Your search keyword '"Giovanni Vigna"' showing total 495 results

51. BootKeeper: Validating Software Integrity Properties on Boot Firmware Images.

Author

Ronny Chevalier, Stefano Cristalli, Christophe Hauser, Yan Shoshitaishvili, Ruoyu Wang 0001, Christopher Kruegel, Giovanni Vigna, Danilo Bruschi, and Andrea Lanzi

Published

2019

52. Toward the Analysis of Embedded Firmware through Automated Re-hosting.

Author

Eric Gustafson, Marius Muench, Chad Spensky, Nilo Redini, Aravind Machiry, Yanick Fratantonio, Davide Balzarotti, Aurélien Francillon, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna

Published

2019

53. When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features.

Author

Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna, and Christopher Kruegel

Published

2020

54. Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks.

Author

Wei Meng 0001, Chenxiong Qian, Shuang Hao 0001, Kevin Borgolte, Giovanni Vigna, Christopher Kruegel, and Wenke Lee

Published

2018

55. HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security.

Author

Moritz Eckert, Antonio Bianchi, Ruoyu Wang 0001, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna

Published

2018

56. Enumerating Active IPv6 Hosts for Large-Scale Security Scans via DNSSEC-Signed Reverse Zones.

Author

Kevin Borgolte, Shuang Hao 0001, Tobias Fiebig, and Giovanni Vigna

Published

2018

57. Detecting Deceptive Reviews Using Generative Adversarial Networks.

Author

Hojjat Aghakhani, Aravind Machiry, Shirin Nilizadeh, Christopher Kruegel, and Giovanni Vigna

Published

2018

58. GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM.

Author

Victor van der Veen, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, and Kaveh Razavi

Published

2018

59. Peer to Peer Hate: Hate Speech Instigators and Their Targets.

Author

Mai ElSherief, Shirin Nilizadeh, Dana Nguyen, Giovanni Vigna, and Elizabeth M. Belding

Published

2018

60. Using Loops For Malware Classification Resilient to Feature-unaware Perturbations.

Author

Aravind Machiry, Nilo Redini, Eric Gustafson, Yanick Fratantonio, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna

Published

2018

61. MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense.

Author

Radhesh Krishnan Konoth, Emanuele Vineti, Veelasha Moonsamy, Martina Lindorfer, Christopher Kruegel, Herbert Bos, and Giovanni Vigna

Published

2018

62. Measuring E-mail header injections on the world wide web.

Author

Sai Prashanth Chandramouli, Pierre-Marie Bajan, Christopher Kruegel, Giovanni Vigna, Ziming Zhao 0001, Adam Doupé, and Gail-Joon Ahn

Published

2018

63. In rDNS We Trust: Revisiting a Common Data-Source's Reliability.

Author

Tobias Fiebig, Kevin Borgolte, Shuang Hao 0001, Christopher Kruegel, Giovanni Vigna, and Anja Feldmann

Published

2018

64. DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers.

Author

Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, and Giovanni Vigna

Published

2017

65. BootStomp: On the Security of Bootloaders in Mobile Devices.

Author

Nilo Redini, Aravind Machiry, Dipanjan Das 0002, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna

Published

2017

66. Piston: Uncooperative Remote Runtime Patching.

Author

Christopher Salls, Yan Shoshitaishvili, Nick Stephens, Christopher Kruegel, and Giovanni Vigna

Published

2017

67. Exploitation and Mitigation of Authentication Schemes Based on Device-Public Information.

Author

Antonio Bianchi, Eric Gustafson, Yanick Fratantonio, Christopher Kruegel, and Giovanni Vigna

Published

2017

68. Gossip: Automatically Identifying Malicious Domains from Mailing List Discussions.

Author

Cheng Huang 0003, Shuang Hao 0001, Luca Invernizzi, Jiayong Liu, Yong Fang 0002, Christopher Kruegel, and Giovanni Vigna

Published

2017

69. Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance.

Author

Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang 0001, Christopher Kruegel, and Giovanni Vigna

Published

2017

70. POISED: Spotting Twitter Spam Off the Beaten Paths.

Author

Shirin Nilizadeh, Francois Labreche, Alireza Sedighian, Ali Zand, José M. Fernandez 0001, Christopher Kruegel, Gianluca Stringhini, and Giovanni Vigna

Published

2017

71. DIFUZE: Interface Aware Fuzzing for Kernel Drivers.

Author

Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao 0001, Christopher Kruegel, and Giovanni Vigna

Published

2017

72. Something from Nothing (There): Collecting Global IPv6 Datasets from DNS.

Author

Tobias Fiebig, Kevin Borgolte, Shuang Hao 0001, Christopher Kruegel, and Giovanni Vigna

Published

2017

73. How Shall We Play a Game?: A Game-theoretical Model for Cyber-warfare Games.

Author

Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang 0001, Christopher Kruegel, Giovanni Vigna, and David Brumley

Published

2017

74. PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary.

Author

Dokyung Song, Felicitas Hetzelt, Dipanjan Das 0002, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, and Michael Franz

Published

2019

75. SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis.

Author

Yan Shoshitaishvili, Ruoyu Wang 0001, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Krügel, and Giovanni Vigna

Published

2016

76. TriggerScope: Towards Detecting Logic Bombs in Android Applications.

Author

Yanick Fratantonio, Antonio Bianchi, William K. Robertson, Engin Kirda, Christopher Kruegel, and Giovanni Vigna

Published

2016

77. Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory.

Author

Marius Muench, Fabio Pagani, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna, and Davide Balzarotti

Published

2016

78. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms.

Author

Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida

Published

2016

79. Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates.

Author

Kevin Borgolte, Tobias Fiebig, Shuang Hao 0001, Christopher Kruegel, and Giovanni Vigna

Published

2018

80. Broken Fingers: On the Usage of the Fingerprint API in Android.

Author

Antonio Bianchi, Yanick Fratantonio, Aravind Machiry, Christopher Kruegel, Giovanni Vigna, Simon Pak Ho Chung, and Wenke Lee

Published

2018

81. Lightning Talk - Think Outside the Dataset: Finding Fraudulent Reviews using Cross-Dataset Analysis.

Author

Shirin Nilizadeh, Hojjat Aghakhani, Eric Gustafson, Christopher Kruegel, and Giovanni Vigna

Published

2019

82. Prison: Tracking Process Interactions to Contain Malware.

Author

Benjamin Caillat, Bob Gilbert, Richard A. Kemmerer, Christopher Kruegel, and Giovanni Vigna

Published

2015

83. CLAPP: characterizing loops in Android applications.

Author

Yanick Fratantonio, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, and Giovanni Vigna

Published

2015

84. EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services.

Author

Gianluca Stringhini, Pierre Mourlanne, Grégoire Jacob, Manuel Egele, Christopher Kruegel, and Giovanni Vigna

Published

2015

85. ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities.

Author

Michael Weissbacher, William K. Robertson, Engin Kirda, Christopher Kruegel, and Giovanni Vigna

Published

2015

86. Meerkat: Detecting Website Defacements through Image-based Object Recognition.

Author

Kevin Borgolte, Christopher Kruegel, and Giovanni Vigna

Published

2015

87. How the ELF Ruined Christmas.

Author

Alessandro Di Federico, Amat Cama, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna

Published

2015

88. What the App is That? Deception and Countermeasures in the Android User Interface.

Author

Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel, and Giovanni Vigna

Published

2015

89. On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users.

Author

Yanick Fratantonio, Antonio Bianchi, William K. Robertson, Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna

Published

2015

90. Know Your Achilles' Heel: Automatic Detection of Network Critical Services.

Author

Ali Zand, Amir Houmansadr, Giovanni Vigna, Richard A. Kemmerer, and Christopher Kruegel

Published

2015

91. BareDroid: Large-Scale Analysis of Android Apps on Real Devices.

Author

Simone Mutti, Yanick Fratantonio, Antonio Bianchi, Luca Invernizzi, Jacopo Corbetta, Dhilung Kirat, Christopher Kruegel, and Giovanni Vigna

Published

2015

92. Grab 'n Run: Secure and Practical Dynamic Code Loading for Android Applications.

Author

Luca Falsina, Yanick Fratantonio, Stefano Zanero, Christopher Kruegel, Giovanni Vigna, and Federico Maggi

Published

2015

93. Drops for Stuff: An Analysis of Reshipping Mule Scams.

Author

Shuang Hao 0001, Kevin Borgolte, Nick Nikiforakis, Gianluca Stringhini, Manuel Egele, Michael Eubanks, Brian Krebs, and Giovanni Vigna

Published

2015

94. NJAS: Sandboxing Unmodified Applications in non-rooted Devices Running stock Android.

Author

Antonio Bianchi, Yanick Fratantonio, Christopher Kruegel, and Giovanni Vigna

Published

2015

95. MalGene: Automatic Extraction of Malware Analysis Evasion Signature.

Author

Dhilung Kirat and Giovanni Vigna

Published

2015

96. DEEPCASE

Author

Thijs van Ede, Hojjat Aghakhani, Noah Spahn, Riccardo Bortolameotti, Marco Cova, Andrea Continella, Maarten van Steen, Andreas Peter, Christopher Kruegel, Giovanni Vigna, Digital Society Institute, and Services, Cybersecurity & Safety

Subjects

Cybersecurity

Abstract

Security monitoring systems detect potentially malicious activities in IT infrastructures, by either looking for known signatures or for anomalous behaviors. Security operators investigate these events to determine whether they pose a threat to their organization. In many cases, a single event may be insufficient to determine whether certain activity is indeed malicious. Therefore, a security operator frequently needs to correlate multiple events to identify if they pose a real threat. Unfortunately, the vast number of events that need to be correlated often overload security operators, forcing them to ignore some events and, thereby, potentially miss attacks. This work studies how to automatically correlate security events and, thus, automate parts of the security operator workload. We design and evaluate DEEPCASE, a system that leverages the context around events to determine which events require further inspection. This approach reduces the number of events that need to be inspected. In addition, the context provides valuable insights into why certain events are classified as malicious. We show that our approach automatically filters 86.72% of the events and reduces the manual workload of security operators by 90.53%, while underestimating the risk of potential threats in less than 0.001% of cases.

Published

2022

97. Keeping Up with the Emotets: Tracking a Multi-Infrastructure Botnet

Author

Oleg Boyarchuk, Sebastiano Mariani, Stefano Ortolani, and Giovanni Vigna

Subjects

Computer Networks and Communications, Hardware and Architecture, Safety Research, Software, Computer Science Applications, Information Systems

Abstract

Throughout its eight-year history, Emotet has caused substantial damage. This threat reappeared at the beginning of 2022 following a take-down by law enforcement in November 2021. Emotet is arguably one of the most notorious advanced persistent threats, causing substantial damage during its earlier phases and continuing to pose a danger to organizations everywhere. In this paper, we present a longitudinal study of several waves of Emotet-based attacks that we observed in VMware’s customer telemetry. By analyzing Emotet’s software development life cycle, we were able to dissect how it quickly changes its command and control (C2) infrastructure, obfuscates its configuration, adapts and tests its evasive execution chains, deploys different attack vectors at different stages, laterally propagates, and continues to evolve using numerous tactics and techniques.

Published

2023

98. Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis.

Author

Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, and Giovanni Vigna

Published

2017

99. Ramblr: Making Reassembly Great Again.

Author

Ruoyu Wang 0001, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, and Giovanni Vigna

Published

2017

100. BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments.

Author

Aravind Machiry, Eric Gustafson, Chad Spensky, Christopher Salls, Nick Stephens, Ruoyu Wang 0001, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna

Published

2017