@inproceedings{su2024keylog,
title = {{Remote Keylogging Attacks in Multi-user VR Applications}},
author = {Su, Zihao and Cai, Kunlin and Beeler, Reuben and Dresel, Lukas and Garcia, Allan and Grishchenko, Ilya and Tian, Yuan and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
month = {August},
year = {2024}
}
@inproceedings{DeSilva2024GuideEnricher,
title = {{GuideEnricher: Protecting the Anonymity of Ethereum Mixing Service Users with Deep Reinforcement Learning}},
author = {Silva, Ravindu De and Guo, Wenbo and Ruaro, Nicola and Grishchenko, Ilya and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
address = {Philadelphia, PA},
isbn = {978-1-939133-44-1},
pages = {3549--3566},
publisher = {USENIX Association},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/de-silva}
}
@inproceedings{DePasquale2024ChainReactor,
title = {{ChainReactor: Automated Privilege Escalation Chain Discovery via AI Planning}},
author = {Pasquale, Giulio De and Grishchenko, Ilya and Iesari, Riccardo and Pizarro, Gabriel and Cavallaro, Lorenzo and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/de-pasquale}
}
@inproceedings{mclaughlin2024slippage,
title = {{The Power of Default: Measuring the Effect of Slippage Tolerance in Decentralized Exchanges}},
author = {Chemaya, Nir and Liu, Dingyue and McLaughlin, Robert and Ruaro, Nicola, and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Financial Cryptography and Data Security},
month = {March},
year = {2024}
}
@inproceedings{ruaro24crush,
title = {{Not your Type! Detecting Storage Collision Vulnerabilities in Ethereum Smart Contracts}},
author = {Ruaro, Nicola and Gritti, Fabio and McLaughlin, Robert and Grishchenko, Ilya and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Network and Distributed Systems Security (NDSS) Symposium 2024},
month = {February},
year = {2024}
}
@inproceedings{spahn_cohp_23,
title = {{Container Orchestration Honeypot: Observing Attacks in the Wild}},
author = {Spahn, Noah and Hanke, Nils and Holz, Thorsten and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {26th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 23)},
series = {RAID '23},
month = {October},
year = {2023},
address = {New York, NY, USA},
doi = {10.1145/3607199.3607205},
isbn = {9798400707650},
keywords = {containers, honeypot, Kubernetes, vulnerability, Docker},
pages = {381--396},
publisher = {Association for Computing Machinery},
url = {https://doi.org/10.1145/3607199.3607205}
}
@inproceedings{gritti23confusum,
title = {{Confusum Contractum: Confused Deputy Vulnerabilities in Ethereum Smart Contracts}},
author = {Gritti, Fabio and Ruaro, Nicola and McLaughlin, Robert and Bose, Priyanka and Das, Dipanjan and Grischenko, Ilya and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {32nd USENIX Security Symposium (USENIX Security 23)},
month = {August},
year = {2023}
}
@inproceedings{fleischer_actor_23,
title = {{ACTOR: Action-Guided Kernel Fuzzing}},
author = {Fleischer, Marius and Das, Dipanjan and Bose, Priyanka and Bai, Weiheng and Lu, Kangjie and Payer, Mathias and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {32nd USENIX Security Symposium (USENIX Security 23)},
month = {August},
year = {2023}
}
@inproceedings{mclaughlin2023arbi,
title = {{A Large Scale Study of the Ethereum Arbitrage Ecosystem}},
author = {McLaughlin, Robert and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {32nd USENIX Security Symposium (USENIX Security 23)},
month = {August},
year = {2023},
address = {Anaheim, CA},
isbn = {978-1-939133-37-3},
pages = {3295--3312},
publisher = {USENIX Association},
url = {https://www.usenix.org/conference/usenixsecurity23/presentation/mclaughlin}
}
@inproceedings{pletinckx_ctl_23,
title = {{Certifiably Vulnerable: Using Certificate Transparency Logs for Target Reconnaissance}},
author = {Pletinckx, Stijn and Nguyen, Thanh-Dat and Fiebig, Tobias and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {In Proceedings of the IEEE European Symposium on Security \& Privacy (EuroS\&P)},
month = {July},
year = {2023}
}
@inproceedings{ruaro22symbexcel,
title = {{SYMBEXCEL: Automated Analysis and Understanding of Malicious Excel 4.0 Macros}},
author = {Ruaro, Nicola and Pagani, Fabio and Ortolani, Stefano and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {2022 IEEE Symposium on Security and Privacy (SP)},
month = {May},
year = {2022},
organization = {IEEE},
pages = {1066--1081}
}
@inproceedings{Bose2023Columbus,
title = {{Columbus: Android App Testing through Systematic Callback Exploration}},
author = {Bose, Priyanka and Das, Dipanjan and Vasan, Saastha and Mariani, Sebastiano and Grishchenko, Ilya and Continella, Andrea and Bianchi, Antonio and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 45th International Conference on Software Engineering},
series = {ICSE '23},
year = {2023},
doi = {10.1109/ICSE48619.2023.00121},
location = {Melbourne, Victoria, Australia},
numpages = {12},
pages = {1381--1392},
url = {https://doi.org/10.1109/ICSE48619.2023.00121}
}
@inproceedings{dipanjan_nft_22,
title = {{Understanding Security Issues in the NFT Ecosystem}},
author = {Das, Dipanjan and Bose, Priyanka and Ruaro, Nicola and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Conference on Computer and Communications Security (CCS)},
month = {November},
year = {2022}
}
@inproceedings{mclaughlin_regulator_22,
title = {{Regulator: Dynamic Analysis to Detect ReDoS}},
author = {McLaughlin, Robert and Pagani, Fabio and Spahn, Noah and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
month = {August},
year = {2022},
address = {Boston, MA},
publisher = {USENIX Association},
url = {https://www.usenix.org/conference/usenixsecurity22/presentation/mclaughlin},
venue = {USENIX Security 2022}
}
@inproceedings{dipanjan_dynstat_22,
title = {{Hybrid Pruning: Towards Precise Pointer and Taint Analysis}},
author = {Das, Dipanjan and Bose, Priyanka and Machiry, Aravind and Mariani, Sebastiano and Shoshitaishvili, Yan and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)},
month = {June},
year = {2022}
}
@inproceedings{priyanka_sailfish_22,
title = {{SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds}},
author = {Bose, Priyanka and Das, Dipanjan and Chen, Yanju and Feng, Yu and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {In Proceedings of the IEEE Symposium on Security \& Privacy (S\&P)},
month = {May},
year = {2022}
}
@inproceedings{gritti_heapster_22,
title = {{HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images}},
author = {Gritti, Fabio and Pagani, Fabio and Grishchenko, Ilya and Dresel, Lukas and Redini, Nilo and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {In Proceedings of the IEEE Symposium on Security \& Privacy (S\&P)},
month = {May},
year = {2022}
}
@inproceedings{vanede2022deepcase,
title = {{DeepCASE: Semi-Supervised Contextual Analysis of Security Events}},
author = {van Ede, Thijs and Aghakhani, Hojjat and Spahn, Noah and Bortolameotti, Riccardo and Cova, Marco and Continella, Andrea and van Steen, Maarten and Peter, Andreas and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the IEEE Symposium on Security and Privacy (S\&P)},
month = {May},
year = {2022},
organization = {IEEE}
}
@inproceedings{ruaro21syml,
title = {{SyML: Guiding symbolic execution toward vulnerable states through pattern learning}},
author = {Ruaro, Nicola and Zeng, Kyle and Dresel, Lukas and Polino, Mario and Bao, Tiffany and Continella, Andrea and Zanero, Stefano and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses},
month = {October},
year = {2021},
pages = {456--468}
}
@inproceedings{9505146,
title = {{Glitching Demystified: Analyzing Control-flow-based Glitching Attacks and Defenses}},
author = {Spensky, Chad and Machiry, Aravind and Burow, Nathan and Okhravi, Hamed and Housley, Rick and Gu, Zhongshu and Jamjoom, Hani and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)},
year = {2021},
pages = {400--412}
}
@inproceedings{2021spenskyconware,
title = {{Conware: Automated Modeling of Hardware Peripherals}},
author = {Spensky, Chad and Machiry, Aravind and Redini, Nilo and Unger, Colin and Foster, Graham and Blasband, Evan and Okhravi, Hamed and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security},
year = {2021},
isbn = {9781450382878},
keywords = {hardware peripherals, embedded systems, emulation},
numpages = {15},
pages = {95--109},
publisher = {Association for Computing Machinery},
url = {https://doi.org/10.1145/3433210.3437532}
}
@misc{aghakhani2021bullseye,
title = {{Bullseye Polytope: A Scalable Clean-Label Poisoning Attack with Improved Transferability}},
author = {Aghakhanii, Hojjat and Meng, Dongyu and Wang, Yu-Xiang and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the IEEE Symposium on Security \& Privacy (S\&P)},
month = {May},
year = {2021}
}
@inproceedings{garg2021_secrow,
title = {{Toward a Secure Crowdsourced Location Tracking System}},
author = {Garg, Chinmay and Machiry, Aravind and Continella, Andrea and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '21)},
month = {June},
year = {2021}
}
@inproceedings{Meng2021_Bran,
title = {{Bran: Reduce Vulnerability Search Space in Large Open Source Repositories by Learning Bug Symptoms}},
author = {Meng, Dongyu and Guerriero, Michele and Machiry, Aravind and Aghakhani, Hojjat and Bose, Priyanka and Continella, Andrea and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security},
series = {ASIA CCS '21},
month = {June},
year = {2021},
address = {New York, NY, USA},
doi = {10.1145/3433210.3453115},
isbn = {9781450382878},
keywords = {machine learning, static analysis, vulnerabilities},
location = {Virtual Event, Hong Kong},
numpages = {13},
pages = {731--743},
publisher = {Association for Computing Machinery},
url = {https://doi.org/10.1145/3433210.3453115}
}
@inproceedings{redini_diane_21,
title = {{DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices}},
author = {Redini, Nilo and Continella, Andrea and Das, Dipanjan and Pasquale, Giulio De and Spahn, Noah and Machiry, Aravind and Bianchi, Antonio and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {In Proceedings of the IEEE Symposium on Security \& Privacy (S\&P)},
month = {May},
year = {2021}
}
@article{botacin2021one,
title = {{One Size Does Not Fit All: A Longitudinal Analysis of Brazilian Financial Malware}},
author = {Botacin, Marcus and Aghakhani, Hojjat and Ortolani, Stefano and Kruegel, Christopher and Vigna, Giovanni and Oliveira, Daniela and Geus, Paulo Lı́cio De and Grégio, André},
year = {2021},
journal = {ACM Transactions on Privacy and Security (TOPS)},
number = {2},
pages = {1--31},
publisher = {ACM New York, NY, USA},
volume = {24}
}
@article{gustafson2020_halucinator,
title = {{HALucinator: Firmware Re-hosting through Abstraction Layer Emulation}},
author = {Clements, Abraham and Gustafson, Eric and Scharnowski, Tobias and Grosen, Paul and Fritz, David and Kruegel, Christopher and Vigna, Giovanni and Bagchi, Saurabh and Payer, Mathias},
booktitle = {Proceedings of the 29th USENIX Security Symposium (USENIX '20)},
month = {August},
year = {2020},
organization = {USENIX Association}
}
@inproceedings{Spensky2020_Trust,
title = {{TRUST.IO: Protecting Physical Interfaces on Cyber-physical Systems}},
author = {Spensky, Chad and Machiry, Aravind and Busch, Marcel and Leach, Kevin and Housley, Rick and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {2020 IEEE Conference on Communications and Network Security (CNS) (IEEE CNS 2020)},
month = {June},
year = {2020},
address = {Avignon, France},
organization = {USENIX Association}
}
@inproceedings{gritti2020_symbion,
title = {{SYMBION: Interleaving Symbolic with Concrete Execution}},
author = {Gritti, Fabio and Fontana, Lorenzo and Gustafson, Eric and Pagani, Fabio and Continella, Andrea and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the IEEE Conference on Communications and Network Security (CNS)},
month = {June},
year = {2020}
}
@inproceedings{machiry2020_spider,
title = {{SPIDER: Enabling Fast Patch Propagationin Related Software Repositories}},
author = {Machiry, Aravind and Redini, Nilo and Camellini, Eric and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the IEEE Symposium on Security \& Privacy (S\&P)},
month = {May},
year = {2020},
pages = {512--529}
}
@inproceedings{redini2020_karonte,
title = {{KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware}},
author = {Redini, Nilo and Machiry, Aravind and Wang, Ruoyu and Spensky, Chad and Continella, Andrea and Shoshitaishvili, Yan and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the IEEE Symposium on Security \& Privacy (S\&P)},
month = {May},
year = {2020}
}
@inproceedings{Aghakhani2020_Malware_Packin_Heat,
title = {{When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features}},
author = {Aghakhani, Hojjat and Gritti, Fabio and Mecca, Francesco and Lindorfer, Martina and Ortolani, Stefano and Balzarotti, Davide and Vigna, Giovanni and Kruegel, Christopher},
booktitle = {Proceedings of Symposium on Network and Distributed System Security (NDSS)},
month = {February},
year = {2020}
}
@inproceedings{jindal2019_neurlux,
title = {{Neurlux: Dynamic Malware Analysis Without Feature Engineering}},
author = {Jindal, Chani and Salls, Christopher and Aghakhani, Hojjat and Long, Keith and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the Annual Computer Security Applications Conference (ACSAC)},
month = {December},
year = {2019}
}
@inproceedings{hauser2019_sleak,
title = {{Sleak: Automating Address Space Layout Derandomization}},
author = {Hauser, Christophe and Menon, Jayakrishna and Shoshitaishvili, Yan and Wang, Ruoyu and Vigna, Giovanni and Kruegel, Christopher},
booktitle = {Proceedings of the Annual Computer Security Applications Conference (ACSAC)},
month = {December},
year = {2019}
}
@inproceedings{gustafson2019_pretender,
title = {{Toward the Analysis of Embedded Firmware Through Automated Re-hosting}},
author = {Gustafson, Eric and Muench, Marius and Spensky, Chad and and Redini, Nilo and Machiry, Aravind and Francillon, Aurelien and Balzarotti, Davide and Choe, Yung Ryn and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses (RAID)},
month = {September},
year = {2019},
address = {Beijing, China}
}
@inproceedings{redini19_bintrimmer,
title = {{BinTrimmer: Towards Static Binary Debloating Through Abstract Interpretation}},
author = {Redini, Nilo and Wang, Ruoyu and Machiry, Aravind and Shoshitaishvili, Yan and Vigna, Giovanni and Kruegel, Christopher},
booktitle = {Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)},
series = {Lecture Notes in Computer Science},
month = {June},
year = {2019},
address = {Gothenburg, Sweden},
publisher = {Springer Verlag}
}
@inproceedings{Leach:2019:GI,
title = {{Evolutionary Computation for Improving Malware Analysis}},
author = {Leach, Kevin and Dougherty, Ryan and Spensky, Chad and Forrest, Stephanie and Weimer, Westley},
booktitle = {GI-2019, ICSE workshops proceedings},
series = {GI},
month = {May},
year = {2019},
address = {Montreal},
editor = {Justyna Petke and Shin Hwei Tan and William B. Langdon and Westley Weimer},
keywords = {genetic algorithms, genetic programming, genetic improvement},
publisher = {IEEE},
url = {http://dijkstra.eecs.umich.edu/kleach/malware-gi-19.pdf}
}
@inproceedings{nilizadeh19_dataset,
title = {{Think Outside the Dataset: Finding Fraudulent Reviews using Cross-Dataset Analysis}},
author = {Nilizadeh, Shirin and Aghakhani, Hojjat and Gustafson, Eric and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the Web Conference (WWW)},
month = {May},
year = {2019},
address = {San Francisco, USA}
}
@inproceedings{chevalier19_bootkeeper,
title = {{BootKeeper: Validating Software Integrity Properties on Boot Firmware Images}},
author = {Chevalier, Ronny and Cristalli, Stefano and Hauser, Christophe and Shoshitaishvili, Yan and Wang, Ruoyu and Kruegel, Christopher and Vigna, Giovanni and Bruschi, Danilo and Lanzi, Andrea},
booktitle = {Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY)},
month = {March},
year = {2019},
address = {Dallas, USA}
}
@inproceedings{song2019periscope,
title = {{PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary}},
author = {Song, Dokyung and Hetzelt, Felicitas and Das, Dipanjan and Spensky, Chad and Na, Yeoul and Volckaert, Stijn and Vigna, Giovanni and Kruegel, Christopher and Seifert, Jean-Pierre and Franz, Michael},
booktitle = {2019 Network and Distributed Systems Security Symposium (NDSS)},
series = {NDSS},
month = {February},
year = {2019},
organization = {Internet Society}
}
@inproceedings{machiry19_dataset,
title = {{Towards Automatically Generating a Sound and Complete Dataset for Evaluating Static Analysis Tools}},
author = {Machiry, Aravind and Redini, Nilo and Gustafson, Eric and Aghakhani, Hojjat and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the Workshop on Binary Analysis Research (BAR)},
month = {February},
year = {2019},
address = {San Diego, USA}
}
@inproceedings{Meng2018Rampart_Protecting,
title = {{Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks}},
author = {Meng, Wei and Qian, Chenxiong and Hao, Shuang and Borgolte, Kevin and Vigna, Giovanni and Kruegel, Christopher and Lee, Wenke},
booktitle = {Proceedings of the 27th USENIX Security Symposium},
series = {USENIX Security},
month = {August},
year = {2018}
}
@inproceedings{217488,
title = {{HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security}},
author = {Eckert, Moritz and Bianchi, Antonio and Wang, Ruoyu and Shoshitaishvili, Yan and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {27th USENIX Security Symposium (USENIX Security 18)},
month = {August},
year = {2018},
address = {Baltimore, MD},
isbn = {978-1-931971-46-1},
pages = {99--116},
publisher = {USENIX Association},
url = {https://www.usenix.org/conference/usenixsecurity18/presentation/eckert}
}
@inproceedings{Borgolte2018Enumerating_Active,
title = {{Enumerating Active IPv6 Hosts for Large-scale Security Scans via DNSSEC-signed Reverse Zones}},
author = {Borgolte, Kevin and Hao, Shuang and Fiebig, Tobias and Vigna, Giovanni},
booktitle = {Proceedings of the 39th IEEE Symposium on Security \& Privacy},
series = {S\&P},
month = {May},
year = {2018}
}
@article{Shoshitaishvili2018Mechanical_Phish,
title = {{Mechanical Phish: Resilient Autonomous Hacking}},
author = {Shoshitaishvili, Yan and Bianchi, Antonio and Borgolte, Kevin and Cama, Amat and Corbetta, Jacopo and Disperati, Francesco and Dutcher, Andrew and Grosen, John and Grosen, Paul and Machiry, Aravind and Salls, Christopher and Stephens, Nick and Wang, Ruoyu and Vigna, Giovanni},
month = {March},
year = {2018},
issue = {2},
journal = {IEEE Security \& Privacy - Special Issue on Hacking without Humans},
url = {https://ieeexplore.ieee.org/document/8328966/},
volume = {16}
}
@inproceedings{Fiebig2018In_rDNS,
title = {{In rDNS We Trust: Revisiting a Common Data-Source's Reliability}},
author = {Fiebig, Tobias and Borgolte, Kevin and Hao, Shuang and Kruegel, Christopher and Vigna, Giovanni and Feldmann, Anja},
booktitle = {Proceedings of the 19th Passive and Active Measurement Conference},
series = {PAM},
month = {March},
year = {2018}
}
@inproceedings{Borgolte2018Cloud_Strife,
title = {{Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates}},
author = {Borgolte, Kevin and Fiebig, Tobias and Hao, Shuang and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 25th Network and Distributed Systems Security Symposium},
series = {NDSS},
month = {February},
year = {2018},
publisher = {ISOC}
}
@inproceedings{203708,
title = {{DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers}},
author = {Machiry, Aravind and Spensky, Chad and Corina, Jake and Stephens, Nick and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {26th USENIX Security Symposium (USENIX Security 17)},
series = {USENIX},
month = {August},
year = {2017},
address = {Vancouver, BC},
isbn = {978-1-931971-40-9},
pages = {1007--1024},
publisher = {USENIX Association},
url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/machiry}
}
@inproceedings{Chatzakou2017Hate_is,
title = {{Hate is not binary: Studying abusive behavior of #GamerGate on Twitter}},
author = {Chatzakou, Despoina and Kourtellis, Nicolas and Blackburn, Jeremy and De Cristofaro, Emiliano and Stringhini, Gianluca and Vakali, Athena},
booktitle = {Proceedings of the 2017 ACM Conference on Hypertext and Social Media (HyperText)},
month = {July},
year = {2017},
address = {Prague, Czech Republic},
publisher = {ACM}
}
@inproceedings{Chatzakou2017Mean_Birds,
title = {{Mean Birds: Detecting Aggression and Bullying on Twitter}},
author = {Chatzakou, Despoina and Kourtellis, Nicolas and Blackburn, Jeremy and De Cristofaro, Emiliano and Stringhini, Gianluca and Vakali, Athena},
booktitle = {Proceedings of the 2017 International ACM Web Science Conference (WebSci)},
month = {June},
year = {2017},
address = {Troy, NY},
publisher = {ACM}
}
@inproceedings{Mariconti2017Whats_in,
title = {{What's in a Name? Understanding Profile Name Reuse on Twitter}},
author = {Mariconti, Enrico and Onaolapo, Jeremiah and Ahmad, Syed Sharique and Nikiforou, Nicolas and Egele, Manuel and Nikiforakis, Nick and Stringhini, Gianluca},
booktitle = {Proceedings of the 26th international conference on World Wide Web},
series = {WWW},
month = {April},
year = {2017},
address = {Perth, Australia},
publisher = {ACM}
}
@inproceedings{Fiebig2017Something_From,
title = {{Something From Nothing (There): Collecting Global IPv6 Datasets From DNS}},
author = {Fiebig, Tobias and Borgolte, Kevin and Hao, Shuang and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 18th Passive and Active Measurement Conference},
series = {PAM},
month = {March},
year = {2017}
}
@inproceedings{machiry2017boomerang,
title = {{BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments}},
author = {Machiry, Aravind and Gustafson, Eric and Spensky, Chad and Salls, Christopher and Stephens, Nick and Wang, Ruoyu and Bianchi, Antonio and Choe, Yung Ryn and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the Network and Distributed System Security Symposium},
month = {February},
year = {2017}
}
@inproceedings{Continella2017Obfuscation-Resilient_Privacy,
title = {{Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis}},
author = {Continella, Andrea and Fratantonio, Yanick and Lindorfer, Martina and Puccetti, Alessandro and Zand, Ali and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 24th Symposium on Network and Distributed System Security (NDSS)},
month = {February},
year = {2017},
address = {San Diego}
}
@inproceedings{Mariconti2017MaMaDroid_Detecting,
title = {{MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models}},
author = {Mariconti, Enrico and Onwuzurike, Lucky and Andriotis, Panagiotis and De Cristofaro, Emiliano and Ross, Gordon and Stringhini, Gianluca},
booktitle = {Proceedings of the 24th Network and Distributed Systems Security Symposium},
series = {NDSS},
year = {2017},
address = {San Diego, CA}
}
@article{Bianchi2017Cyber_Grand,
title = {{Cyber Grand Shellphish}},
author = {Bianchi, Antonio and Borgolte, Kevin and Corbetta, Jacopo and Disperati, Francesco and Dutcher, Andrew and Grosen, John and Grosen, Paul and Machiry, Aravind and Salls, Christopher and Shoshitaishvili, Yan and Stephens, Nick and Vigna, Giovanni and Wang, Ruoyu},
month = {January},
year = {2017},
journal = {Phrack},
note = {(Authors listed alphabetically)},
number = {70},
url = {http://phrack.org/papers/cyber_grand_shellphish.html},
volume = {15}
}
@inproceedings{vanderVeen2016Drammer_Deterministic,
title = {{Drammer: Deterministic Rowhammer Attacks on Mobile Platforms}},
author = {van der Veen, Victor and Fratantonio, Yanick and Lindorfer, Martina and Gruss, Daniel and Maurice, Clementine and Vigna, Giovanni and Bos, Herbert and Razavi, Kaveh and Giuffrida, Cristiano},
booktitle = {Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security},
series = {DIMVA},
month = {October},
year = {2016},
address = {Vienna, Austria}
}
@inproceedings{Mariconti2016Whats_Your,
title = {{What's Your Major Threat? On The Differences Between the Network Behavior of Targeted and Commodity Malware}},
author = {Mariconti, Enrico and Onaolapo, Jeremiah and Ross, Gordon and Stringhini, Gianluca},
booktitle = {Proceedings of the 1st International Workshop on Malware Analysis},
series = {WMA},
month = {September},
year = {2016},
address = {Salzburg},
url = {http://www0.cs.ucl.ac.uk/staff/G.Stringhini/papers/targeted-wma2016.pdf}
}
@inproceedings{Neugschwandtner2016Runtime_Integrity,
title = {{Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices}},
author = {Neugschwandtner, Matthias and Mulliner, Collin and Robertson, William and Kirda, Engin},
booktitle = {Proceedings of the 9th International Conference on Trust \& Trustworthy Computing},
series = {TRUST},
month = {August},
year = {2016}
}
@inproceedings{Lazarov2016Honey_Sheets,
title = {{Honey Sheets: What Happens to Leaked Google Spreadsheets?}},
author = {Lazarov, Martin and Onaolapo, Jeremiah and Stringhini, Gianluca},
booktitle = {Proceedings of the 2016 USENIX Workshop on Cyber Security Experimentation and Test (CSET)},
month = {August},
year = {2016},
address = {Austin, TX},
publisher = {USENIX}
}
@article{spensky2016sok,
title = {{SoK: Privacy on Mobile Devices--It’s Complicated}},
author = {Spensky, Chad and Stewart, Jeffrey and Yerukhimovich, Arkady and Shay, Richard and Trachtenberg, Ari and Housley, Rick and Cunningham, Robert K},
booktitle = {Proceedings on Privacy Enhancing Technologies},
series = {PoPETS},
month = {July},
year = {2016},
number = {3},
volume = {2016}
}
@inproceedings{Becker2016International_Comparison,
title = {{International Comparison of Bank Fraud Reimbursement: Customer Perceptions and Contractual Terms}},
author = {Becker, Ingolf and Hutchings, Alice and Abu-Salma, Ruba and Anderson, Ross and Bohm, Nicholas and Murdoch, Steven and Sasse, Angela and Stringhini, Gianluca},
booktitle = {Workshop on the Economics of Information Security (WEIS)},
month = {June},
year = {2016},
address = {Berkeley},
url = {http://www0.cs.ucl.ac.uk/staff/G.Stringhini/papers/bank-weis2016.pdf}
}
@inproceedings{Ren2016ReCon_Revealing,
title = {{ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic}},
author = {Ren, Jingjing and Rao, Ashwin and Lindorfer, Martina and Legout, Arnaud and Choffnes, David},
booktitle = {Proceedings of the International Conference on Mobile Systems, Applications and Services},
series = {MobiSys},
month = {May},
year = {2016},
address = {Singapore}
}
@inproceedings{Mariconti2016Why_Allowing,
title = {{Why Allowing Profile Name Reuse Is A Bad Idea}},
author = {Mariconti, Enrico and Onaolapo, Jeremiah and Ahmad, Syed Sharique and Nikiforou, Nicolas and Egele, Manuel and Nikiforakis, Nick and Stringhini, Gianluca},
booktitle = {Proceedings of the 9th European Workshop on System Security},
series = {EUROSEC},
month = {April},
year = {2016},
address = {London},
publisher = {ACM}
}
@inproceedings{leach2016towards,
title = {{Towards Transparent Introspection}},
author = {Leach, Kevin and Spensky, Chad and Weimer, Westley and Zhang, Fengwei},
booktitle = {Software Analysis, Evolution, and Reengineering (SANER), 2016 IEEE 23rd International Conference on},
series = {SANER},
month = {March},
year = {2016},
organization = {IEEE},
pages = {248--259},
volume = {1}
}
@article{spensky2016phi,
title = {{LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis}},
author = {Spensky, Chad and Hu, Hongyi and Leach, Kevin},
booktitle = {Proceedings of the Network and Distributed System Security Symposium},
series = {NDSS},
month = {February},
year = {2016}
}
@inproceedings{Murdoch2016Are_Payment,
title = {{Are Payment Card Contracts Unfair?}},
author = {Murdoch, Steven J. and Becker, Ingolf and Abu-Salma, Ruba and Anderson, Ross and Bohm, Nicholas and Hutchings, Alice and Sasse, M. Angela and Stringhini, Gianluca},
booktitle = {Financial Cryptography and Data Security},
series = {FC},
month = {February},
year = {2016},
address = {Barbados},
publisher = {Springer}
}
@inproceedings{Chen2016Towards_Fully,
title = {{Towards Fully Automated Dynamic Analysis for Embedded Firmware}},
author = {Chen, Daming and Egele, Manuel and Woo, Maverick and Brumley, David},
booktitle = {Proceedings of the 23rd Symposium on Network and Distributed System Security},
month = {February},
year = {2016},
address = {San Diego, CA}
}
@inproceedings{Coletta2016DroydSeuss_A,
title = {{DroydSeuss: A Mobile Banking Trojan Tracker - Short Paper}},
author = {Coletta, Alberto and Van Der Veen, Victor and Maggi, Federico},
booktitle = {Financial Cryptography and Data Security},
series = {Lecture Notes in Computer Science (LNCS)},
month = {February},
year = {2016},
publisher = {Springer Berlin Heidelberg}
}
@inproceedings{Carter2016CuriousDroid_Automated,
title = {{CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes}},
author = {Carter, Patrick and Mulliner, Collin and Lindorfer, Martina and Robertson, William and Kirda, Engin},
booktitle = {Proceedings of the International Conference on Financial Cryptography and Data Security (FC)},
month = {February},
year = {2016},
address = {Christ Church, Barbados}
}
@inproceedings{Iedemska2015The_Tricks,
title = {{The Tricks of the Trade: What Makes Spam Campaigns Successful?}},
author = {Iedemska, Jane and Stringhini, Gianluca and Kemmerer, Richard and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 2014 IEEE Security and Privacy Workshops (SPW)},
year = {2014},
address = {Washington, DC, USA},
doi = {10.1109/SPW.2014.21},
isbn = {978-1-4799-5103-1},
pages = {77--83},
publisher = {IEEE Computer Society},
url = {https://doi.org/10.1109/SPW.2014.21}
}
@inproceedings{Kirat2015SigMal_A,
title = {{SigMal: A Static Signal Processing Based Malware Triage}},
author = {Kirat, Dhilung and Nataraj, Lakshmanan and Vigna, Giovanni and Manjunath, B. S.},
booktitle = {Proceedings of the 29th Annual Computer Security Applications Conference},
series = {ACSAC '13},
year = {2013},
address = {New York, NY, USA},
doi = {10.1145/2523649.2523682},
isbn = {978-1-4503-2015-3},
pages = {89--98},
publisher = {ACM},
url = {https://doi.org/10.1145/2523649.2523682}
}
@inproceedings{Fratantonio2015On_the,
title = {{On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users}},
author = {Fratantonio, Yanick and Bianchi, Antonio and Robertson, William and Egele, Manuel and Kruegel, Christopher and Kirda, Engin and Vigna, Giovanni},
booktitle = {Proceedings of the 12th Symposium on Detection of Intrusions and Malware, and Vulnerability Assessment},
month = {July},
year = {2015},
copyright = {©2015 Springer International Publishing Switzerland},
doi = {10.1007/978-3-319-20550-2_15},
isbn = {978-3-319-20549-6 978-3-319-20550-2},
language = {en},
pages = {282--303},
publisher = {Springer International Publishing},
url = {https://doi.org/10.1007/978-3-319-20550-2_15}
}
@inproceedings{Bianchi2015NJAS_Sandboxing,
title = {{NJAS: Sandboxing Unmodified Applications in Non-rooted Devices Running Stock Android}},
author = {Bianchi, Antonio and Fratantonio, Yanick and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices},
series = {SPSM '15},
year = {2015},
address = {New York, NY, USA},
doi = {10.1145/2808117.2808122},
isbn = {978-1-4503-3819-6},
pages = {27--38},
publisher = {ACM},
url = {https://doi.org/10.1145/2808117.2808122}
}
@inproceedings{Banks2015MISHIMA_Multilateration,
title = {{MISHIMA: Multilateration of Internet Hosts Hidden Using Malicious Fast-Flux Agents (Short Paper)}},
author = {Banks, Greg and Fattori, Aristide and Kemmerer, Richard and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceeding of the 8th Symposium on Detection of Intrusions and Malware, and Vulnerability Assessment},
month = {July},
year = {2011},
isbn = {978-3-642-22423-2 978-3-642-22424-9},
language = {en},
pages = {184--193},
publisher = {Springer Berlin Heidelberg},
url = {http://link.springer.com/chapter/10.1007/978-3-642-22424-9_11}
}
@inproceedings{Invernizzi2015Message_in,
title = {{Message in a Bottle: Sailing Past Censorship}},
author = {Invernizzi, Luca and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC)},
year = {2013},
address = {New York, NY, USA},
doi = {10.1145/2523649.2523654},
isbn = {978-1-4503-2015-3},
pages = {39--48},
publisher = {ACM},
url = {https://doi.org/10.1145/2523649.2523654}
}
@inproceedings{Kirat2015MalGene_Automatic,
title = {{MalGene: Automatic Extraction of Malware Analysis Evasion Signature}},
author = {Kirat, Dhilung and Vigna, Giovanni},
booktitle = {Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS '15},
year = {2015},
address = {New York, NY, USA},
doi = {10.1145/2810103.2813642},
isbn = {978-1-4503-3832-5},
pages = {769--780},
publisher = {ACM},
url = {https://doi.org/10.1145/2810103.2813642}
}
@inproceedings{Corbetta2015Eyes_of,
title = {{Eyes of a Human, Eyes of a Program: Leveraging Different Views of the Web for Analysis and Detection}},
author = {Corbetta, Jacopo and Invernizzi, Luca and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 17th Symposium on Research in Attacks, Intrusions and Defenses},
series = {Lecture Notes in Computer Science},
month = {September},
year = {2014},
copyright = {©2014 Springer International Publishing Switzerland},
doi = {10.1007/978-3-319-11379-1_7},
isbn = {978-3-319-11378-4 978-3-319-11379-1},
language = {en},
pages = {130--149},
publisher = {Springer International Publishing},
url = {https://doi.org/10.1007/978-3-319-11379-1_7}
}
@inproceedings{Kapravelos2015Escape_from,
title = {{Escape from Monkey Island: Evading High-interaction Honeyclients}},
author = {Kapravelos, Alexandros and Cova, Marco and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 8th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)},
year = {2011},
address = {Berlin, Heidelberg},
isbn = {978-3-642-22423-2},
pages = {124--143},
publisher = {Springer-Verlag},
url = {http://dl.acm.org/citation.cfm?id=2026647.2026658}
}
@inproceedings{Kirat2015Barecloud_Bare-metal,
title = {{Barecloud: Bare-metal Analysis-based Evasive Malware Detection}},
author = {Kirat, Dhilung and Vigna, Giovanni and Kruegel, Christopher},
booktitle = {Proceedings of the 23rd USENIX Conference on Security Symposium},
series = {SEC'14},
year = {2014},
address = {Berkeley, CA, USA},
isbn = {978-1-931971-15-7},
pages = {287--301},
publisher = {USENIX Association},
url = {http://dl.acm.org/citation.cfm?id=2671225.2671244}
}
@inproceedings{Egele2015An_Empirical,
title = {{An Empirical Study of Cryptographic Misuse in Android Applications}},
author = {Egele, Manuel and Brumley, David and Fratantonio, Yanick and Kruegel, Christopher},
booktitle = {Proceedings of the 2013 ACM SIGSAC Conference on Computer \& Communications Security},
series = {CCS '13},
year = {2013},
address = {New York, NY, USA},
doi = {10.1145/2508859.2516693},
isbn = {978-1-4503-2477-9},
pages = {73--84},
publisher = {ACM},
url = {https://doi.org/10.1145/2508859.2516693}
}
@article{Kruegel2015A_Multi-model,
title = {{A Multi-model Approach to the Detection of Web-based Attacks}},
author = {Kruegel, Christopher and Vigna, Giovanni and Robertson, William},
month = {August},
year = {2005},
doi = {10.1016/j.comnet.2005.01.009},
issn = {1389-1286},
journal = {Comput. Netw.},
number = {5},
pages = {717--738},
url = {https://doi.org/10.1016/j.comnet.2005.01.009},
volume = {48}
}
@inproceedings{Falsina2015Grab_Run,
title = {{Grab ʼn Run: Secure and Practical Dynamic Code Loading for Android Applications}},
author = {Falsina, Luca and Fratantonio, Yanick and Zanero, Stefano and Kruegel, Christopher and Vigna, Giovanni and Maggi, Federico},
booktitle = {Proceedings of the 31st Annual Computer Security Applications Conference},
series = {ACSAC '15},
month = {December},
year = {2015},
address = {Los Angeles, USA},
publisher = {ACM},
volume = {(to appear)}
}
@article{Valdi2015Scalable_Testing,
title = {{Scalable Testing of Mobile Antivirus Applications}},
author = {Valdi, Andrea and Lever, Eros and Benefico, Simone and Quarta, Davide and Zanero, Stefano and Maggi, Federico},
month = {November},
year = {2015},
issn = {0018-9162},
journal = {Computer},
number = {11},
pages = {60--68},
volume = {48}
}
@inproceedings{Andronio2015HelDroid_Dissecting,
title = {{HelDroid: Dissecting and Detecting Mobile Ransomware}},
author = {Andronio, Nicoló and Zanero, Stefano and Maggi, Federico},
booktitle = {Proceedings of the 18th international conference on Research in Attacks, Intrusions, and Defenses},
series = {Lecture Notes in Computer Science},
month = {November},
year = {2015},
copyright = {©2015 Springer International Publishing Switzerland},
doi = {10.1007/978-3-319-26362-5_18},
isbn = {978-3-319-26361-8 978-3-319-26362-5},
language = {en},
pages = {382--404},
publisher = {Springer International Publishing},
url = {https://doi.org/10.1007/978-3-319-26362-5_18}
}
@inproceedings{Ilia2015FaceOff_Preventing,
title = {{Face/Off: Preventing Privacy Leakage From Photos in Social Networks}},
author = {Ilia, Panagiotis and Polakis, Iasonas and Athanasopoulos, Elias and Maggi, Federico and Ioannidis, Sotiris},
booktitle = {Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security (CCS)},
month = {October},
year = {2015},
address = {Denver, USA},
publisher = {ACM}
}
@inproceedings{Hao2015Drops_for,
title = {{Drops for Stuff: An Analysis of Reshipping Mule Scams}},
author = {Hao, Shuang and Borgolte, Kevin and Nikiforakis, Nick and Stringhini, Gianluca and Egele, Manuel and Eubanks, Michael and Krebs, Brian and Vigna, Giovanni},
booktitle = {Proceedings of the 22nd ACM Conference on Computer and Communications Security},
series = {CCS},
month = {November},
year = {2015},
publisher = {ACM}
}
@inproceedings{Fratantonio2015CLAPP_Characterizing,
title = {{CLAPP: Characterizing Loops in Android Applications (Invited Talk)}},
author = {Fratantonio, Yanick and Machiry, Aravind and Bianchi, Antonio and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 3rd International Workshop on Software Development Lifecycle for Mobile (DeMobile)},
year = {2015},
address = {New York, NY, USA},
doi = {10.1145/2804345.2804355},
isbn = {978-1-4503-3815-8},
pages = {33--34},
publisher = {ACM},
url = {https://doi.org/10.1145/2804345.2804355}
}
@inproceedings{Carminati2015BankSealer_An,
title = {{BankSealer: An Online Banking Fraud Analysis and Decision Support System}},
author = {Carminati, Michele and Caron, Roberto and Maggi, Federico and Epifani, Ilenia and Zanero, Stefano},
booktitle = {Proceedings of the 29th Internation Conference on Systems Security and Privacy Protection},
series = {IFIP Advances in Information and Communication Technology},
month = {June},
year = {2014},
copyright = {©2014 IFIP International Federation for Information Processing},
isbn = {978-3-642-55414-8 978-3-642-55415-5},
language = {en},
pages = {380--394},
publisher = {Springer Berlin Heidelberg},
url = {http://link.springer.com/chapter/10.1007/978-3-642-55415-5_32}
}
@inproceedings{Antonini2015A_Practical,
title = {{A Practical Attack Against a KNX-based Building Automation System}},
author = {Antonini, Alessio and Maggi, Federico and Zanero, Stefano},
booktitle = {Proceedings of the 2nd International Symposium on ICS \& SCADA Cyber Security Research 2014},
series = {ICS-CSR 2014},
month = {September},
year = {2014},
address = {UK},
doi = {10.14236/ewic/ics-csr2014.7},
isbn = {978-1-78017-286-6},
pages = {53--60},
publisher = {BCS},
url = {https://doi.org/10.14236/ewic/ics-csr2014.7}
}
@inproceedings{Borgolte2015Meerkat_Detecting,
title = {{Meerkat: Detecting Website Defacements through Image-based Object Recognition}},
author = {Borgolte, Kevin and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 24th USENIX Security Symposium},
series = {USENIX Security},
month = {August},
year = {2015},
publisher = {USENIX}
}
@inproceedings{Federico2015How_the,
title = {{How the ELF Ruined Christmas}},
author = {Federico, Alessandro Di and Cama, Amat and Shoshitaishvili, Yan and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the Symposium on the 24th USENIX Security},
month = {August},
year = {2015},
address = {Washington, D.C.},
isbn = {978-1-931971-23-2},
pages = {643--658},
publisher = {USENIX Association},
url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/di-frederico}
}
@inproceedings{Stringhini2015EvilCohort_Detecting,
title = {{EvilCohort: Detecting Communities of Malicious Accounts on Online Services}},
author = {Stringhini, Gianluca and Mourlanne, Pierre and Jacob, Gregoire and Egele, Manuel and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 24th USENIX Conference on Security},
series = {USENIX Security},
month = {August},
year = {2015},
address = {Washington, D.C.}
}
@inproceedings{Polino2015Jackdaw_Towards,
title = {{Jackdaw: Towards Automatic Reverse Engineering of Large Datasets of Binaries}},
author = {Polino, Mario and Scorti, Andrea and Maggi, Federico and Zanero, Stefano},
booktitle = {Proceedings of the 12th Detection of Intrusions and Malware, and Vulnerability Assessment},
series = {Lecture Note in Computer Science},
month = {July},
year = {2015},
copyright = {©2015 Springer International Publishing Switzerland},
doi = {10.1007/978-3-319-20550-2_7},
isbn = {978-3-319-20549-6 978-3-319-20550-2},
language = {en},
pages = {121--143},
publisher = {Springer International Publishing},
url = {https://doi.org/10.1007/978-3-319-20550-2_7}
}
@inproceedings{Lindorfer2015Marvin_Efficient,
title = {{Marvin: Efficient and Comprehensive Mobile App Classification Through Static and Dynamic Analysis}},
author = {Lindorfer, Martina and Neugschwandtner, Matthias and Platzer, Christian},
booktitle = {Proceedings of the Annual International Computers, Software \& Applications Conference},
series = {COMPSAC},
month = {July},
year = {2015},
address = {Taichung, Taiwan}
}
@article{Carminati2015BankSealer_A,
title = {{BankSealer: A decision support system for online banking fraud analysis and investigation}},
author = {Carminati, Michele and Caron, Roberto and Maggi, Federico and Epifani, Ilenia and Zanero, Stefano},
month = {April},
year = {2015},
issn = {0167-4048},
journal = {Computers \& Security},
url = {http://www.sciencedirect.com/science/article/pii/S0167404815000437}
}
@inproceedings{Bianchi2015What_the,
title = {{What the App is That? Deception and Countermeasures in the Android User Interface}},
author = {Bianchi, Antonio and Corbetta, Jacopo and Invernizzi, Luca and Fratantonio, Yanick and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 36th IEEE Symposium on Security and Privacy},
series = {SSP 39;15},
year = {2015},
publisher = {IEEE}
}
@inproceedings{Thomas2015Ad_Injection,
title = {{Ad Injection at Scale: Assessing Deceptive Advertisement Modifications}},
author = {Thomas, Kurt and Bursztein, Elie and Grier, Chris and Ho, Grant and Jagpal, Nav and Kapravelos, Alexandros and McCoy, Damon and Nappa, Antonio and Paxson, Vern and Pearce, Paul and Provos, Niels and Rajab, Moheeb Abu},
booktitle = {Proceedings of the 36th IEEE Symposium on Security and Privacy},
series = {iNetSec},
year = {2015}
}
@inproceedings{Neugschwandtner2015The_BORG,
title = {{The BORG: Nanoprobing Binaries for Buffer Overreads}},
author = {Neugschwandtner, Matthias and Milani Comparetti, Paolo and Haller, Istvan and Bos, Herbert},
booktitle = {Proceedings of the 5th ACM Conference on Data and Application Security and Privacy},
series = {CODASPY},
month = {March},
year = {2015}
}
@inproceedings{Cao2015EdgeMiner_Automatically,
title = {{EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework}},
author = {Cao, Yinzhi and Fratantonio, Yanick and Bianchi, Antonio and Egele, Manuel and Kruegel, Christopher and Vigna, Giovanni and Chen, Yan},
booktitle = {Proceedings of the 22nd Symposium on Network and Distributed System Security},
month = {February},
year = {2015},
address = {San Diego, CA}
}
@article{Payer2015What_You,
title = {{What You Submit is Who You Are: A Multi-Modal Approach for Deanonymizing Scientific Publications}},
author = {Payer, Mathias and Huang, Ling and Gong, Neil Zhenqiang and Borgolte, Kevin and Frank, Mario},
year = {2015},
journal = {IEEE Transactions on Information Forensics and Security},
number = {1},
volume = {10}
}
@inproceedings{Onaolapo2014What_Happens,
title = {{What Happens After You Are Pwnd: Understanding The Use of Leaked Webmail Credentials In The Wild}},
author = {Onaolapo, Jeremiah and Mariconti, Enrico and Stringhini, Gianluca},
booktitle = {Proceedings of the 2016 ACM SIGCOMM Internet Measurement Conference},
series = {IMC},
month = {November},
year = {2016},
address = {Santa Monica, CA},
publisher = {ACM}
}
@inproceedings{Zarras2014The_Dark,
title = {{The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements}},
author = {Zarras, Apostolis and Kapravelos, Alexandros and Stringhini, Gianluca and Holz, Thorsten and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 2014 Conference on Internet Measurement Conference},
series = {IMC},
year = {2014},
address = {New York, NY, USA},
doi = {10.1145/2663716.2663719},
isbn = {978-1-4503-3213-2},
pages = {373--380},
publisher = {ACM},
url = {https://doi.org/10.1145/2663716.2663719}
}
@inproceedings{Line2014Targeted_Attacks,
title = {{Targeted Attacks Against Industrial Control Systems: Is the Power Industry Prepared?}},
author = {Line, Maria B. and Zand, Ali and Stringhini, Gianluca and Kemmerer, Richard},
booktitle = {Proceedings of the 2nd Workshop on Smart Energy Grid Security},
series = {SEGS},
year = {2014},
address = {New York, NY, USA},
doi = {10.1145/2667190.2667192},
isbn = {978-1-4503-3154-8},
pages = {13--22},
publisher = {ACM},
url = {https://doi.org/10.1145/2667190.2667192}
}
@inproceedings{Polakis2014Faces_in,
title = {{Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication}},
author = {Polakis, Iasonas and Ilia, Panagiotis and Maggi, Federico and Lancini, Marco and Kontaxis, Georgios and Zanero, Stefano and Ioannidis, Sotiris and Keromytis, Angelos D.},
booktitle = {Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS},
month = {November},
year = {2014},
address = {New York, NY, USA},
doi = {10.1145/2660267.2660317},
isbn = {978-1-4503-2957-6},
pages = {501--512},
publisher = {ACM},
url = {https://doi.org/10.1145/2660267.2660317}
}
@inproceedings{Cao2014Protecting_Web,
title = {{Protecting Web Single Sign-on against Relying Party Impersonation Attacks through a Bi-directional Secure Channel with Authentication}},
author = {Cao, Yinzhi and Shoshitaishvili, Yan and Borgolte, Kevin and Kruegel, Christopher and Vigna, Giovanni and Chen, Yan},
booktitle = {Proceedings of the 17th International Symposium on Research in Attacks, Intrusions and Defense},
series = {RAID},
month = {September},
year = {2014},
publisher = {Springer}
}
@inproceedings{Polakis2014Security_and,
title = {{Security and Privacy Measurements on Social Networks: Experiences and Lessons Learned}},
author = {Polakis, Iasonas and Maggi, Federico and Zanero, Stefano and Keromytis, Angelos D.},
booktitle = {Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security},
series = {BADGERS},
month = {September},
year = {2014},
address = {Wroclaw, Poland},
volume = {(to appear)}
}
@inproceedings{Egele2014Blanket_Execution,
title = {{Blanket Execution: Dynamic Similarity Testing for Program Binaries and Components}},
author = {Egele, Manuel and Woo, Maverick and Chapman, Peter and Brumley, David},
booktitle = {Proceedings of the 23rd Symposium on USENIX Security},
month = {August},
year = {2014},
address = {San Diego, CA},
isbn = {978-1-931971-15-7}
}
@inproceedings{Vigna2014Ten_Years,
title = {{Ten Years of iCTF: The Good, The Bad, and The Ugly}},
author = {Vigna, Giovanni and Borgolte, Kevin and Corbetta, Jacopo and Doupé, Adam and Fratantonio, Yanick and Invernizzi, Luca and Kirat, Dhilung and Shoshitaishvili, Yan},
booktitle = {Proceedings of the 1st USENIX Summit on Gaming, Games and Gamification in Security Education},
series = {3GSE},
month = {August},
year = {2014},
organization = {USENIX}
}
@inproceedings{Schiavoni2014Phoenix_DGA-Based,
title = {{Phoenix: DGA-Based Botnet Tracking and Intelligence}},
author = {Schiavoni, Stefano and Maggi, Federico and Cavallaro, Lorenzo and Zanero, Stefano},
booktitle = {Proceedings of the 11th Detection of Intrusions and Malware, and Vulnerability Assessment},
series = {Lecture Notes in Computer Science},
month = {July},
year = {2014},
copyright = {©2014 Springer International Publishing Switzerland},
isbn = {978-3-319-08508-1 978-3-319-08509-8},
language = {en},
pages = {192--211},
publisher = {Springer International Publishing},
url = {http://link.springer.com/chapter/10.1007/978-3-319-08509-8_11}
}
@inproceedings{Maio2014PExy_The,
title = {{PExy: The Other Side of Exploit Kits}},
author = {Maio, Giancarlo De and Kapravelos, Alexandros and Shoshitaishvili, Yan and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 15th Detection of Intrusions and Malware, and Vulnerability Assessment},
series = {DIMVA},
month = {July},
year = {2014},
copyright = {©2014 Springer International Publishing Switzerland},
doi = {10.1007/978-3-319-08509-8_8},
isbn = {978-3-319-08508-1 978-3-319-08509-8},
language = {en},
pages = {132--151},
publisher = {Springer International Publishing},
url = {https://doi.org/10.1007/978-3-319-08509-8_8}
}
@inproceedings{Shoshitaishvili2014Do_you,
title = {{Do you feel lucky?: a large-scale analysis of risk-rewards trade-offs in cyber security}},
author = {Shoshitaishvili, Yan and Invernizzi, Luca and Doupé, Adam and Vigna, Giovanni},
booktitle = {Proceedings of the 29th Annual ACM Symposium on Applied Computing},
series = {SAC},
year = {2014},
pages = {1649--1656},
publisher = {ACM},
url = {http://dl.acm.org/citation.cfm?id=2554880}
}
@inproceedings{Criscione2014Zarathustra_Extracting,
title = {{Zarathustra: Extracting WebInject Signatures from Banking Trojans}},
author = {Criscione, Claudio and Bosatelli, Fabio and Zanero, Stefano and Maggi, Federico},
booktitle = {Proceedings of the 12th Annual International Conference on Privacy, Security and Trust (PST)},
month = {July},
year = {2014},
address = {Toronto, Canada},
isbn = {978-1-4799-3502-4},
pages = {139--148},
publisher = {IEEE Computer Society}
}
@inproceedings{Lindorfer2014AndRadar_Fast,
title = {{AndRadar: Fast Discovery of Android Applications in Alternative Markets}},
author = {Lindorfer, Martina and Volanis, Stamatis and Sisto, Alessandro and Neugschwandtner, Matthias and Athanasopoulos, Elias and Maggi, Federico and Platzer, Christian and Zanero, Stefano and Ioannidis, Sotiris},
booktitle = {Detection of Intrusions and Malware, and Vulnerability Assessment},
series = {Lecture Notes in Computer Science},
month = {July},
year = {2014},
copyright = {©2014 Springer International Publishing Switzerland},
isbn = {978-3-319-08508-1 978-3-319-08509-8},
language = {en},
pages = {51--71},
publisher = {Springer International Publishing},
url = {http://link.springer.com/chapter/10.1007/978-3-319-08509-8_4}
}
@inproceedings{Maggi2014Are_the,
title = {{Are the Con Artists Back? A Preliminary Analysis of Modern Phone Frauds}},
author = {Maggi, Federico},
booktitle = {Proceedings of the 10th International Conference on Computer and Information Technology},
series = {CIT},
month = {June},
year = {2010},
isbn = {978-0-7695-4108-2},
pages = {824--831},
publisher = {IEEE Computer Society}
}
@inproceedings{Maggi2014A_Recognizer,
title = {{A Recognizer of Rational Trace Languages}},
author = {Maggi, Federico},
booktitle = {Proceedings of the 10th International Conference on Computer and Information Technology},
series = {CIT},
month = {June},
year = {2010},
isbn = {978-0-7695-4108-2},
pages = {257--264},
publisher = {IEEE Computer Society}
}
@inproceedings{Bonetti2014A_Comprehensive,
title = {{A Comprehensive Black-box Methodology for Testing the Forensic Characteristics of Solid-state Drives}},
author = {Bonetti, Gabriele and Viglione, Marco and Frossi, Alessandro and Maggi, Federico and Zanero, Stefano},
booktitle = {Proceedings of the 29th Annual Computer Security Applications Conference},
series = {ACSAC '13},
month = {December},
year = {2013},
address = {New York, NY, USA},
doi = {10.1145/2523649.2523660},
isbn = {978-1-4503-2015-3},
pages = {269--278},
publisher = {ACM},
url = {https://doi.org/10.1145/2523649.2523660}
}
@inproceedings{Stringhini2014The_Harvester,
title = {{The Harvester, the Botmaster, and the Spammer: On the Relations Between the Different Actors in the Spam Landscape}},
author = {Stringhini, Gianluca and Hohlfeld, Oliver and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security},
series = {ASIA CCS},
year = {2014},
address = {New York, NY, USA},
doi = {10.1145/2590296.2590302},
isbn = {978-1-4503-2800-5},
pages = {353--364},
publisher = {ACM},
url = {https://doi.org/10.1145/2590296.2590302}
}
@inproceedings{Platzer2014Skin_Sheriff,
title = {{Skin Sheriff: A Machine Learning Solution for Detecting Explicit Images}},
author = {Platzer, Christian and Stuetz, Martin and Lindorfer, Martina},
booktitle = {Proceedings of the 2nd International Workshop on Security and Forensics in Communication Systems},
series = {ASIACCS-SFCS},
month = {June},
year = {2014},
address = {Kyoto, Japan}
}
@inproceedings{Nikiforakis2014Stranger_Danger,
title = {{Stranger Danger: Exploring the Ecosystem of Ad-based URL Shortening Services}},
author = {Nikiforakis, Nick and Maggi, Federico and Stringhini, Gianluca and Rafique, Zubair and Joosen, Wouter and Kruegel, Christopher and Piessens, Frank and Vigna, Giovanni and Zanero, Stefano},
booktitle = {Proceedings of the 23rd international conference on World Wide Web},
series = {WWW},
month = {April},
year = {2014},
address = {Seoul, Korea},
doi = {10.1145/2566486.2567983},
isbn = {978-1-4503-2744-2},
pages = {51--62},
publisher = {International World Wide Web Conferences Steering Committee},
url = {https://doi.org/10.1145/2566486.2567983}
}
@inproceedings{Neuner2014Enter_Sandbox,
title = {{Enter Sandbox: Android Sandbox Comparison}},
author = {Neuner, Sebastian and Van Der Veen, Victor and Lindorfer, Martina and Huber, Markus and Merzdovnik, Georg and Mulazzani, Martin and Weippl, Edgar},
booktitle = {Proceedings of the 3rd IEEE Mobile Security Technologies Workshop},
series = {MoST},
month = {May},
year = {2014},
address = {San Jose, CA}
}
@inproceedings{Zand2014Rippler_Delay,
title = {{Rippler: Delay Injection For Service Dependency Detection}},
author = {Zand, Ali and Vigna, Giovanni and Kemmerer, Richard A. and Kruegel, Christopher},
booktitle = {2014 IEEE Conference on Computer Communications},
series = {INFOCOM},
year = {2014},
doi = {10.1109/INFOCOM.2014.6848158},
pages = {2157--2165},
url = {https://doi.org/10.1109/INFOCOM.2014.6848158}
}
@inproceedings{Borgolte2014Relevant_Change,
title = {{Relevant Change Detection: A Framework for the Precise Extraction of Modified and Novel Web-based Content as a Filtering Technique for Analysis Engines}},
author = {Borgolte, Kevin and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 23rd International World Wide Web Conference Companion},
series = {WWW},
month = {April},
year = {2014},
note = {Developers Track},
publisher = {IW3C2}
}
@inproceedings{Zand2014Extracting_Probable,
title = {{Extracting Probable Command and Control Signatures for Detecting Botnets}},
author = {Zand, Ali and Vigna, Giovanni and Yan, Xifeng and Kruegel, Christopher},
booktitle = {Proceedings of the 29th Annual ACM Symposium on Applied Computing},
series = {SAC},
year = {2014},
address = {New York, NY, USA},
doi = {10.1145/2554850.2554896},
isbn = {978-1-4503-2469-4},
pages = {1657--1662},
publisher = {ACM},
url = {https://doi.org/10.1145/2554850.2554896}
}
@inproceedings{Spagnuolo2014BitIodine_Extracting,
title = {{BitIodine: Extracting Intelligence from the Bitcoin Network}},
author = {Spagnuolo, Michele and Maggi, Federico and Zanero, Stefano},
booktitle = {Financial Cryptography and Data Security},
series = {Lecture Notes in Computer Science (LNCS)},
month = {March},
year = {2014},
address = {Barbados},
isbn = {978-3-662-45471-8},
pages = {457--468},
publisher = {Springer Berlin Heidelberg}
}
@inproceedings{Invernizzi2014Nazca_Detecting,
title = {{Nazca: Detecting Malware Distribution in Large-Scale Networks}},
author = {Invernizzi, Luca and Miskovic, Stanislav and Torres, Ruben and Saha, Sabyaschi and Lee, Sung-Ju and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 21st Symposium on Network and Distributed System Security Symposium},
month = {February},
year = {2014},
url = {http://seclab.cs.ucsb.edu/media/uploads/papers/invernizzi_nazca_ndss14.pdf}
}
@inproceedings{Poeplau2014Execute_This!,
title = {{Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications}},
author = {Poeplau, Sebastian and Fratantonio, Yanick and Bianchi, Antonio and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 21st Network and Distributed Systems Security Symposium},
series = {NDSS},
month = {February},
year = {2014},
address = {San Diego, CA}
}
@inproceedings{Lindorfer2013Take_a,
title = {{Take a Bite - Finding the Worm in the Apple}},
author = {Lindorfer, Martina and Miller, Bernhard and Neugschwandtner, Matthias and Platzer, Christian},
booktitle = {Proceedings of the International Conference on Information, Communications and Signal Processing},
series = {ICICS},
month = {December},
year = {2013},
address = {Tainan, Taiwan}
}
@inproceedings{Stringhini2013Shady_Paths,
title = {{Shady Paths: Leveraging Surfing Crowds to Detect malicious Web Pages}},
author = {Stringhini, Gianluca and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS},
year = {2013},
isbn = {978-1-4503-2477-9},
language = {en},
pages = {133--144},
publisher = {ACM Press}
}
@inproceedings{Borgolte2013Delta_Automatic,
title = {{Delta: Automatic Identification of Unknown Web-based Infection Campaigns}},
author = {Borgolte, Kevin and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 20th ACM Conference on Computer and Communications Security},
series = {CCS},
month = {November},
year = {2013},
publisher = {ACM}
}
@inproceedings{Lindorfer2013POSTER_Cross-Platform,
title = {{POSTER: Cross-Platform Malware: Write Once, Infect Everywhere}},
author = {Lindorfer, Martina and Neumayr, Matthias and Caballero, Juan and Platzer, Christian},
booktitle = {Proceedings of the 2013 ACM Conference on Computer and Communications Security},
series = {CCS},
month = {November},
year = {2013},
address = {Berlin, Germany}
}
@inproceedings{Doupé2013Writing_Groups,
title = {{Writing Groups in Computer Science Research Labs}},
author = {Doupé, Adam and Kayfetz, Janet L.},
booktitle = {Proceedings of the 43rd Annual Frontiers in Education Conference (FIE)},
month = {October},
year = {2013},
address = {Oklahoma City, OK}
}
@inproceedings{Stringhini2013Follow_the,
title = {{Follow the Green: Growth and Dynamics in Twitter Follower Markets}},
author = {Stringhini, Gianluca and Wang, Gang and Egele, Manuel and Kruegel, Christopher and Vigna, Giovanni and Zheng, Haitao and Zhao, Ben Y.},
booktitle = {Proceedings of the 2013 Conference on Internet Measurement Conference},
series = {IMC},
year = {2013},
address = {New York, NY, USA},
doi = {10.1145/2504730.2504731},
isbn = {978-1-4503-1953-9},
pages = {163--176},
publisher = {ACM},
url = {https://doi.org/10.1145/2504730.2504731}
}
@article{Nacci2013Adaptive_and,
title = {{Adaptive and Flexible Smartphone Power Modeling}},
author = {Nacci, Alessandro and Trovò, Francesco and Maggi, Federico and Ferroni, Matteo and Cazzola, Andrea and Sciuto, Donatella and Santambrogio, Marco},
month = {October},
year = {2013},
issn = {1383-469X},
journal = {Mobile Networks and Applications},
pages = {1--10}
}
@inproceedings{Haller2013Dowsing_for,
title = {{Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations}},
author = {Haller, Istvan and Slowinska, Asia and Neugschwandtner, Matthias and Bos, Herbert},
booktitle = {Proceedings of the 22nd Symposium on USENIX Security},
month = {August},
year = {2013}
}
@inproceedings{Neugschwandtner2013A_View,
title = {{A View To A Kill: WebView Exploitation}},
author = {Neugschwandtner, Matthias and Lindorfer, Martina and Platzer, Christian},
booktitle = {Proceedings of the 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats},
series = {LEET},
month = {August},
year = {2013},
address = {Washington, D.C.}
}
@article{Dardanelli2013A_Security,
title = {{A Security Layer for Smartphone-to-Vehicle Communication over Bluetooth}},
author = {Dardanelli, Andrea and Maggi, Federico and Tanelli, Mara and Zanero, Stefano and Savaresi, Sergio M and Kochanek, Roman and Holz, Thorsten},
month = {June},
year = {2013},
issn = {1943-0663},
journal = {Embedded Systems Letters},
number = {3},
pages = {34--37},
volume = {5}
}
@inproceedings{Nikiforakis2013Cookieless_monster,
title = {{Cookieless monster: Exploring the ecosystem of web-based device fingerprinting}},
author = {Nikiforakis, Nick and Kapravelos, Alexandros and Joosen, Wouter and Kruegel, Christopher and Piessens, Frank and Vigna, Giovanni},
booktitle = {Proceedings of the 34th IEEE Symposium on Security and Privacy},
series = {S\&P},
month = {May},
year = {2013},
address = {S. Francisco, CA},
pages = {541--555},
publisher = {IEEE},
url = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6547132}
}
@inproceedings{Maggi2013Two_years,
title = {{Two years of short URLs internet measurement: security threats and countermeasures}},
author = {Maggi, Federico and Frossi, Alessandro and Zanero, Stefano and Stringhini, Gianluca and Stone-Gross, Brett and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 22nd international conference on World Wide Web},
series = {www},
month = {May},
year = {2013},
address = {Republic and Canton of Geneva, Switzerland},
isbn = {978-1-4503-2035-1},
pages = {861--872},
publisher = {International World Wide Web Conferences Steering Committee}
}
@inproceedings{Kapravelos2013Revolver_An,
title = {{Revolver: An Automated Approach to the Detection of Evasive Web-based Malware.}},
author = {Kapravelos, Alexandros and Shoshitaishvili, Yan and Cova, Marco and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 22nd Symposium on USENIX Security},
year = {2013},
pages = {637--652}
}
@inproceedings{Doupé2013deDacota_toward,
title = {{deDacota: toward preventing server-side XSS via automatic code and data separation}},
author = {Doupé, Adam and Cui, Weidong and Jakubowski, Mariusz H. and Peinado, Marcus and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS)},
year = {2013},
address = {Berlin, Germany},
isbn = {978-1-4503-2477-9},
language = {en},
pages = {1205--1216},
publisher = {ACM Press},
url = {http://dl.acm.org/citation.cfm?doid=2508859.2516708}
}
@inproceedings{Egele2013COMPA_Detecting,
title = {{COMPA: Detecting Compromised Accounts on Social Networks}},
author = {Egele, Manuel and Stringhini, Gianluca and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 20th Symposium on Network and Distributed System Security},
year = {2013},
address = {San Diego, CA}
}
@inproceedings{Stone-Gross2013The_Underground,
title = {{The Underground Economy of Fake Antivirus Software}},
author = {Stone-Gross, Brett and Abman, Ryan and Kemmerer, Richard A. and Kruegel, Christopher and Steigerwald, Douglas G. and Vigna, Giovanni},
booktitle = {Economics of Information Security and Privacy III},
series = {III},
year = {2013},
pages = {55--78},
publisher = {Springer},
url = {http://link.springer.com/chapter/10.1007/978-1-4614-1981-5_4}
}
@inproceedings{Lindorfer2012Lines_Of,
title = {{Lines Of Malicious Code: Insights Into The Malicious Software Industry}},
author = {Lindorfer, Martina and Di Federico, Alessandro and Maggi, Federico and Comparetti, Paolo Milani and Zanero, Stefano},
booktitle = {Proceedings of the 28th Annual Computer Security Applications Conference},
series = {ACSAC},
month = {December},
year = {2012}
}
@inproceedings{Polakis2012All_Your,
title = {{All Your Face Are Belong to Us: Breaking Facebook's Social Authentication}},
author = {Polakis, Jason and Lancini, Marco and Kontaxis, Georgios and Maggi, Federico and Ioannidis, Sotiris and Keromytis, Angelos and Zanero, Stefano},
booktitle = {Proceedings of the 28th Annual Computer Security Applications Conference},
series = {ACSAC},
month = {December},
year = {2012},
address = {New York, NY, USA},
isbn = {978-1-4503-1312-4},
pages = {399--408},
publisher = {ACM}
}
@inproceedings{Bianchi2012Blacksheep_Detecting,
title = {{Blacksheep: Detecting Compromised Hosts in Homogeneous Crowds}},
author = {Bianchi, Antonio and Shoshitaishvili, Yan and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 19th ACM Conference on Computer and Communications Security},
series = {CCS},
month = {October},
year = {2012},
publisher = {ACM}
}
@article{Stringhini2012Poultry_Markets,
title = {{Poultry Markets: On the Underground Economy of Twitter Followers}},
author = {Stringhini, Gianluca and Egele, Manuel and Kruegel, Christopher and Vigna, Giovanni},
month = {September},
year = {2012},
doi = {10.1145/2377677.2377781},
issn = {0146-4833},
journal = {Proceedings of the 2012 ACM workshop on Workshop on online social networks},
number = {4},
pages = {527--532},
url = {https://doi.org/10.1145/2377677.2377781},
volume = {42}
}
@inproceedings{Doupé2012Enemy_of,
title = {{Enemy of the State: A State-Aware Black-Box Vulnerability Scanner}},
author = {Doupé, Adam and Cavedon, Ludovico and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 21st Symposium on USENIX Security},
month = {August},
year = {2012},
address = {Bellevue, WA}
}
@inproceedings{Stringhini2012B@bel_Leveraging,
title = {{B@bel: Leveraging Email Delivery for Spam Mitigation.}},
author = {Stringhini, Gianluca and Egele, Manuel and Zarras, Apostolis and Holz, Thorsten and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 21st USENIX Security Symposium},
series = {USENIX Security},
year = {2012},
address = {Bellevue, WA},
pages = {16--32},
url = {https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final59.pdf}
}
@article{Egele2012PoX_Protecting,
title = {{PoX: Protecting Users from Malicious Facebook Applications}},
author = {Egele, Manuel and Moser, Andreas and Kruegel, Christopher and Kirda, Engin},
month = {July},
year = {2012},
issn = {0140-3664},
journal = {Computer Communications},
number = {12},
pages = {1507--1515},
url = {http://www.sciencedirect.com/science/article/pii/S0140366412001417},
volume = {35}
}
@article{Egele2012A_Survey,
title = {{A Survey on Automated Dynamic Malware Analysis Techniques and Tools}},
author = {Egele, Manuel and Scholte, Theodoor and Kirda, Engin and Kruegel, Christopher},
month = {March},
year = {2012},
doi = {10.1145/2089125.2089126},
issn = {0360-0300},
journal = {ACM Computing Surveys},
number = {2},
pages = {6:1--6:42},
url = {https://doi.org/10.1145/2089125.2089126},
volume = {44}
}
@inproceedings{Nikiforakis2012You_are,
title = {{You are what you include: large-scale evaluation of remote javascript inclusions}},
author = {Nikiforakis, Nick and Invernizzi, Luca and Kapravelos, Alexandros and Van Acker, Steven and Joosen, Wouter and Kruegel, Christopher and Piessens, Frank and Vigna, Giovanni},
booktitle = {Proceedings of the 19th Conference on Computer and Communication Security},
series = {CCS},
month = {February},
year = {2012},
pages = {736--747},
publisher = {ACM}
}
@inproceedings{Davi2012MoCFI_A,
title = {{MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones}},
author = {Davi, Lucas and Dmitrienko, Alexandra and Egele, Manuel and Fischer, Thomas and Holz, Thorsten and Hund, Ralf and Nürnberger, Stefan and Sadeghi, Ahmad-Reza},
booktitle = {Proceedings of the 19th Symposium on Network and Distributed System Security Symposium},
month = {February},
year = {2012},
address = {San Diego, CA}
}
@inproceedings{Invernizzi2012Evilseed_A,
title = {{Evilseed: A guided approach to finding malicious web pages}},
author = {Invernizzi, Luca and Comparetti, Paolo Milani and Benvenuti, Stefano and Kruegel, Christopher and Cova, M. and Vigna, Giovanni},
booktitle = {Proceedings of the 33rd Symposiym on Security and Privacy},
year = {2012},
address = {San Francisco, CA, USA},
pages = {428--442},
publisher = {IEEE},
url = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6234428}
}
@inproceedings{Canali2012A_quantitative,
title = {{A quantitative study of accuracy in system call-based malware detection}},
author = {Canali, Davide and Lanzi, Andrea and Balzarotti, Davide and Kruegel, Christopher and Christodorescu, Mihai and Kirda, Engin},
booktitle = {Proceedings of the 21st International Symposium on Software Testing and Analysis},
year = {2012},
address = {Minneapolis, UNITED STATES},
pages = {122--132},
publisher = {ACM},
url = {http://dl.acm.org/citation.cfm?id=2336768}
}
@inproceedings{Maggi2011Finding_Non-trivial,
title = {{Finding Non-trivial Malware Naming Inconsistencies}},
author = {Maggi, Federico and Bellini, Andrea and Salvaneschi, Guido and Zanero, Stefano},
booktitle = {Proceedings of the 7th International Conference on Information Systems Security},
series = {ICISS},
month = {December},
year = {2011},
pages = {144--159},
publisher = {Springer-Verlag},
volume = {7093}
}
@inproceedings{Doupé2011Hit_Em,
title = {{Hit 'Em Where It Hurts: A Live Security Exercise on Cyber Situational Awareness}},
author = {Doupé, Adam and Egele, Manuel and Caillat, Benjamin and Stringhini, Gianluca and Yakin, Gorkem and Zand, Ali and Cavedon, Ludovico and Vigna, Giovanni},
booktitle = {Proceedings of the 27th Annual Computer Security Applications Conference},
series = {ACSAC '11},
year = {2011},
address = {New York, NY, USA},
doi = {10.1145/2076732.2076740},
isbn = {978-1-4503-0672-0},
pages = {51--61},
publisher = {ACM},
url = {https://doi.org/10.1145/2076732.2076740}
}
@inproceedings{Neugschwandtner2011ForeCast_-,
title = {{ForeCast - Skimming off the Malware Cream}},
author = {Neugschwandtner, Matthias and Milani Comparetti, Paolo and Jacob, Gregoire and Kruegel, Christopher},
booktitle = {Proceedings of the 27th Annual Computer Security Applications Conference},
series = {ACSAC},
month = {December},
year = {2011}
}
@inproceedings{Neugschwandtner2011Detecting_Malware,
title = {{Detecting Malware's Failover C\&C Strategies with SQUEEZE}},
author = {Neugschwandtner, Matthias and Milani Comparetti, Paolo and Platzer, Christian},
booktitle = {Proceedings of the 27th Annual Computer Security Applications Conference},
series = {ACSAC},
month = {December},
year = {2011}
}
@inproceedings{Maggi2011AndroTotal_A,
title = {{AndroTotal: A Flexible, Scalable Toolbox and Service for Testing Mobile Malware Detectors}},
author = {Maggi, Federico and Valdi, Andrea and Zanero, Stefano},
booktitle = {Proceedings of the 3rd ACM Workshop on Security and Privacy in Smartphones \& Mobile Devices},
series = {SPSM},
year = {2013},
address = {New York, NY, USA},
doi = {10.1145/2516760.2516768},
isbn = {978-1-4503-2491-5},
pages = {49--54},
publisher = {ACM},
url = {https://doi.org/10.1145/2516760.2516768}
}
@inproceedings{Stone-Gross2011Understanding_Fraudulent,
title = {{Understanding Fraudulent Activities in Online Ad Exchanges}},
author = {Stone-Gross, Brett and Stevens, Ryan and Zarras, Apostolis and Kemmerer, Richard and Kruegel, Chris and Vigna, Giovanni},
booktitle = {Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference},
series = {IMC},
year = {2011},
address = {New York, NY, USA},
doi = {10.1145/2068816.2068843},
isbn = {978-1-4503-1013-0},
pages = {279--294},
publisher = {ACM},
url = {https://doi.org/10.1145/2068816.2068843}
}
@inproceedings{Maggi2011A_Fast,
title = {{A Fast Eavesdropping Attack Against Touchscreens}},
author = {Maggi, Federico and Volpatto, Alberto and Gasparini, Simone and Boracchi, Giacomo and Zanero, Stefano},
booktitle = {Proceedings of the 7th International Conference on Information Assurance and Security},
series = {IAS},
month = {December},
year = {2011},
isbn = {978-1-4577-2154-0},
pages = {320--325}
}
@inproceedings{Maggi2011POSTER_Fast,
title = {{POSTER: Fast, Automatic iPhone Shoulder Surfing}},
author = {Maggi, Federico and Volpatto, Alberto and Gasparini, Simone and Boracchi, Giacomo and Zanero, Stefano},
booktitle = {Proceedings of the 18th Conference on Computer and Communication Security},
series = {CCS},
month = {October},
year = {2011},
publisher = {ACM}
}
@inproceedings{Maggi2011Protecting_a,
title = {{Protecting a Moving Target: Addressing Web Application Concept Drift}},
author = {Maggi, Federico and Robertson, William and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection},
series = {RAID},
month = {September},
year = {2009}
}
@inproceedings{Lindorfer2011Detecting_Environment-Sensitive,
title = {{Detecting Environment-Sensitive Malware}},
author = {Lindorfer, Martina and Kolbitsch, Clemens and Milani Comparetti, Paolo},
booktitle = {Proceedings of the International Symposium on Recent Advances in Intrusion Detection},
series = {RAID},
month = {September},
year = {2011}
}
@inproceedings{Davi2011CFI_Goes,
title = {{CFI Goes Mobile: Control-Flow Integrity for Smartphones}},
author = {Davi, Lucas and Dmitrienko, Alexandra and Egele, Manuel and Fischer, Thomas and Hund, Ralf and Nürnberger, Stefan and Sadeghi, Ahmad-Reza and Holz, Thorsten},
booktitle = {International Workshop on Trustworthy Embedded Devices},
month = {September},
year = {2011},
address = {Leuven, Belgium}
}
@inproceedings{Stringhini2011BOTMAGNIFIER_Locating,
title = {{BOTMAGNIFIER: Locating Spambots on the Internet}},
author = {Stringhini, Gianluca and Holz, Thorsten and Stone-Gross, Brett and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 20st USENIX Conference on Security},
series = {USENIX Security},
year = {2011},
address = {Berkeley, CA, USA},
pages = {28--28},
publisher = {USENIX Association},
url = {http://dl.acm.org/citation.cfm?id=2028067.2028095}
}
@inproceedings{Roveta2011BURN_Baring,
title = {{BURN: Baring Unknown Rogue Networks}},
author = {Roveta, Francesco and Di Mario, Luca and Maggi, Federico and Caviglia, Giorgio and Zanero, Stefano and Ciuccarelli, Paolo},
booktitle = {Proceedings of the 8th International Symposium on Visualization for Cyber Security},
series = {VizSec},
month = {June},
year = {2011},
address = {New York, NY, USA},
isbn = {978-1-4503-0679-9},
pages = {6:1--6:10},
publisher = {ACM}
}
@inproceedings{Maggi2011System_Security,
title = {{System Security research at Politecnico di Milano}},
author = {Maggi, Federico and Zanero, Stefano},
booktitle = {Proceedings of the 1st SysSec Workshop},
series = {SysSec},
month = {July},
year = {2011},
publisher = {IEEE Computer Society}
}
@inproceedings{Szydlowski2011Challenges_for,
title = {{Challenges for Dynamic Analysis of iOS Applications}},
author = {Szydlowski, Martin and Egele, Manuel and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {iNetSec Open Research Problems in Network Security},
series = {iNetSec},
month = {June},
year = {2011},
address = {Luzerne, Switzerland}
}
@inproceedings{Maggi2011Is_the,
title = {{Is the future Web more insecure? Distractions and solutions of new-old security issues and measures}},
author = {Maggi, Federico and Zanero, Stefano},
booktitle = {Proceedings of the 2nd Worldwide Cybersecurity Summit},
series = {WCS},
month = {June},
year = {2011},
isbn = {978-1-4577-1449-8},
pages = {1--9},
publisher = {EWI}
}
@inproceedings{Maggi2011Integrated_Detection,
title = {{Integrated Detection of Anomalous Behavior of Computer Infrastructures}},
author = {Maggi, Federico and Zanero, Stefano},
booktitle = {Proceedings of the 2012 IEEE/IFIP Network Operations and Management Symposium},
series = {NOMS},
month = {April},
year = {2012},
isbn = {978-1-4673-0269-2},
pages = {866--871},
publisher = {IEEE}
}
@inproceedings{Stone-Gross2011Peering_Through,
title = {{Peering Through the iFrame}},
author = {Stone-Gross, Brett and Cova, Marco and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 30th International Conference on Computer Communications},
series = {INFOCOM},
month = {April},
year = {2011},
address = {Shanghai, China}
}
@inproceedings{Maggi2011A_Social-Engineering-centric,
title = {{A Social-Engineering-centric Data Collection Initiative to Study Phishing}},
author = {Maggi, Federico and Sisto, Alessandro and Zanero, Stefano},
booktitle = {Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security},
series = {BADGERS},
month = {April},
year = {2011},
address = {New York, NY, USA},
isbn = {978-1-4503-0768-0},
pages = {107--108},
publisher = {ACM}
}
@inproceedings{Stone-Gross2011The_Underground,
title = {{The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-scale Spam Campaigns}},
author = {Stone-Gross, Brett and Holz, Thorsten and Stringhini, Gianluca and Vigna, Giovanni},
booktitle = {Proceedings of the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats},
series = {LEET},
month = {March},
year = {2011},
address = {Berkeley, CA, USA},
pages = {4--4},
publisher = {USENIX Association},
url = {http://dl.acm.org/citation.cfm?id=1972441.1972447}
}
@inproceedings{Canali2011Prophiler_A,
title = {{Prophiler: A Fast Filter for the Large-Scale Detection of Malicious Web Pages}},
author = {Canali, Davide and Cova, Marco and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 20th World Wide Web Conference (WWW)},
month = {March},
year = {2011},
address = {Hiderabad, India}
}
@inproceedings{Egele2011PoX_Protecting,
title = {{PoX: Protecting Users from Malicious Facebook Applications}},
author = {Egele, Manuel and Moser, Andreas and Kruegel, Christopher and Kirda, Engin},
booktitle = {IEEE International Workshop on SEcurity and SOCial Networking},
month = {March},
year = {2011},
address = {Seattle, WA}
}
@inproceedings{Egele2011PiOS_Detecting,
title = {{PiOS: Detecting Privacy Leaks in iOS Applications}},
author = {Egele, Manuel and Kruegel, Christopher and Kirda, Engin and Vigna, Giovanni},
booktitle = {Proceedings of the 18th Symposium on Network and Distributed System Security (NDSS)},
month = {February},
year = {2011},
address = {San Diego, CA}
}
@article{Egele2011Removing_web,
title = {{Removing web spam links from search engine results}},
author = {Egele, Manuel and Kolbitsch, Clemens and Platzer, Christian},
month = {February},
year = {2011},
doi = {10.1007/s11416-009-0132-6},
issn = {1772-9890},
journal = {Journal in Computer Virology},
number = {1},
pages = {51--62},
url = {https://doi.org/10.1007/s11416-009-0132-6},
volume = {7}
}
@inproceedings{Fratantonio2011Shellzer_a,
title = {{Shellzer: a tool for the dynamic analysis of malicious shellcode}},
author = {Fratantonio, Yanick and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 14th Symposium on Recent Advances in Intrusion Detection (RAID)},
year = {2011},
address = {S. Francisco, CA},
pages = {61--80},
publisher = {Springer}
}
@inproceedings{Cipriano2011Nexat_A,
title = {{Nexat: A history-based approach to predict attacker actions}},
author = {Cipriano, Casey and Zand, Ali and Houmansadr, Amir and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 27th Annual Computer Security Applications Conference},
year = {2011},
address = {Orlando, FL},
pages = {383--392},
publisher = {ACM}
}
@inproceedings{Doupé2011Fear_the,
title = {{Fear the EAR: discovering and mitigating execution after redirect vulnerabilities}},
author = {Doupé, Adam and Boe, Bryce and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 18th ACM Conference on Computer and Communications Security},
month = {October},
year = {2011},
isbn = {978-1-4503-0948-6},
pages = {251--262},
publisher = {ACM},
url = {http://dl.acm.org/citation.cfm?id=2046707.2046736}
}
@inproceedings{Gilbert2011Dymo_tracking,
title = {{Dymo: tracking dynamic code identity}},
author = {Gilbert, Bob and Kemmerer, Richard and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 11 Symposium on Recent Advances in Intrusion Detection},
year = {2011},
address = {Menlo Park, CA},
doi = {10.1007/978-3-642-23644-0_2},
pages = {21--40},
publisher = {Springer},
url = {https://doi.org/10.1007/978-3-642-23644-0_2}
}
@inproceedings{Kirat2011BareBox_efficient,
title = {{BareBox: efficient malware analysis on bare-metal}},
author = {Kirat, Dhilung and Vigna, Giovanni and Kruegel, Christopher},
booktitle = {Proceedings of the 27th Annual Computer Security Applications Conference},
year = {2011},
address = {Orlando, FL},
pages = {403--412},
publisher = {ACM}
}
@article{Stone-Gross2011Analysis_of,
title = {{Analysis of a Botnet Takeover}},
author = {Stone-Gross, Brett and Cova, Marco and Gilbert, Bob and Kemmerer, Richard and Kruegel, Christopher and Vigna, Giovanni},
month = {January},
year = {2011},
issn = {1540-7993},
journal = {IEEE Security Privacy},
number = {1},
pages = {64--72},
volume = {9}
}
@inproceedings{Vigna2010Network_Intrusion,
title = {{Network Intrusion Detection: Dead or Alive?}},
author = {Vigna, Giovanni},
booktitle = {Proceedings of the 26th Annual Computer Security Applications Conference},
series = {ACSAC},
month = {December},
year = {2010},
address = {Austin, TX}
}
@inproceedings{Stringhini2010Detecting_Spammers,
title = {{Detecting Spammers on Social Networks}},
author = {Stringhini, Gianluca and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 26th Annual Computer Security Applications Conference},
series = {ACSAC},
year = {2010},
address = {New York, NY, USA},
doi = {10.1145/1920261.1920263},
isbn = {978-1-4503-0133-6},
pages = {1--9},
publisher = {ACM},
url = {https://doi.org/10.1145/1920261.1920263}
}
@inproceedings{Volpatto2010Effective_Multimodel,
title = {{Effective Multimodel Anomaly Detection Using Cooperative Negotiation}},
author = {Volpatto, Alberto and Maggi, Federico and Zanero, Stefano},
booktitle = {Proceedings of the Decision and Game Theory for Security},
series = {Lecture Notes in Computer Science},
month = {November},
year = {2010},
isbn = {978-3-642-17196-3},
pages = {180--191},
publisher = {Springer Berlin/Heidelberg},
volume = {6442}
}
@inproceedings{Balduzzi2010Abusing_Social,
title = {{Abusing Social Networks for Automated User Profiling}},
author = {Balduzzi, Marco and Platzer, Christian and Holz, Thorsten and Kirda, Engin and Balzarotti, Davide and Kruegel, Christopher},
booktitle = {Proceeding of the 13th Symposium on Recent Advances in Intrusion Detection},
year = {2010},
doi = {10.1007/978-3-642-15512-3_2},
pages = {422--441},
url = {https://doi.org/10.1007/978-3-642-15512-3_2}
}
@inproceedings{Lanzi2010AccessMiner_using,
title = {{AccessMiner: using system-centric models for malware protection}},
author = {Lanzi, Andrea and Balzarotti, Davide and Kruegel, Christopher and Christodorescu, Mihai and Kirda, Engin},
booktitle = {Proceedings of the 17th Conference on Computer and Communications Security},
year = {2010},
doi = {10.1145/1866307.1866353},
pages = {399--412},
url = {https://doi.org/10.1145/1866307.1866353}
}
@inproceedings{Wang2010Steal_This,
title = {{Steal This Movie - Automatically Bypassing DRM Protection in Streaming Media Services}},
author = {Wang, Ruoyu and Shoshitaishvili, Yan and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 22nd USENIX Conference on Security},
series = {USENIX Security},
year = {2013},
address = {Berkeley, CA, USA},
isbn = {978-1-931971-03-4},
pages = {687--702},
publisher = {USENIX Association},
url = {http://dl.acm.org/citation.cfm?id=2534766.2534825}
}
@inproceedings{Felmetsger2010Toward_Automated,
title = {{Toward Automated Detection of Logic Vulnerabilities in Web Applications}},
author = {Felmetsger, Viktoria and Cavedon, Ludovico and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 19th Symposium on USENIX Security},
month = {August},
year = {2010},
address = {Washington, DC}
}
@article{Balzarotti2010An_Experience,
title = {{An Experience in Testing the Security of Real-world Electronic Voting Systems}},
author = {Balzarotti, Davide and Banks, Greg and Cova, Marco and Felmetsger, Viktoria and Kemmerer, Richard and Robertson, William and Valeur, Fredrik and Vigna, Giovanni},
month = {August},
year = {2010},
journal = {IEEE Transactions on Software Engineering}
}
@inproceedings{Doupé2010Why_Johnny,
title = {{Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners}},
author = {Doupé, Adam and Cova, Marco and Vigna, Giovanni},
booktitle = {Proceedings of the 7th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)},
month = {July},
year = {2010},
address = {Bonn, Germany}
}
@inproceedings{Childers2010Organizing_large,
title = {{Organizing large scale hacking competitions}},
author = {Childers, Nicholas and Boe, Bryce and Cavallaro, Lorenzo and Cavedon, Ludovico and Cova, Marco and Egele, Manuel and Vigna, Giovanni},
booktitle = {Proceedings of the 7th International Conference on Detection of Intrusions and Malware \& Vulnerability Assessment},
month = {July},
year = {2010},
address = {Bonn, Germany},
isbn = {3-642-14214-1 978-3-642-14214-7},
url = {http://portal.acm.org/citation.cfm?id=1884848.1884859}
}
@inproceedings{Wondracek2010A_Practical,
title = {{A Practical Attack to De-anonymize Social Network Users}},
author = {Wondracek, Gilbert and Holz, Thorsten and Kirda, Engin and Kruegel, Christopher},
booktitle = {Proceedings of the 31th IEEE Symposium on Security and Privacy},
series = {S\&P},
year = {2010},
doi = {10.1109/SP.2010.21},
pages = {223--238},
url = {https://doi.org/10.1109/SP.2010.21}
}
@inproceedings{Kolbitsch2010Inspector_Gadget,
title = {{Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries}},
author = {Kolbitsch, Clemens and Holz, Thorsten and Kruegel, Christopher and Kirda, Engin},
booktitle = {Proceedings of the 31st IEEE Symposium on Security and Privacy},
year = {2010},
doi = {10.1109/SP.2010.10},
pages = {29--44},
url = {https://doi.org/10.1109/SP.2010.10}
}
@inproceedings{Comparetti2010Identifying_Dormant,
title = {{Identifying Dormant Functionality in Malware Programs}},
author = {Comparetti, Paolo Milani and Salvaneschi, Guido and Kirda, Engin and Kolbitsch, Clemens and Kruegel, Christopher and Zanero, Stefano},
booktitle = {Proceedings of the 31st IEEE Symposium on Security and Privacy},
year = {2010},
doi = {10.1109/SP.2010.12},
pages = {61--76},
url = {https://doi.org/10.1109/SP.2010.12}
}
@inproceedings{Cova2010Detection_and,
title = {{Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code}},
author = {Cova, Marco and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 19th International Conference on World Wide Web (WWW)},
month = {April},
year = {2010},
address = {Raleigh, NC}
}
@inproceedings{Bayer2010Improving_the,
title = {{Improving the efficiency of dynamic malware analysis}},
author = {Bayer, Ulrich and Kirda, Engin and Kruegel, Christopher},
booktitle = {Proceedings of the 2010 ACM Symposium on Applied Computing SAC},
year = {2010},
doi = {10.1145/1774088.1774484},
pages = {1871--1878},
url = {https://doi.org/10.1145/1774088.1774484}
}
@inproceedings{Egele2010CAPTCHA_smuggling,
title = {{CAPTCHA smuggling: Hijacking web browsing sessions to create CAPTCHA farms}},
author = {Egele, Manuel and Bilge, Leyla and Kirda, Engin and Kruegel, Christopher},
booktitle = {Proceedings of 25th International Symposium on Applied Computing},
month = {March},
year = {2010},
address = {Sierre, Switzerland},
isbn = {978-1-60558-639-7}
}
@inproceedings{Cavedon2010Are_BGP,
title = {{Are BGP Routers Open To Attack? An Experiment}},
author = {Cavedon, Ludovico and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the iNetSec Conference},
month = {March},
year = {2010},
address = {Sophia, Bulgaria}
}
@inproceedings{Balzarotti2010Efficient_Detection,
title = {{Efficient Detection of Split Personalities in Malware}},
author = {Balzarotti, Davide and Cova, Marco and Karlberger, Christoph and Kruegel, Christopher and Kirda, Engin and Vigna, Giovanni},
booktitle = {Proceedings of the 17th Symposium on Network and Distributed System Security Symposium (NDSS)},
month = {February},
year = {2010},
address = {San Diego, CA}
}
@inproceedings{Robertson2010Effective_Anomaly,
title = {{Effective Anomaly Detection with Scarce Training Data}},
author = {Robertson, William and Maggi, Federico and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 17th Network and Distributed Systems Security Symposium},
series = {NDSS},
month = {February},
year = {2010},
publisher = {The Internet Society}
}
@inproceedings{Balduzzi2010A_solution,
title = {{A solution for the automated detection of clickjacking attacks}},
author = {Balduzzi, Marco and Egele, Manuel and Kirda, Engin and Balzarotti, Davide and Kruegel, Christopher},
booktitle = {Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security},
year = {2010},
pages = {135--144},
publisher = {ACM},
url = {http://dl.acm.org/citation.cfm?id=1755706}
}
@inproceedings{Stone-Gross2009FIRE_FInding,
title = {{FIRE: FInding Rogue nEtworks}},
author = {Stone-Gross, Brett and Moser, Andy and Kruegel, Christopher and Kirda, Engin and Almeroth, Kevin},
booktitle = {Proceedings of the 25th Annual Computer Security Applications Conference},
series = {ACSAC},
month = {December},
year = {2009},
address = {Honolulu, HI}
}
@inproceedings{Ford2009Analyzing_and,
title = {{Analyzing and Detecting Malicious Flash Advertisements}},
author = {Ford, Sean and Cova, Marco and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC)},
month = {December},
year = {2009},
address = {Honolulu, HI}
}
@inproceedings{Stone-Gross2009Your_Botnet,
title = {{Your Botnet is My Botnet: Analysis of a Botnet Takeover}},
author = {Stone-Gross, Brett and Cova, Marco and Gilbert, Bob and Cavallaro, Lorenzo and Szydlowski, Martin and Kruegel, Christopher and Vigna, Giovanni and Kemmerer, Richard},
booktitle = {Proceedings of the 16th ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS},
month = {November},
year = {2009},
address = {Chicago, IL}
}
@inproceedings{Criscione2009Integrated_Detection,
title = {{Integrated Detection of Attacks Against Browsers, Web Applications and Databases}},
author = {Criscione, Claudio and Maggi, Federico and Salvaneschi, Guido and Zanero, Stefano},
booktitle = {Proceedings of the 3rd European Conference on Network Defense},
month = {November},
year = {2009},
isbn = {978-0-7695-3983-6},
publisher = {IEEE Computer Society}
}
@inproceedings{Wurzinger2009Automatically_Generating,
title = {{Automatically Generating Models for Botnet Detection}},
author = {Wurzinger, Peter and Bilge, Leyla and Holz, Thorsten and Goebel, Jan and Kruegel, Christopher and Kirda, Engin},
booktitle = {Proceedings of the 14th European Conference on Research in Computer Security},
series = {ESORICS},
year = {2009},
address = {Berlin, Heidelberg},
isbn = {3-642-04443-3 978-3-642-04443-4},
pages = {232--249},
publisher = {Springer-Verlag},
url = {http://dl.acm.org/citation.cfm?id=1813084.1813104}
}
@inproceedings{Stamminger2009Automated_Spyware,
title = {{Automated Spyware Collection and Analysis}},
author = {Stamminger, Andreas and Kruegel, Christopher and Vigna, Giovanni and Kirda, Engin},
booktitle = {Proceedings of the 12th Information Security Conference},
series = {ISC},
month = {September},
year = {2009},
address = {Pisa, Italy}
}
@inproceedings{Robertson2009Static_Enforcement,
title = {{Static Enforcement of Web Application Integrity Through Strong Typing}},
author = {Robertson, William and Vigna, Giovanni},
booktitle = {Proceedings of the 18th USENIX Security Symposium},
series = {USENIX Security},
month = {August},
year = {2009},
address = {Montreal, Canada}
}
@inproceedings{Egele2009Defending_Browsers,
title = {{Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks}},
author = {Egele, Manuel and Wurzinger, Peter and Kruegel, Christopher and Kirda, Engin},
booktitle = {Proceedings of the 6th International Conference on Detection of Intrusions and Malware \& Vulnerability Assessment},
month = {July},
year = {2009},
address = {Milan, Italy},
doi = {10.1007/978-3-642-02918-9_6},
url = {https://doi.org/10.1007/978-3-642-02918-9_6}
}
@inproceedings{Frossi2009Selecting_and,
title = {{Selecting and Improving System Call Models for Anomaly Detection}},
author = {Frossi, Alessandro and Maggi, Federico and Rizzo, Gian∼Luigi and Zanero, Stefano},
booktitle = {Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)},
month = {July},
year = {2009}
}
@article{Maggi2009Reducing_false,
title = {{Reducing false positives in anomaly detectors through fuzzy alert aggregation}},
author = {Maggi, Federico and Matteucci, Matteo and Zanero, Stefano},
month = {October},
year = {2009},
issn = {1566-2535},
journal = {Information Fusion},
number = {4},
pages = {300--311},
volume = {10}
}
@inproceedings{Kolbitsch2009Effective_and,
title = {{Effective and efficient malware detection at the end host}},
author = {Kolbitsch, Clemens and Comparetti, Paolo Milani and Kruegel, Christopher and Kirda, Engin and Zhou, Xiaoyong and Wang, XiaoFeng},
booktitle = {Proceedings of the 18th conference on USENIX security symposium},
year = {2009},
pages = {351--366},
publisher = {USENIX Association}
}
@inproceedings{Egele2009Removing_web,
title = {{Removing web spam links from search engine results}},
author = {Egele, Manuel and Kruegel, Christopher and Kirda, Engin},
booktitle = {European Institute for Computer Antivirus Research Conference},
month = {May},
year = {2009},
address = {Berlin, Germany},
journal = {Journal in Computer Virology}
}
@inproceedings{Egele2009Mitigating_Drive-by,
title = {{Mitigating Drive-by Download Attacks: Challenges and Open Problems}},
author = {Egele, Manuel and Kirda, Engin and Kruegel, Christopher},
booktitle = {iNetSec Open Research Problems in Network Security},
month = {April},
year = {2009},
address = {Zurich, Switzerland}
}
@article{Vigna2009Reducing_errors,
title = {{Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries}},
author = {Vigna, Giovanni and Valeur, Fredrik and Balzarotti, Davide and Robertson, William and Kruegel, Christopher and Kirda, Engin},
year = {2009},
journal = {Journal of Computer Security},
number = {3},
pages = {305--329},
url = {http://www.cs.ucsb.edu/~chris/research/doc/jcs09_revproxy.pdf},
volume = {17}
}
@article{Kirda2009Client-Side_Cross-Site,
title = {{Client-Side Cross-Site Scripting Protection}},
author = {Kirda, Engin and Jovanovic, Nenad and Kruegel, Christopher and Vigna, Giovanni},
year = {2009},
journal = {Computers \& Security},
number = {7},
pages = {592--604},
volume = {28}
}
@inproceedings{Foschini2008A_Parallel,
title = {{A Parallel Architecture for Stateful, High-Speed Intrusion Detection}},
author = {Foschini, Luca and Thapliyal, Ashish and Cavallaro, Lorenzo and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the International Conference on Information Systems Security (ICISS)},
month = {December},
year = {2008},
address = {Hyderabad, India},
pages = {203--220},
publisher = {Springer}
}
@article{Maggi2008Detecting_Intrusions,
title = {{Detecting Intrusions through System Call Sequence and Argument Analysis}},
author = {Maggi, Federico and Matteucci, Matteo and Zanero, Stefano},
month = {November},
year = {2008},
issn = {1545-5971},
journal = {IEEE Transactions on Dependable and Secure Computing (T},
number = {4},
pages = {381--395},
volume = {7}
}
@inproceedings{Balzarotti2008Are_Your,
title = {{Are Your Votes Really Counted? Testing the Security of Real-world Electronic Voting Systems}},
author = {Balzarotti, Davide and Banks, Greg and Cova, Marco and Felmetsger, Viktoria and Kemmerer, Richard and Robertson, William and Valeur, Fredrik and Vigna, Giovanni},
booktitle = {Proceedings of the 17th International Symposium on Software Testing and Analysis (ISSTA)},
month = {July},
year = {2008},
address = {Seattle, WA}
}
@inproceedings{Cova2008There_is,
title = {{There is No Free Phish: An Analysis of Free and Live Phishing Kits}},
author = {Cova, Marco and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 2nd USENIX Workshop On Offensive Technologies (WOOT)},
month = {August},
year = {2008},
address = {San Jose, CA}
}
@inproceedings{Stone-Gross2008VeriKey_A,
title = {{VeriKey: A Dynamic Certificate Verification System for Public Key Exchanges}},
author = {Stone-Gross, Brett and Sigal, David and Cohn, Rob and Morse, John and Almeroth, Kevin and Kruegel, Christopher},
booktitle = {Proceedings of the 5th Detection of Intrusions and Malware, and Vulnerability Assessment},
series = {DIMVA},
month = {July},
year = {2008},
address = {Paris, France}
}
@inproceedings{Balzarotti2008Saner_Composing,
title = {{Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications}},
author = {Balzarotti, Davide and Cova, Marco and Felmetsger, Vika and Jovanovic, Nenad and Kirda, Engin and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 29th IEEE Symposium on Security and Privacy},
month = {May},
year = {2008},
address = {Oakland, CA}
}
@inproceedings{Balzarotti2008ClearShot_Eavesdropping,
title = {{ClearShot: Eavesdropping on Keyboard Input from Video}},
author = {Balzarotti, Davide and Cova, Marco and Vigna, Giovanni},
booktitle = {Proceedings of the 29th IEEE Symposium on Security and Privacy},
month = {May},
year = {2008},
address = {Oakland, CA}
}
@inproceedings{Stone-Gross2008Malware_in,
title = {{Malware in IEEE 802.11 Wireless Networks}},
author = {Stone-Gross, Brett and Wilson, Christo and Almeroth, Kevin and Belding, Elizabeth and Zheng, Heather and Papagiannaki, Konstantina},
booktitle = {Proceedings of the 9th Passive and Active Measurement Conference},
series = {PAM},
month = {April},
year = {2008},
address = {Cleveland, OH}
}
@article{Maggi2008Seeing_the,
title = {{Seeing the invisible: forensic uses of anomaly detection and machine learning}},
author = {Maggi, Federico and Zanero, Stefano and Iozzo, Vincenzo},
month = {April},
year = {2008},
issn = {0163-5980},
journal = {Operating Systems Review of the ACM Special Interest Group on Operating Systems},
number = {3},
pages = {51--58},
volume = {42}
}
@article{McDaniel2007EVEREST_Evaluation,
title = {{EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing}},
author = {McDaniel, Patrik and Blaze, Matt and Vigna, Giovanni},
month = {December},
year = {2007},
journal = {EVEREST voting system}
}
@inproceedings{Kruegel2007Improving_Signature,
title = {{Improving Signature Testing Through Dynamic Data Flow Analysis}},
author = {Kruegel, Christopher and Balzarotti, Davice and Robertson, William and Vigna, Giovanni},
booktitle = {Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC)},
month = {December},
year = {2007},
address = {Miami, FL},
pages = {53--63}
}
@inproceedings{Gundy2007Feature_Omission,
title = {{Feature Omission Vulnerabilities: Thwarting Signature Generation for Polymorphic Worms}},
author = {Gundy, Matthew Van and Chen, Hao and Su, Zhendong and Vigna, Giovanni},
booktitle = {Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC)},
month = {December},
year = {2007},
address = {Miami, FL},
pages = {74--83}
}
@inproceedings{Yin2007Panorama_Capturing,
title = {{Panorama: Capturing System-Wide Information Flow For Malware Detection and Analysis}},
author = {Yin, Heng and Song, Dawn Xiaodong and Egele, Manuel and Kruegel, Christopher and Kirda, Engin},
booktitle = {Proceedings of the 14th Annual Computer Security Applications Conference},
series = {CCS},
month = {October},
year = {2007},
address = {Alexandria, VA},
doi = {10.1145/1315245.1315261},
url = {https://doi.org/10.1145/1315245.1315261}
}
@inproceedings{Balzarotti2007Multi-Module_Vulnerability,
title = {{Multi-Module Vulnerability Analysis of Web-based Applications}},
author = {Balzarotti, Davide and Cova, Marco and Felmetsger, Viktoria and Vigna, Giovanni},
booktitle = {Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS)},
month = {October},
year = {2007},
address = {Alexandria, VA},
pages = {25--35}
}
@article{Klinkoff2007Extending_.NET,
title = {{Extending .NET Security to Unmanaged Code}},
author = {Klinkoff, Patrick and Kirda, Engin and Kruegel, Christopher and Vigna, Giovanni},
month = {October},
year = {2007},
journal = {International Journal of Information Security},
number = {6},
pages = {417--428},
volume = {6}
}
@inproceedings{Maggi2007On_the,
title = {{On the Use of Different Statistical Tests for Alert Correlation - Short Paper}},
author = {Maggi, Federico and Zanero, Stefano},
booktitle = {Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection},
series = {RAID},
month = {September},
year = {2007},
pages = {167--177}
}
@inproceedings{Mutz2007Exploiting_Execution,
title = {{Exploiting Execution Context for the Detection of Anomalous System Calls}},
author = {Mutz, Darren and Robertson, William and Vigna, Giovanni and Kemmerer, Richard},
booktitle = {Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection},
series = {RAID},
month = {September},
year = {2007},
address = {Gold Coast, Australia},
pages = {1--20}
}
@inproceedings{Cova2007Swaddler_An,
title = {{Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications}},
author = {Cova, Marco and Balzarotti, Davide and Felmetsger, Viktoria and Vigna, Giovanni},
booktitle = {Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection (RAID)},
month = {September},
year = {2007},
address = {Gold Coast, Australia},
pages = {63--86}
}
@inproceedings{Gundy2007Catch_Me,
title = {{Catch Me, If You Can: Evading Network Signatures with Web-based Polymorphic Worms}},
author = {Gundy, Matthew Van and Balzarotti, Davide and Vigna, Giovanni},
booktitle = {Proceedings of the 1st USENIX Workshop on Offensive Technologies (WOOT)},
month = {August},
year = {2007},
address = {Boston, MA}
}
@article{Vigna2007Security_Evaluation,
title = {{Security Evaluation of the Sequoia Voting System}},
author = {Vigna, Giovanni and Kemmerer, Richard A. and Balzarotti, Davide and Banks, Greg and Cova, Marco and Felmetsger, Vika and Robertson, Wil and Valeur, Fredrik},
month = {July},
year = {2007},
journal = {Top-To-Bottom Review of the California Voting Machines}
}
@inproceedings{Egele2007Dynamic_Spyware,
title = {{Dynamic Spyware Analysis}},
author = {Egele, Manuel and Kruegel, Christopher and Kirda, Engin and Yin, Heng and Song, Dawn Xiaodong},
booktitle = {Proceedings of the 16th USENIX Annual Technical Conference},
month = {June},
year = {2007},
address = {Santa Clara, CA}
}
@inproceedings{Carzaniga2007Is_Code,
title = {{Is Code Still Moving Around? Looking Back at a Decade of Code Mobility}},
author = {Carzaniga, Antonio and Picco, Gian Pietro and Vigna, Giovanni},
booktitle = {Proceedings of the 29th International Conference on Software Engineering (ICSE)},
month = {May},
year = {2007},
pages = {9--20}
}
@inproceedings{Vogt2007Cross_Site,
title = {{Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis.}},
author = {Vogt, Philipp and Nentwich, Florian and Jovanovic, Nenad and Kirda, Engin and Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 14th Network and Distributed Systems Security Symposium},
series = {NDSS},
year = {2007},
address = {San Diego, CA}
}
@inbook{Cova2007Vulnerability_Analysis,
title = {{Vulnerability Analysis of Web Applications}},
author = {Cova, Marco and Felmetsger, Viktoria and Vigna, Giovanni},
booktitle = {Testing and Analysis of Web Services},
year = {2007},
publisher = {Springer}
}
@inproceedings{Mulliner2006Vulnerability_Analysis,
title = {{Vulnerability Analysis of MMS User Agents}},
author = {Mulliner, Collin and Vigna, Giovanni},
booktitle = {Proceedings of the 22th Annual Computer Security Applications Conference},
series = {ACSAC},
month = {December},
year = {2006},
address = {Miami, FL}
}
@inproceedings{Cova2006Static_Detection,
title = {{Static Detection of Vulnerabilities in x86 Executables}},
author = {Cova, Marco and Felmetsger, Viktoria and Banks, Greg and Vigna, Giovanni},
booktitle = {Proceedings of the 22nd Symposium on Computer Security Applications Conference (ACSAC)},
month = {December},
year = {2006},
address = {Miami, FL}
}
@inproceedings{Kirda2006Behavior-based_Spyware,
title = {{Behavior-based Spyware Detection}},
author = {Kirda, Engin and Kruegel, Christopher and Banks, Greg and Vigna, Giovanni and Kemmerer, Richard},
booktitle = {Proceedings of the 15th Symposium on the USENIX Security},
month = {August},
year = {2006},
address = {Vancouver, Canada}
}
@inproceedings{Egele2006Using_Static,
title = {{Using Static Program Analysis to Aid Intrusion Detection}},
author = {Egele, Manuel and Szydlowski, Martin and Kirda, Engin and Kruegel, Christopher},
booktitle = {Proceedings of the 3rd International Conference on Detection of Intrusions and Malware \& Vulnerability Assessment},
month = {July},
year = {2006},
address = {Berlin, Germany},
doi = {10.1007/11790754_2},
url = {https://doi.org/10.1007/11790754_2}
}
@inproceedings{Arnes2006Using_Hidden,
title = {{Using Hidden Markov Models to Evaluate the Risks of Intrusions: System Architecture and Model Validation}},
author = {Arnes, André and Valeur, Fredrik and Vigna, Giovanni and Kemmerer, Richard A.},
booktitle = {Proceedings of the 9th Symposium on Recent Advances in Intrusion Detection},
year = {2006},
pages = {145--164},
publisher = {Springer},
url = {http://link.springer.com/chapter/10.1007/11856214_8}
}
@article{Årnes2006Using_a,
title = {{Using a virtual security testbed for digital forensic reconstruction}},
author = {Årnes, André and Haas, Paul and Vigna, Giovanni and Kemmerer, Richard A.},
month = {December},
year = {2006},
issn = {1772-9890, 1772-9904},
journal = {Journal in Computer Virology},
language = {en},
number = {4},
pages = {275--289},
url = {http://link.springer.com/article/10.1007/s11416-006-0033-x},
volume = {2}
}
@mastersthesis{Egele2006Behavior-Based_Spyware,
title = {{Behavior-Based Spyware Detection Using Dynamic Taint Analysis}},
author = {Egele, Manuel},
year = {2006},
address = {Austria},
school = {Vienna University of Technology}
}
@inproceedings{Kruegel2005Polymorphic_Worm,
title = {{Polymorphic Worm Detection Using Structural Information of Executables}},
author = {Kruegel, Christopher and Kirda, Engin and Mutz, Darren and Robertson, William and Vigna, Giovanni},
booktitle = {Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID)},
series = {LNCS},
month = {September},
year = {2005},
address = {Seattle, WA},
pages = {207--226},
publisher = {Springer-Verlag},
volume = {3858}
}
@inproceedings{Kruegel2005Automating_Mimicry,
title = {{Automating Mimicry Attacks Using Static Binary Analysis}},
author = {Kruegel, Christopher and Kirda, Engin and Mutz, Darren and Robertson, William and Vigna, Giovanni},
booktitle = {Proceedings of the 14th Symposium on USENIX Security},
month = {August},
year = {2005},
address = {Baltimore, MD}
}
@inproceedings{Valeur2005A_Learning-Based,
title = {{A Learning-Based Approach to the Detection of SQL Attacks}},
author = {Valeur, Fredrik and Mutz, Darren and Vigna, Giovanni},
booktitle = {Proceedings of the 2nd Detection of Intrusions and Malware, and Vulnerability Assessment},
series = {DIMVA},
year = {2005},
address = {Berlin, Heidelberg},
doi = {10.1007/11506881_8},
isbn = {3-540-26613-5 978-3-540-26613-6},
pages = {123--140},
publisher = {Springer-Verlag},
url = {https://doi.org/10.1007/11506881_8}
}
@inproceedings{Felmetsger2005Exploiting_OS-level,
title = {{Exploiting OS-level Mechanisms to Implement Mobile Code Security}},
author = {Felmetsger, Viktoria and Vigna, Giovanni},
booktitle = {Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS)},
month = {June},
year = {2005},
address = {Shanghai, China}
}
@inproceedings{Hallaraker2005Detecting_Malicious,
title = {{Detecting Malicious JavaScript Code in Mozilla}},
author = {Hallaraker, Oystein and Vigna, Giovanni},
booktitle = {Proceedings of the 8th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS)},
month = {June},
year = {2005},
address = {Shanghai, China},
pages = {85--94}
}
@inproceedings{Kruegel2005Reverse_Engineering,
title = {{Reverse Engineering of Network Signatures}},
author = {Kruegel, Christopher and Mutz, Darren and Robertson, William and Vigna, Giovanni and Kemmerer, Richard},
booktitle = {Proceedings of the AusCERT Asia Pacific Information Technology Security Conference},
month = {May},
year = {2005},
address = {Gold Coast, Australia}
}
@inbook{Kemmerer2005Sensor_Families,
title = {{Sensor Families for Intrusion Detection Infrastructures}},
author = {Kemmerer, Richard A. and Vigna, Giovanni},
booktitle = {Managing Cyber Threats: Issues, Approaches and Challenges},
series = {Massive Computing},
year = {2005},
publisher = {Springer-Verlag},
volume = {5}
}
@inbook{Kruegel2005Intrusion_Detection,
title = {{Intrusion Detection and Correlation: Challenges and Solutions}},
author = {Kruegel, Christopher and Valeur, Fredrik and Vigna, Giovanni},
series = {Advances in Information Security},
year = {2005},
publisher = {Springer},
volume = {14}
}
@inproceedings{Vigna2004An_Intrusion,
title = {{An Intrusion Detection Tool for AODV-based Ad Hoc Wireless Networks}},
author = {Vigna, Giovanni and Gwalani, Sumit and Srinivasan, Kavitha and Belding-Royer, Elizabeth and Kemmerer, Richard},
booktitle = {Proceedings of the 20th Annual Computer Security Applications Conference},
series = {ACSAC},
month = {December},
year = {2004},
address = {Tucson, AZ},
pages = {16--27}
}
@inproceedings{Zhou2004Detecting_Attacks,
title = {{Detecting Attacks That Exploit Application-Logic Errors Through Application-Level Auditing}},
author = {Zhou, J. and Vigna, G.},
booktitle = {Proceedings of the 20th Annual Computer Security Applications Conference},
series = {ACSAC},
month = {December},
year = {2004},
address = {Tucson, AZ},
pages = {168--178}
}
@article{Kruegel2004Using_Alert,
title = {{Using Alert Verification to Identify Successful Intrusion Attempts}},
author = {Kruegel, Christopher and Robertson, William and Vigna, Giovanni},
month = {December},
year = {2004},
journal = {Practice in Information Processing and Communication (PIK)},
number = {4},
pages = {219--227},
volume = {27}
}
@inproceedings{Kruegel2004Detecting_Kernel-Level,
title = {{Detecting Kernel-Level Rootkits Through Binary Analysis}},
author = {Kruegel, Christopher and Robertson, William and Vigna, Giovanni},
booktitle = {Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC)},
month = {December},
year = {2004},
address = {Tucson, AZ},
pages = {91--100}
}
@inproceedings{Vigna2004Testing_Network-based,
title = {{Testing Network-based Intrusion Detection Signatures Using Mutant Exploits}},
author = {Vigna, Giovanni and Robertson, Wil and Balzarotti, Davide},
booktitle = {Proceedings of the 11th ACM SIGSAC Conference on Computer and Communications Security},
series = {CCS},
month = {October},
year = {2004},
address = {Washington, DC},
pages = {21--30}
}
@inproceedings{Kruegel2004Static_Disassembly,
title = {{Static Disassembly of Obfuscated Binaries}},
author = {Kruegel, Christopher and Robertson, William and Valeur, Fredrik and Vigna, Giovanni},
booktitle = {Proceedings of 13th Symposium on USENIX Security},
month = {August},
year = {2004},
address = {San Diego, CA},
pages = {255--270}
}
@article{Valeur2004A_Comprehensive,
title = {{A Comprehensive Approach to Intrusion Detection Alert Correlation}},
author = {Valeur, Fredrik and Vigna, Giovanni and Kruegel, Christopher and Kemmerer, Richard A.},
month = {July},
year = {2004},
doi = {10.1109/TDSC.2004.21},
issn = {1545-5971},
journal = {IEEE Transactions on Dependable and Secure Computing},
number = {3},
pages = {146--169},
url = {https://doi.org/10.1109/TDSC.2004.21},
volume = {1}
}
@inproceedings{Vigna2004Mobile_Agents,
title = {{Mobile Agents: Ten Reasons For Failure}},
author = {Vigna, Giovanni},
booktitle = {Proceedings of the 5th IEEE International Conference on Mobile Data Management},
series = {MDM},
month = {January},
year = {2004},
address = {Berkeley, CA},
pages = {298--299}
}
@inproceedings{Mutz2003An_Experience,
title = {{An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems}},
author = {Mutz, Darren and Vigna, Giovanni and Kemmerer, Richard},
booktitle = {Proceedings of the 19th Annual Computer Security Applications Conference},
series = {ACSAC},
month = {December},
year = {2003},
address = {Las Vegas, Nevada},
pages = {374--383}
}
@inproceedings{Vigna2003A_Stateful,
title = {{A Stateful Intrusion Detection System for World-Wide Web Servers}},
author = {Vigna, Giovanni and Robertson, Wil and Kher, Vishal and Kemmerer, Richard A.},
booktitle = {Proceedings of the 10th Annual Computer Security Applications Conference},
series = {CCS},
month = {December},
year = {2003},
address = {Las Vegas, NV},
pages = {34--43}
}
@article{Vigna2003Teaching_Hands-On,
title = {{Teaching Hands-On Network Security: Testbeds and Live Exercises}},
author = {Vigna, Giovanni},
year = {2003},
journal = {Journal of Information Warfare},
number = {2},
pages = {8--25},
volume = {3}
}
@inproceedings{Kruegel2003Anomaly_Detection,
title = {{Anomaly Detection of Web-based Attacks}},
author = {Kruegel, Christopher and Vigna, Giovanni},
booktitle = {Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS 39;03)},
month = {October},
year = {2003},
address = {Washington, DC},
pages = {251--261},
publisher = {ACM Press}
}
@inproceedings{Kruegel2003On_the,
title = {{On the Detection of Anomalous System Call Arguments}},
author = {Kruegel, Christopher and Mutz, Darren and Valeur, Fredrik and Vigna, Giovanni},
booktitle = {Proceedings of the 8th European Symposium on Research in Computer Security (ESORICS 39;03)},
series = {LNCS},
month = {October},
year = {2003},
address = {Gjovik, Norway},
pages = {326--343},
publisher = {Springer-Verlag}
}
@inproceedings{Vigna2003A_Topological,
title = {{A Topological Characterization of TCP/IP Security}},
author = {Vigna, Giovanni},
booktitle = {Proceedings of the 12th International Symposium of Formal Methods Europe},
series = {FME},
month = {September},
year = {2003},
address = {Pisa, Italy},
pages = {914--940},
publisher = {Springer-Verlag}
}
@inproceedings{Vigna2003Designing_and,
title = {{Designing and Implementing a Family of Intrusion Detection Systems}},
author = {Vigna, Giovanni and Valeur, Fredrik and Kemmerer, Richard A.},
booktitle = {Proceedings of the 9th European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering},
series = {ESEC/FSE},
month = {September},
year = {2003},
address = {Helsinki, Finland},
pages = {88--97}
}
@inproceedings{Soman2003Detecting_Malicious,
title = {{Detecting Malicious Java Code Using Virtual Machine Auditing}},
author = {Soman, Sunil and Krintz, Chandra and Vigna, Giovanni},
booktitle = {Proceedings of the 12th USENIX Security Symposium},
series = {USENIX Security},
month = {August},
year = {2003},
address = {Washington, DC},
pages = {153--167},
publisher = {USENIX}
}
@inproceedings{Vigna2003Teaching_Network,
title = {{Teaching Network Security Through Live Exercises}},
author = {Vigna, Giovanni},
booktitle = {Proceedings of the 3rd Annual World Conference on Information Security Education},
series = {WISE},
month = {June},
year = {2003},
address = {Monterey, CA},
pages = {3--18},
publisher = {Kluwer Academic Publishers}
}
@inproceedings{Vigna2002Composable_Tools,
title = {{Composable Tools For Network Discovery and Security Analysis}},
author = {Vigna, Giovanni and Valeur, Fredrik and Zhou, Jingyu and Kemmerer, Richard A.},
booktitle = {Proceedings of the 18th Annual Computer Security Applications Conference},
series = {ACSAC},
month = {December},
year = {2002},
address = {Las Vegas, NV},
pages = {14--24},
publisher = {IEEE Press}
}
@inproceedings{Vigna2002Mnemosyne_Designing,
title = {{Mnemosyne: Designing and Implementing Network Short-Term Memory}},
author = {Vigna, G. and Mitchell, A.},
booktitle = {Proceedings of the 8th IEEE International Conference on Engineering of Complex Computer Systems},
series = {ICECCS},
month = {December},
year = {2002},
address = {Greenbelt, MD},
pages = {91--100},
publisher = {IEEE Press}
}
@inproceedings{Mittal2002Sensor-Based_Intrusion,
title = {{Sensor-Based Intrusion Detection for Intra-Domain Distance-Vector Routing}},
author = {Mittal, Vishal and Vigna, Giovanni},
booktitle = {Proceedings of the 9th Conference on Computer and Communication Security},
series = {CCS},
month = {November},
year = {2002},
address = {Washington, DC},
pages = {127--137},
publisher = {ACM Press}
}
@inproceedings{Vigna2002An_Intrusion,
title = {{An Intrusion Detection System for Aglets}},
author = {Vigna, Giovanni and Cassell, Bryan and Fayram, Dave},
booktitle = {Proceedings of the 6th International Conference on Mobile Agents},
series = {MA},
month = {October},
year = {2002},
address = {Barcelona, Spain},
pages = {64--77},
publisher = {Springer-Verlag},
volume = {2535}
}
@inproceedings{Kruegel2002Stateful_Intrusion,
title = {{Stateful Intrusion Detection for High-Speed Networks}},
author = {Kruegel, Christopher and Valeur, Fredrik and Vigna, Giovanni and Kemmerer, Richard A.},
booktitle = {Proceedings of the 23rd IEEE Symposium on Security and Privacy},
month = {May},
year = {2002},
address = {Oakland, CA},
pages = {285--293},
publisher = {IEEE Press}
}
@article{Kemmerer2002Intrusion_Detection,
title = {{Intrusion Detection: A Brief History and Overview}},
author = {Kemmerer, Richard A. and Vigna, Giovanni},
month = {April},
year = {2002},
journal = {IEEE Computer},
pages = {27--30}
}
@article{Eckmann2002STATL_An,
title = {{STATL: An Attack Language for State-based Intrusion Detection}},
author = {Eckmann, Steven T. and Vigna, Giovanni and Kemmerer, Richard A.},
year = {2002},
journal = {Journal of Computer Security},
number = {1/2},
pages = {71--104},
volume = {10}
}
@inproceedings{Fischmeister2001Evaluating_the,
title = {{Evaluating the Security Of Three Java-Based Mobile Agent Systems}},
author = {Fischmeister, Sebastian and Vigna, Giovanni and Kemmerer, Richard A.},
booktitle = {Proceedings of the 5th International Conference on Mobile Agents (MA 39;01)},
month = {December},
year = {2001},
address = {Atlanta, GA},
pages = {31--41},
publisher = {Springer-Verlag},
volume = {2240}
}
@inproceedings{Vigna2001Designing_a,
title = {{Designing a Web of Highly-Configurable Intrusion Detection Sensors}},
author = {Vigna, Giovanni and Kemmerer, Richard A. and Blix, Per},
booktitle = {Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection},
series = {RAID},
month = {October},
year = {2001},
address = {Davis, CA},
pages = {69--84},
publisher = {Springer-Verlag},
volume = {2212}
}
@inproceedings{Vigna2000Attack_Languages,
title = {{Attack Languages}},
author = {Vigna, Giovanni and Eckmann, Steve T. and Kemmerer, Richard A.},
booktitle = {Proceedings of the 3rd IEEE Information Survivability Workshop},
series = {ISW},
month = {October},
year = {2000},
address = {Boston, MA},
pages = {163--166}
}
@inproceedings{Vigna2000The_STAT,
title = {{The STAT Tool Suite}},
author = {Vigna, Giovanni and Eckmann, Steve T. and Kemmerer, Richard A.},
booktitle = {Proceedings of DISCEX 2000},
series = {DISCEX},
month = {January},
year = {2000},
address = {Hilton Head, SC},
pages = {46--55},
publisher = {IEEE Press}
}
@inproceedings{ward2019leakage,
title = {{The Leakage-Resilience Dilemma}},
author = {Ward, Bryan C and Skowyra, Richard and Spensky, Chad and Martin, Jason and Okhravi, Hamed},
booktitle = {European Symposium on Research in Computer Security},
series = {ESORICS},
month = {September},
year = {2019},
organization = {Springer},
pages = {87--106}
}
@article{Vigna1999NetSTAT_A,
title = {{NetSTAT: A Network-based Intrusion Detection System}},
author = {Vigna, Giovanni and Kemmerer, Richard A.},
year = {1999},
journal = {Journal of Computer Security},
number = {1},
pages = {37--71},
volume = {7}
}
@inproceedings{Vigna1998NetSTAT_A,
title = {{NetSTAT: A Network-based Intrusion Detection Approach}},
author = {Vigna, Giovanni and Kemmerer, Richard A.},
booktitle = {Proceedings of the 14th Annual Computer Security Applications Conference},
series = {ACSAC},
month = {December},
year = {1998},
address = {Scottsdale, AZ},
pages = {25--34},
publisher = {IEEE Press}
}
@incollection{Ghezzi1998Software_Engineering,
title = {{Software Engineering Issues in Network Computing}},
author = {Ghezzi, Carlo and Vigna, Giovanni},
booktitle = {Requirements Targeting Software and Systems Engineering},
month = {August},
year = {1998},
pages = {101--123},
publisher = {Springer-Verlag},
volume = {1526}
}
@inproceedings{Vigna1998A_Model-Centered,
title = {{A Model-Centered Electronic Commerce Middleware}},
author = {Vigna, Giovanni and Bonomi, Leonardo},
booktitle = {Proceedings of the International IFIP Working Conference on Trends in Electronic Commerce},
series = {TrEC},
month = {June},
year = {1998},
address = {Hamburg, Germany}
}