Systems Security Research Lab
The Systems Security Research Lab (S2Lab) sits in the Information Security Research Group of the Department of Computer Science at University College London (UCL).
Our vision is to develop techniques that automatically protect systems from vulnerabilities and malicious activities. Certainly, this is a broad remit, so let’s narrow the scope a bit. We work at the intersection of program analysis and machine learning for systems security. Ah, the buzzwords. It may be tempting to believe we’re just following the machine learning/cybersecurity hype, but that would be untrue.
In fact our motivation can be traced back to two particular research efforts from the underground hacker and academic security communities which touched on these topics:
- Smashing the stack for fun and profit, one of the very first attempts to discuss the details of low-level systems security through the lens of the exploitation of memory corruption vulnerabilities; and
- Intrusion Detection via Static Analysis, one of the very first attempts to combine (static) program analysis with anomaly detection.
Since these works, we’ve always been intrigued by the role these disciplines play to secure our systems. The democratization of machine learning approaches has clearly increased our appetite further to reason about how program analysis and machine learning can intertwine in order to improve systems security in the presence of adversaries.
Ultimately, we aim to build practical tools and provide security services to the community at large, while supporting open science.
We are thankful to the several sponsors who have funded our research, including UKRI EPSRC, EU, GCHQ/NCSC, Intel Security, NVIDIA Corporation, and AVAST Software. Moreover, we are eternally grateful to the many collaborators whom we have been working with or have provided opportunities for cross-pollination to influence, inspire, and further refine our research vision.
We are committed to pursuing academic excellence while embracing disruptive thinking at its best.
Latest News
- June 2024: "Exploiting Code Symmetries for Learning Program Semantic" accepted to appear at ICML 2024 as a Spotlight paper (3.5% acceptance rate spotlight/oral)
- June 2024: "ChainReactor: Automated Privilege Escalation Chain Discovery via AI Planning" accepted to appear at USENIX Sec 2024
- March 2023: "ROPfuscator: Robust Obfuscation with ROP" accepted to appear at WOOT 2023, co-located with IEEE S&P 2023
- March 2023: "Is It Overkill? Analyzing Feature-Space Concept Drift in Malware Detectors" accepted to appear at DLSP 2023, co-located with IEEE S&P 2023
- March 2023: "Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers" accepted to appear at IEEE S&P 2023. See you in SF!
- August 2022: Truly humbled to receive one of the USENIX Security 2022 Distinguished Paper Awards for our work Dos and Don't of Machine Learning for Computer Security
- August 2022: Daniel, Feargus, Fabio, and Lorenzo are attending USENIX Sec 2022 in Boston to present our work Dos and Don't of Machine Learning for Computer Security
- June 2022: Lorenzo delivers the keynote "Transcending Transcend: Revisiting Malware Classification in the Presence of Concept Drift" at the KASTEL Distinguished Lecture Series
- June 2022: Lorenzo delivers the keynote "Trustworthy Machine Learning... for Systems Security" at the first "post-pandemic" UCL ACE-CSR Open Day
- April 2022: Federico, Feargus, Fabio, and Lorenzo are attending IEEE S&P 2022 in San Francisco to present our work "Transcending Transcend: Revisiting Malware Classification in the Presence of Concept Drift"
Selected Publications
ICML 2024 | Spotlight · 41st International Conference on Machine Learning, 2023
@inproceedings{pei2024exploiting,
title={Exploiting Code Symmetries for Learning Program Semantics},
>/span> author={Kexin Pei and Weichen Li and Qirui Jin and Shuyang Liu and Scott Geng and Lorenzo Cavallaro and Junfeng Yang and Suman Jana},
booktitle={Forty-first International Conference on Machine Learning},
year={2024},
url={https://openreview.net/forum?id=OLvgrLtv6J}
}
USENIX Sec 2024 · 33rd USENIX Security Symposium, 2024
@inproceedings{depasquale24ChainReactor,
author = {Giulio De Pasquale, Ilya Grishchenko, Riccardo Iesari, Gabriel Pizarro, Lorenzo Cavallaro, Christopher Kruegel, and Giovanni Vigna},
title = {{ChainReactor}: Automated Privilege Escalation Chain Discovery via AI Planning},
booktitle = {33rd USENIX Security Symposium},
year = {2024},
}
IEEE S&P 2023 · 44th IEEE Symposium on Security and Privacy, 2023
@article{yang2022jigsaw,
author = {Limin Yang, Zhi Chen, Jacopo Cortellazzi, Feargus Pendlebury, Kevin Tu, Fabio Pierazzi, Lorenzo Cavallaro, Gang Wang},
title = {Jigsaw Puzzle: Selective Backdoor Attack
to Subvert Malware Classifiers},
booktitle = {{IEEE} Symposium on Security and Privacy},
volume = {abs/2202.05470},
year = {2023},
url = {https://arxiv.org/abs/2202.05470},
eprint = {2202.05470},
}
DLSP 2023 · 6th IEEE Workshop on Deep Learning Security and Privacy, 2023
@inproceedings{chen23dlsp,
author = {Zhi Chen and Zhenning Zhang and Zeliang Kan and Limin Yang and and Jacopo Cortellazzi and Feargus Pendlebury and Fabio Pierazzi and Lorenzo Cavallaro and Gang Wang},
title = {Is It Overkill? Analyzing Feature-Space Concept Drift in Malware Detectors},
booktitle = {{IEEE} Workshop on Deep Learning Security and Privacy ({DLSP})},
year = {2023},
}
USENIX Sec 2022 | Distinguished Paper Award · 31st USENIX Security Symposium, 2022
@inproceedings{arp2022dodo,
author = {Daniel Arp and Erwin Quiring and Feargus Pendlebury and Alexander Warnecke and Fabio Pierazzi and Christian Wressnegger and Lorenzo Cavallaro and Konrad Rieck},
title = {Dos and Don'ts of Machine Learning in Computer Security},
booktitle = {31st USENIX Security Symposium},
year = {2022},
}
IEEE S&P 2022 · 43rd IEEE Symposium on Security and Privacy, 2022
@inproceedings{barbero2022transcendent,
author = {Federico Barbero and Feargus Pendlebury and Fabio Pierazzi and Lorenzo Cavallaro},
title = {Transcending Transcend: Revisiting Malware Classification in the Presence of Concept Drift},
booktitle = {{IEEE} Symposium on Security and Privacy},
year = {2022},
}
AISec 2021 · 14th ACM Workshop on Artificial Intelligence and Security, 2021
@inproceedings{kan2021adaptation,
author = {Zeliang Kan and Feargus Pendlebury and Fabio Pierazzi and Lorenzo Cavallaro},
title = {Investigating Labelless Drift Adaptation for Malware Detection},
booktitle = {{ACM} Workshop on Artificial Intelligence and Security ({AISec})},
year = {2021},
}
ACSAC 2020 · Annual Computer Security Applications Conference, 2020
@inproceedings{patrickevans2020punstrip,
author = {James Patrick-Evans and Lorenzo Cavallaro and Johannes Kinder},
title = {Probabilistic Naming of Functions in Stripped Binaries},
booktitle = {Annual Computer Security Applications Conference (ACSAC)},
year = {2020},
}
IEEE S&P 2020 · 41st IEEE Symposium on Security and Privacy, 2020
@inproceedings{pierazzi2020problemspace,
author = {Fabio Pierazzi and Feargus Pendlebury and Jacopo Cortellazzi and Lorenzo Cavallaro},
booktitle = {2020 IEEE Symposium on Security and Privacy (SP)},
title = {Intriguing Properties of Adversarial ML Attacks in the Problem Space},
year = {2020},
volume = {},
issn = {2375-1207},
pages = {1308-1325},
doi = {10.1109/SP40000.2020.00073},
url = {https://doi.ieeecomputersociety.org/10.1109/SP40000.2020.00073},
publisher = {IEEE Computer Society},
}
USENIX Sec 2019 · 28th USENIX Security Symposium, 2019
@inproceedings{pendlebury2019tesseract,
author = {Feargus Pendlebury and Fabio Pierazzi and Roberto Jordaney and Johannes Kinder and Lorenzo Cavallaro},
title = {{TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time}},
booktitle = {28th USENIX Security Symposium},
year = {2019},
address = {Santa Clara, CA},
publisher = {USENIX Association},
note = {USENIX Sec}
}
USENIX Sec 2017 · 26th USENIX Security Symposium, 2017
@inproceedings {jordaney2017,
author = {Roberto Jordaney and Kumar Sharad and Santanu K. Dash and Zhi Wang and Davide Papini and Ilia Nouretdinov and Lorenzo Cavallaro},
title = {{Transcend: Detecting Concept Drift in Malware Classification Models}},
booktitle = {26th USENIX Security Symposium},
year = {2017},
address = {Vancouver, BC},
url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/jordaney},
publisher = {USENIX Association},
note = {USENIX Sec}
}
ACM CCS-AISec 2016 · 9th ACM CCS Workshop on Artificial Intelligence and Security, 2016
@inproceedings{aisec16,
author = {Amit Deo and Santanu Kumar Dash and Guillermo Suarez-Tangil and Volodya Vovk and Lorenzo Cavallaro},
title = {{Prescience: Probabilistic Guidance on the Retraining Conundrum for Malware Detection}},
booktitle = {9th ACM CCS Workshop on Artificial Intelligence and Security},
year = {2016},
note = {ACM CCS-AISec}
}
NDSS 2015 · 22nd Annual Network and Distributed System Security Symposium, 2015
@InProceedings{copperdroid-ndss2015,
author = {Kimberly Tam, Salahuddin J. Khan, Aristide Fattori, and Lorenzo Cavallaro},
title = {{CopperDroid: Automatic Reconstruction of Android Malware Behaviors}},
booktitle = {22nd Annual Network and Distributed System Security Symposium, San Diego, California, USA},
year = 2015,
month = {February},
note = {NDSS}
}