traditional computation outsourcing and modern cloud computing are affected by a common risk of distrust between service requestor and service provider. We propose a novel protocol, named Probus, that offers guarantees of correct behavior to both parts without assuming any trust relationship between them in the context of cloud-based key-value databases. Probus allows a service requestor to have evidence of cloud provider misbehavior on its data, and a cloud provider to defend itself from false accusations by demonstrating the correctness of its operations. Accusation and defense proofs are based on cryptographic mechanisms that can be verified by a third party. Probus improves the state-of-the-art by introducing novel solutions that allow for efficient verification of data security properties and by limiting the overhead required to provide its security guarantees. Thanks to Probus it is possible to check the correctness of all the results generated by a cloud service, thus improving weaker integrity assurance based on probabilistic verifications that are adopted by related work.

Published

2015

9. A collaborative framework for intrusion detection in mobile networks

Author

Mauro Andreolini, Michele Colajanni, Mirco Marchetti, ANDREOLINI, Mauro, COLAJANNI, Michele, and MARCHETTI, Mirco

Subjects

Information Systems and Management, computer.internet_protocol, Computer science, Mobile computing, Evasion (network security), Intrusion detection system, Computer security, computer.software_genre, Theoretical Computer Science, Host-based intrusion detection system, NIDS state migration, Stateful firewall, Artificial Intelligence, Mobile IPv6, Mobile IPv4, business.industry, Computer Science Applications1707 Computer Vision and Pattern Recognition, IPv4, Computer Science Applications, WLAN, Mobile IP, Control and Systems Engineering, Mobility-based NIDS evasion, Network intrusion detection, Software, Intrusion prevention system, business, Mobile device, computer, Computer network

Abstract

Mobile devices are becoming the most popular way of connection, but protocols supporting mobility represent a serious source of concerns because their initial design did not enforce strong security. This paper introduces a novel class of stealth network attacks, called mobility-based evasion, where an attacker splits a malicious payload in such a way that no part can be recognized by existing defensive mechanisms including the most modern network intrusion detection systems operating in stateful mode. We propose an original cooperative framework for intrusion detection that can prevent mobility-based evasion. The viability and performance of the proposed solution is shown through a prototype applied to Mobile IPv4, Mobile IPv6 and WiFi protocols.

Published

2015

10. Efficient detection of unauthorized data modification in cloud databases

Author

Mirco Marchetti, Marcello Missiroli, Fabio Pierazzi, Luca Ferretti, Michele Colajanni, FERRETTI, LUCA, PIERAZZI, FABIO, COLAJANNI, Michele, MARCHETTI, Mirco, and MISSIROLI, MARCELLO

Subjects

cryptography, database management systems, Database, Computer science, business.industry, probability, cloud computing, Cloud computing, Cryptography, data structure, Computer security, computer.software_genre, Encryption, Outsourcing, software performance evaluation, data structures, cloud computing, cryptography, data structures, database management systems, probability, software performance evaluation, database management system, business, computer

Abstract

Cloud services represent an unprecedented opportunity, but their adoption is hindered by confidentiality and integrity issues related to the risks of outsourcing private data to cloud providers. This paper focuses on integrity and proposes an innovative solution that allows cloud tenants to detect unauthorized modifications to outsourced data while minimizing storage and network overheads. Our approach is based on encrypted Bloom filters, and is designed to allow efficient integrity verification for databases stored in the cloud. We assess the effectiveness of the proposal as well as its performance improvements with respect to existing solutions by evaluating storage and network costs.

Published

2014

11. Scalable architecture for multi-user encrypted SQL operations on cloud database services

Author

Luca Ferretti, Fabio Pierazzi, Michele Colajanni, Mirco Marchetti, FERRETTI, LUCA, PIERAZZI, FABIO, COLAJANNI, Michele, and MARCHETTI, Mirco

Subjects

Database Encryption, SQL, Computer Networks and Communications, Computer science, Cloud computing, Access control, Database encryption, computer.software_genre, Encryption, Cloud database, Key management, encryption, computer.programming_language, Authentication, Cloud computing security, Database, business.industry, Access Control, Authorization, Client-side encryption, Computer Science Applications, Metadata, Hardware and Architecture, Scalability, Access Control, Confidentiality, Database Encryption, encryption, The Internet, business, computer, Software, Confidentiality, Information Systems

Abstract

The success of the cloud database paradigm is strictly related to strong guarantees in terms of service availability, scalability and security, but also of data confidentiality. Any cloud provider assures the security and availability of its platform, while the implementation of scalable solutions to guarantee confidentiality of the information stored in cloud databases is an open problem left to the tenant. Existing solutions address some preliminary issues through SQL operations on encrypted data. We propose the first complete architecture that combines data encryption, key management, authentication and authorization solutions, and that addresses the issues related to typical threat scenarios for cloud database services. Formal models describe the proposed solutions for enforcing access control and for guaranteeing confidentiality of data and metadata. Experimental evaluations based on standard benchmarks and real Internet scenarios show that the proposed architecture satisfies also scalability and performance requirements.

Published

2014

12. Distributed, concurrent and independent access to encrypted cloud databases

Author

Michele Colajanni, Luca Ferretti, Mirco Marchetti, FERRETTI, LUCA, COLAJANNI, Michele, and MARCHETTI, Mirco

Subjects

Cloud computing security, Database, Distributed database, Computer science, business.industry, Distributed computing, Cloud computing, security, computer.software_genre, Elasticity (cloud computing), Computational Theory and Mathematics, Hardware and Architecture, data base, Server, Signal Processing, Scalability, Benchmark (computing), Cloud database, cloud, business, computer, Computer network

Abstract

Placing critical data in the hands of a cloud provider should come with the guarantee of security and availability for data at rest, in motion, and in use. Several alternatives exist for storage services, while data confidentiality solutions for the database as a service paradigm are still immature. We propose a novel architecture that integrates cloud database services with data confidentiality and the possibility of executing concurrent operations on encrypted data. This is the first solution supporting geographically distributed clients to connect directly to an encrypted cloud database, and to execute concurrent and independent operations including those modifying the database structure. The proposed architecture has the further advantage of eliminating intermediate proxies that limit the elasticity, availability, and scalability properties that are intrinsic in cloud-based solutions. The efficacy of the proposed architecture is evaluated through theoretical analyses and extensive experimental results based on a prototype implementation subject to the TPC-C standard benchmark for different numbers of clients and network latencies.

Published

2014

13. Countering Advanced Persistent Threats through Security Intelligence and Big Data Analytics

Author

Mirco Marchetti, Alessandro Guido, Fabio Pierazzi, Michele Colajanni, MARCHETTI, Mirco, PIERAZZI, FABIO, GUIDO, ALESSANDRO, and COLAJANNI, Michele

Subjects

Advanced Persistent Threat, 021110 strategic, defence & security studies, business.industry, Advanced Persistent Threats, big data analytics, security intelligence, social engineering, Social engineering (security), big data analytic, Big data, 0211 other engineering and technologies, Information technology, Early detection, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Multidisciplinary approach, Server, 0202 electrical engineering, electronic engineering, information engineering, business, computer

Abstract

Advanced Persistent Threats (APTs) represent the most challenging threats to the security and safety of the cyber landscape. APTs are human-driven attacks backed by complex strategies that combine multidisciplinary skills in information technology, intelligence, and psychology. Defending large organisations with tens of thousands of hosts requires similar multi-factor approaches. We propose a novel framework that combines different techniques based on big data analytics and security intelligence to support human analysts in prioritising the hosts that are most likely to be compromised. We show that the collection and integration of internal and external indicators represents a step forward with respect to the state of the art in the field of early detection and mitigation of APT activities.