Publications

Managing QoS in Smart Buildings Through Software Defined Network and Usage Control
[10/Mar/2019]

This work presents a framework for applying QoS in a network of a Smart Building environment, exploiting Software Defined Networks (SDN) and Usage Control (UCON) policy enforcement. The proposed framework will be presented in a plausible use case of a Smart Building where the available Internet connection provided by an Internet Service Provider will be distributed both to tenants and the devices responsible for the management and the safety of the building, taking into account different levels of QoS.

Authors: 
Fabio Martinelli
Author (ESR): 
Christina Michailidou (Consiglio Nazionale Delle Ricerche)

Phylogenetic Analysis for Ransomware Detection and Classification into Families
[26/Jul/2018]

The widespread of ransomware experienced in the last years has been caused also by the ability of attackers
to introduce changes and mutations that make the malware hard to identify from antimalware software. In this
paper we propose a two-phase method based on machine learning on API-level analysis aimed (i) to effectively
detect ransomware despite the applied techniques for obfuscation and introduced variations, (ii) to provide a
tool for security analysts to track phylogenetic relationships exploiting the binary tree obtained by the classification

Authors: 
Fabio Martinelli
Francesco Mercaldo
Andrea saracino
Author (ESR): 
Christina Michailidou (Consiglio Nazionale Delle Ricerche)

Building Taxonomies based on Human-Machine Teaming: Cyber Security as an Example

Taxonomies and ontologies are handy tools in many application domains such as knowledge systematization and automatic reasoning. In the cyber security field, many researchers have proposed such taxonomies and ontologies, most of which were built based on manual work. Some researchers proposed the use of computing tools to automate the building process, but mainly on very narrow sub-areas of cyber security.

Authors: 
Mohamad Imad Mahaini
Shujun Li
Rahime Belen Sağlam
Author (ESR): 
Mohamad Imad Mahaini (University of Kent)

MAL2IMAGE: Hybrid Image Transformation for Malware Classification
[1/Aug/2019]

Poster

Existing image transformation approaches (e.g. Nataraj et al. [1], Liu 2016 [2]) for malware detection only perform simple transformation methods that have not considered color encoding and pixel rendering techniques on the performance of machine learning classifiers.

Aims of the research: We propose a new approach to encode and arrange bytes from a binary file into images. These developed images contain statistical (e.g., entropy) and syntactic artifacts (e.g., strings) and their pixels are filled up using Hilbert curves.

Authors: 
Duc-Ly Vu
Nguyen Trong Kha
Fabio Massacci
Tam V. Nguyen
Phu H. Phung
Author (ESR): 
Ly Vu Duc (Universita Degli Studi Di Trento)

Towards Explainable Machine Learning in Intrusion Detection Systems
[1/Aug/2019]

Poster

The lacking of semantics or reasonable explanations for machine learning predictions is one of the main reasons for its adoption barrier in the field of intrusion detection. In fact, without explanations, one machine learning approach fails to gain users’ trust in its predictions, especially after having wasted their effort for examining false-positives. Therefore, we are motivated to study a novel approach of applying machine learning such that it not only efficiently detects intrusions but also provides explanations for those decisions.

Authors: 
Chau D.M. Pham
Duc-Ly Vu
Fabio Massacci
Tran Khanh Dang
Sandro Etalle
Davide Fauri
Author (ESR): 
Ly Vu Duc (Universita Degli Studi Di Trento)

Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques
[20/Jun/2019]

With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes.

Authors: 
Duy-Phuc Pham
Duc-Ly Vu
Fabio Massacci
Author (ESR): 
Ly Vu Duc (Universita Degli Studi Di Trento)

Sharing Cyber Threat Intelligence Under the General Data Protection Regulation

Sharing Cyber Threat Intelligence (CTI) is a key strategy for improving cyber defense, but there are risks of breaching regulations and laws regarding privacy. With regulations such as the General Data Protection Regulation (GDPR) that are designed to protect citizens’ data privacy, the managers of CTI datasets need clear guidance on how and when it is legal to share such information. This paper defines the impact that GDPR legal aspects may have on the sharing of CTI. In addition, we define adequate protection levels for sharing CTI to ensure compliance with the GDPR.

Authors: 
Adham Albakri, Eerke A. Boiten, Rogério de Lemos
Author (ESR): 
Adham Albakri (University of Kent)

A Model Specification for the Design of Trust Negotiations

Trust negotiation is a type of trust management model for establishing trust between entities by a mutual exchange of credentials. This approach was designed for online environments, where the attributes of users, such as skills, habits, behaviour and experience are unknown. Required criteria of trust negotiation must be supported by a trust negotiation model in order to provide a functional, adequately robust and efficient application. Such criteria were identified previously.

Authors: 
M. Kolar, C. Fernandez-Gago and J. Lopez
Author (ESR): 
Martin Kolar (Universidad De Malaga)

Pages