Systems Security Research Lab


The Systems Security Research Lab (S2Lab) sits in the Information Security Research Group of the Department of Computer Science at University College London (UCL).

Our vision is to develop techniques to automatically protect systems from vulnerabilities and malicious activities. (Certainly, a broad remit. Let’s scope it a bit.) How? We work at the intersection of program analysis and machine learning for systems security. Ah, the buzzwords. It may be tempting to believe we’ve been following the Machine Learning-Cybersecurity hype: that’s untrue, although a plausible thought.

IN FACT.

Looking back at how we got captivated by “security” at large, it is possible to track our heritage to two particular research efforts from the underground hacker and academic security communities:

Since then, we’ve always been intrigued by the role these disciplines play to secure our systems. The democratization of machine learning approaches has clearly increased our appetite further to reason about the intertwined relationship program analysis and machine learning have for systems security in the presence of adversaries.

Ultimately, we aim to build practical tools and provide security services to the community at large, while supporting open science at our best.

We are thankful to the several sponsors who have funded our research, including UKRI EPSRC, EU, GCHQ/NCSC, Intel Security, NVIDIA Corporation, and AVAST Software. Moreover, we are unduly grateful to the many collaborators whom we have been working with or have provided cross-pollination opportunities (indirectly too) to influence, inspire, and refine our research vision further.

We aim at pursuing academic excellence while embracing disruptive thinking at its best.

Latest News

Selected Publications

Dos and Don'ts of Machine Learning in Computer Security
Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, Konrad Rieck
USENIX Sec · 31st USENIX Security Symposium, 2022
@article{arp2020dodo,
author = {Daniel Arp and Erwin Quiring and Feargus Pendlebury and Alexander Warnecke and Fabio Pierazzi and Christian Wressnegger and Lorenzo Cavallaro and Konrad Rieck},
title = {Dos and Don'ts of Machine Learning in Computer Security},
journal = {USENIX Sec 2022 (to appear)},
volume = {abs/2010.09470},
year = {2020},
url = {http://arxiv.org/abs/2010.09470},
eprint = {2010.09470},
archivePrefix = {arXiv}
}
Investigating Labelless Drift Adaptation for Malware Detection
Zeliang Kan and Feargus Pendlebury and Fabio Pierazzi and Lorenzo Cavallaro
AISec · 14th ACM Workshop on Artificial Intelligence and Security, 2021
@article{kan,
author = {Zeliang Kan and Feargus Pendlebury and Fabio Pierazzi and Lorenzo Cavallaro},
title = {Investigating Labelless Drift Adaptation for Malware Detection},
journal = {AISec 2021},
volume = {},
year = {2021},
url = {},
eprint = {},
}
INSOMNIA: Towards Concept-Drift Robustness in Network Intrusion Detection
Giuseppina Andresini and Feargus Pendlebury and Fabio Pierazzi and Corrado Loglisci and Annalisa Appice and Lorenzo Cavallaro
AISec · 14th ACM Workshop on Artificial Intelligence and Security, 2021
@article{kan,
author = {Giuseppina Andresini and Feargus Pendlebury and Fabio Pierazzi and Corrado Loglisci and Annalisa Appice and Lorenzo Cavallaro},
title = {INSOMNIA: Towards Concept-Drift Robustness in Network Intrusion Detection},
journal = {AISec 2021},
volume = {},
year = {2021},
url = {},
eprint = {},
}
Universal Adversarial Perturbations for Malware
Raphael Labaca-Castro, Luis Muñoz-González, Feargus Pendlebury, Gabi Dreo Rodosek, Fabio Pierazzi, Lorenzo Cavallaro
CoRR · arXiv CoRR, 2021
@article{labacacastro2021uaps,
author = {Raphael Labaca-Castro and Luis Muñoz-González and Feargus Pendlebury and Gabi Dreo Rodosek and Fabio Pierazzi and Lorenzo Cavallaro},
title = {Universal Adversarial Perturbations for Malware},
journal = {CoRR},
volume = {abs/2102.06747},
year = {2021},
url = {http://arxiv.org/abs/2102.06747},
eprint = {2102.06747},
archivePrefix = {arXiv}
}
Probabilistic Naming of Functions in Stripped Binaries
James Patrick-Evans, Lorenzo Cavallaro, Johannes Kinder
ACSAC · Annual Computer Security Applications Conference, 2020
@inproceedings{patrickevans2020punstrip,
author = {James Patrick-Evans and Lorenzo Cavallaro and Johannes Kinder},
title = {Probabilistic Naming of Functions in Stripped Binaries},
booktitle = {Annual Computer Security Applications Conference (ACSAC)},
year = {2020},
}
Transcending Transcend: Revisiting Malware Classification in the Presence of Concept Drift
Federico Barbero, Feargus Pendlebury, Fabio Pierazzi, and Lorenzo Cavallaro
CoRR · arXiv CoRR, 2020
@article{barbero2020,
author = {Federico Barbero and Feargus Pendlebury and Fabio Pierazzi and Lorenzo Cavallaro},
title = {Transcending Transcend: Revisiting Malware Classification in the Presence of Concept Drift},
journal = {CoRR},
volume = {abs/2010.03856},
year = {2020},
url = {http://arxiv.org/abs/2010.03856},
eprint = {2010.03856},
archivePrefix = {arXiv}
}
Intriguing Properties of Adversarial ML Attacks in the Problem Space
Fabio Pierazzi*, Feargus Pendlebury*, Jacopo Cortellazzi, Lorenzo Cavallaro
IEEE S&P · 41st IEEE Symposium on Security and Privacy, 2020
@inproceedings{pierazzi2020problemspace,
author = {Fabio Pierazzi and Feargus Pendlebury and Jacopo Cortellazzi and Lorenzo Cavallaro},
booktitle = {2020 IEEE Symposium on Security and Privacy (SP)},
title = {Intriguing Properties of Adversarial ML Attacks in the Problem Space},
year = {2020},
volume = {},
issn = {2375-1207},
pages = {1308-1325},
doi = {10.1109/SP40000.2020.00073},
url = {https://doi.ieeecomputersociety.org/10.1109/SP40000.2020.00073},
publisher = {IEEE Computer Society},
}
TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time
Feargus Pendlebury*, Fabio Pierazzi*, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro
USENIX Sec · 28th USENIX Security Symposium, 2019
@inproceedings{pendlebury2019tesseract,
author = {Feargus Pendlebury* and Fabio Pierazzi* and Roberto Jordaney and Johannes Kinder and Lorenzo Cavallaro},
title = {{TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time}},
booktitle = {28th USENIX Security Symposium},
year = {2019},
address = {Santa Clara, CA},
publisher = {USENIX Association},
note = {USENIX Sec}
}
Transcend: Detecting Concept Drift in Malware Classification Models
Roberto Jordaney, Kumar Sharad, Santanu K. Dash, Zhi Wang, Davide Papini, Ilia Nouretdinov, and Lorenzo Cavallaro
USENIX Sec · 26th USENIX Security Symposium, 2017
@inproceedings {jordaney2017,
author = {Roberto Jordaney and Kumar Sharad and Santanu K. Dash and Zhi Wang and Davide Papini and Ilia Nouretdinov and Lorenzo Cavallaro},
title = {{Transcend: Detecting Concept Drift in Malware Classification Models}},
booktitle = {26th USENIX Security Symposium},
year = {2017},
address = {Vancouver, BC},
url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/jordaney},
publisher = {USENIX Association},
note = {USENIX Sec}
}
Modular Synthesis of Heap Exploits
Dusan Repel, Johannes Kinder, and Lorenzo Cavallaro
ACM CCS-PLAS · ACM SIGSAC Workshop on Programming Languages and Analysis for Security, 2017
@inproceedings{plas2017,
author = {Dusan Repel and Johannes Kinder and Lorenzo Cavallaro},
title = {Modular Synthesis of Heap Exploits},
booktitle = {Proc. ACM SIGSAC Workshop on Programming Languages and Analysis for Security (PLAS 2017)},
year = 2017,
note = {ACM CCS-PLAS}
}
CopperDroid: Automatic Reconstruction of Android Malware Behaviors
Kimberly Tam, Salahuddin J. Khan, Aristide Fattori, and Lorenzo Cavallaro
NDSS · 22nd Annual Network and Distributed System Security Symposium, 2015
@InProceedings{copperdroid-ndss2015,
author = {Kimberly Tam, Salahuddin J. Khan, Aristide Fattori, and Lorenzo Cavallaro},
title = {{CopperDroid: Automatic Reconstruction of Android Malware Behaviors}},
booktitle = {22nd Annual Network and Distributed System Security Symposium, San Diego, California, USA},
year = 2015,
month = {February},
note = {NDSS}
}