Research Areas
Publications
Exploiting Code Symmetries for Learning Program Semantics
ICML 2024 | Spotlight · 41st International Conference on Machine Learning, 2023
ICML 2024 | Spotlight · 41st International Conference on Machine Learning, 2023
@inproceedings{pei2024exploiting,
title={Exploiting Code Symmetries for Learning Program Semantics},
>/span> author={Kexin Pei and Weichen Li and Qirui Jin and Shuyang Liu and Scott Geng and Lorenzo Cavallaro and Junfeng Yang and Suman Jana},
booktitle={Forty-first International Conference on Machine Learning},
year={2024},
url={https://openreview.net/forum?id=OLvgrLtv6J}
}
ChainReactor: Automated Privilege Escalation Chain Discovery via AI Planning
USENIX Sec 2024 · 33rd USENIX Security Symposium, 2024
USENIX Sec 2024 · 33rd USENIX Security Symposium, 2024
@inproceedings{depasquale24ChainReactor,
author = {Giulio De Pasquale, Ilya Grishchenko, Riccardo Iesari, Gabriel Pizarro, Lorenzo Cavallaro, Christopher Kruegel, and Giovanni Vigna},
title = {{ChainReactor}: Automated Privilege Escalation Chain Discovery via AI Planning},
booktitle = {33rd USENIX Security Symposium},
year = {2024},
}
Are Machine Learning Models for Malware Detection Ready for Prime Time?
IEEE S&P Magazine 2023 · IEEE Security & Privacy Magazine, 2023
IEEE S&P Magazine 2023 · IEEE Security & Privacy Magazine, 2023
@article{CavKinPen23,
author = {Cavallaro, Lorenzo and Kinder, Johannes and Pendlebury, Feargus and Pierazzi, Fabio},
journal = {IEEE Security \& Privacy Magazine},
title = {Are Machine Learning Models for Malware Detection Ready for Prime Time?},
year = {2023},
volume = {21},
number = {2},
pages = {53-56},
doi = {10.1109/MSEC.2023.3236543},
}
Drift Forensics of Malware Classifiers
AISec 2023 · In Prof. of the ACM Workshop on Artificial Intelligence and Security, 2023
AISec 2023 · In Prof. of the ACM Workshop on Artificial Intelligence and Security, 2023
@inproceedings{chow2023driftforensics,
title = {Drift Forensics of Malware Classifiers},
author = {Chow, Theo and Kan, Zeliang and Linhardt, Lorenz and Cavallaro, Lorenzo and Arp, Daniel and Pierazzi, Fabio},
booktitle = {Prof. of the {ACM} Workshop on Artificial Intelligence and Security ({AISec})},
year = {2023},
}
Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers
IEEE S&P 2023 · 44th IEEE Symposium on Security and Privacy, 2023
IEEE S&P 2023 · 44th IEEE Symposium on Security and Privacy, 2023
@article{yang2022jigsaw,
author = {Limin Yang, Zhi Chen, Jacopo Cortellazzi, Feargus Pendlebury, Kevin Tu, Fabio Pierazzi, Lorenzo Cavallaro, Gang Wang},
title = {Jigsaw Puzzle: Selective Backdoor Attack
to Subvert Malware Classifiers},
booktitle = {{IEEE} Symposium on Security and Privacy},
volume = {abs/2202.05470},
year = {2023},
url = {https://arxiv.org/abs/2202.05470},
eprint = {2202.05470},
}
Is It Overkill? Analyzing Feature-Space Concept Drift in Malware Detectors
DLSP 2023 · 6th IEEE Workshop on Deep Learning Security and Privacy, 2023
DLSP 2023 · 6th IEEE Workshop on Deep Learning Security and Privacy, 2023
@inproceedings{chen23dlsp,
author = {Zhi Chen and Zhenning Zhang and Zeliang Kan and Limin Yang and and Jacopo Cortellazzi and Feargus Pendlebury and Fabio Pierazzi and Lorenzo Cavallaro and Gang Wang},
title = {Is It Overkill? Analyzing Feature-Space Concept Drift in Malware Detectors},
booktitle = {{IEEE} Workshop on Deep Learning Security and Privacy ({DLSP})},
year = {2023},
}
ROPfuscator: Robust Obfuscation with ROP
WOOT 2023 · 17th IEEE Workshop on Offensive Technologies, 2023
WOOT 2023 · 17th IEEE Workshop on Offensive Technologies, 2023
@inproceedings{depasquale23,
author = {Giulio De Pasquale and Fukutomo Nakanishi and Daniele Ferla and Lorenzo Cavallaro},
title = {ROPfuscator: Robust Obfuscation with ROP},
booktitle = {{IEEE} Workshop on Offensive Technologies ({WOOT})},
year = {2023},
}
Dos and Don'ts of Machine Learning in Computer Security
USENIX Sec 2022 | Distinguished Paper Award · 31st USENIX Security Symposium, 2022
USENIX Sec 2022 | Distinguished Paper Award · 31st USENIX Security Symposium, 2022
@inproceedings{arp2022dodo,
author = {Daniel Arp and Erwin Quiring and Feargus Pendlebury and Alexander Warnecke and Fabio Pierazzi and Christian Wressnegger and Lorenzo Cavallaro and Konrad Rieck},
title = {Dos and Don'ts of Machine Learning in Computer Security},
booktitle = {31st USENIX Security Symposium},
year = {2022},
}
Transcending Transcend: Revisiting Malware Classification in the Presence of Concept Drift
IEEE S&P 2022 · 43rd IEEE Symposium on Security and Privacy, 2022
IEEE S&P 2022 · 43rd IEEE Symposium on Security and Privacy, 2022
@inproceedings{barbero2022transcendent,
author = {Federico Barbero and Feargus Pendlebury and Fabio Pierazzi and Lorenzo Cavallaro},
title = {Transcending Transcend: Revisiting Malware Classification in the Presence of Concept Drift},
booktitle = {{IEEE} Symposium on Security and Privacy},
year = {2022},
}
@article{labacacastro2022uaps,
author = {Raphael Labaca-Castro and Luis Muñoz-González and Feargus Pendlebury and Gabi Dreo Rodosek and Fabio Pierazzi and Lorenzo Cavallaro},
title = {Realizable Universal Adversarial Perturbations for Malware},
journal = {CoRR},
volume = {abs/2102.06747},
year = {2022},
url = {https://arxiv.org/abs/2102.06747},
eprint = {2102.06747},
archivePrefix = {arXiv}
}
Investigating Labelless Drift Adaptation for Malware Detection
AISec 2021 · 14th ACM Workshop on Artificial Intelligence and Security, 2021
AISec 2021 · 14th ACM Workshop on Artificial Intelligence and Security, 2021
@inproceedings{kan2021adaptation,
author = {Zeliang Kan and Feargus Pendlebury and Fabio Pierazzi and Lorenzo Cavallaro},
title = {Investigating Labelless Drift Adaptation for Malware Detection},
booktitle = {{ACM} Workshop on Artificial Intelligence and Security ({AISec})},
year = {2021},
}
INSOMNIA: Towards Concept-Drift Robustness in Network Intrusion Detection
AISec · 14th ACM Workshop on Artificial Intelligence and Security, 2021
AISec · 14th ACM Workshop on Artificial Intelligence and Security, 2021
@inproceedings{andresini2021insomnia,
author = {Giuseppina Andresini and Feargus Pendlebury and Fabio Pierazzi and Corrado Loglisci and Annalisa Appice and Lorenzo Cavallaro},
title = {{INSOMNIA}: Towards Concept-Drift Robustness in Network Intrusion Detection},
journal = {{ACM} Workshop on Artificial Intelligence and Security ({AISec})},
year = {2021},
}
Identifying Authorship in Malicious Binaries: Features, Challenges & Datasets
CSUR 2024 · ACM Computing Surveys, 2024
CSUR 2024 · ACM Computing Surveys, 2024
@article{Grayetal2024,
author = {Gray, Jason and Sgandurra, Daniele and Cavallaro, Lorenzo and Blasco Alis, Jorge},
title = {Identifying Authorship in Malicious Binaries: Features, Challenges \& Datasets},
journal = {ACM Comput. Surv.},
issue_date = {August 2024},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {56},
number = {8},
month = {apr},
year = {2024},
articleno = {212},
numpages = {36},
url = {https://doi.org/10.1145/3653973},
doi = {10.1145/3653973},
issn = {0360-0300},
}
@article{nakanishi2020rop,
author = {Fukutomo Nakanishi and Giulio De Pasquale and Daniele Ferla and Lorenzo Cavallaro},
title = {Intertwining ROP Gadgets and Opaque Predicates for Robust Obfuscation},
journal = {CoRR},
volume = {abs/2012.09163},
year = {2020},
url = {http://arxiv.org/abs/2012.09163},
eprint = {2012.09163},
archivePrefix = {arXiv}
}
Probabilistic Naming of Functions in Stripped Binaries
ACSAC 2020 · Annual Computer Security Applications Conference, 2020
ACSAC 2020 · Annual Computer Security Applications Conference, 2020
@inproceedings{patrickevans2020punstrip,
author = {James Patrick-Evans and Lorenzo Cavallaro and Johannes Kinder},
title = {Probabilistic Naming of Functions in Stripped Binaries},
booktitle = {Annual Computer Security Applications Conference (ACSAC)},
year = {2020},
}
Intriguing Properties of Adversarial ML Attacks in the Problem Space
IEEE S&P 2020 · 41st IEEE Symposium on Security and Privacy, 2020
IEEE S&P 2020 · 41st IEEE Symposium on Security and Privacy, 2020
@inproceedings{pierazzi2020problemspace,
author = {Fabio Pierazzi and Feargus Pendlebury and Jacopo Cortellazzi and Lorenzo Cavallaro},
booktitle = {2020 IEEE Symposium on Security and Privacy (SP)},
title = {Intriguing Properties of Adversarial ML Attacks in the Problem Space},
year = {2020},
volume = {},
issn = {2375-1207},
pages = {1308-1325},
doi = {10.1109/SP40000.2020.00073},
url = {https://doi.ieeecomputersociety.org/10.1109/SP40000.2020.00073},
publisher = {IEEE Computer Society},
}
On the Dissection of Evasive Malware
IEEE TIFS 2020 · IEEE Trans. Information Forensics and Security, 2020
IEEE TIFS 2020 · IEEE Trans. Information Forensics and Security, 2020
@article{DBLP:journals/tifs/delia,
author = {Daniele Cono D'Elia and Emilio Coppa and Federico Palmaro and Lorenzo Cavallaro},
title = {{On the Dissection of Evasive Malware}},
journal = {{IEEE Trans. Information Forensics and Security}},
volume = {15},
pages = {2750--2765},
year = {2020},
url = {https://doi.org/10.1109/TIFS.2020.2976559},
doi = {10.1109/TIFS.2020.2976559},
bibsource = {dblp computer science bibliography, http://dblp.org},
note = {IEEE TIFS}
}
TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time
USENIX Sec 2019 · 28th USENIX Security Symposium, 2019
USENIX Sec 2019 · 28th USENIX Security Symposium, 2019
@inproceedings{pendlebury2019tesseract,
author = {Feargus Pendlebury and Fabio Pierazzi and Roberto Jordaney and Johannes Kinder and Lorenzo Cavallaro},
title = {{TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time}},
booktitle = {28th USENIX Security Symposium},
year = {2019},
address = {Santa Clara, CA},
publisher = {USENIX Association},
note = {USENIX Sec}
}
BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews
RAID 2018 · 21st International Symposium on Research in Attacks, Intrusions and Defenses, 2018
RAID 2018 · 21st International Symposium on Research in Attacks, Intrusions and Defenses, 2018
@inproceedings{DBLP:conf/raid/RizzoCK18,
author = {Claudio Rizzo and Lorenzo Cavallaro and Johannes Kinder},
title = {BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews},
booktitle = {{RAID}},
series = {Lecture Notes in Computer Science},
volume = {11050},
pages = {25--46},
publisher = {Springer},
year = {2018}
}
POTUS: Probing Off-The-Shelf USB Drivers with Symbolic Fault Injection
USENIX Sec-WOOT 2017 · 11th USENIX Workshop on Offensive Technologies, 2017 · Best Paper Award
USENIX Sec-WOOT 2017 · 11th USENIX Workshop on Offensive Technologies, 2017 · Best Paper Award
@inproceedings{woot2017,
author = {James Patrick-Evans and Lorenzo Cavallaro and Johannes Kinder},
title = {{POTUS}: Probing Off-The-Shelf {USB} Drivers with Symbolic Fault Injection},
booktitle = {11th USENIX Workshop on Offensive Technologies (WOOT)},
note = {USENIX WOOT Best Paper Award},
year = 2017,
}
Transcend: Detecting Concept Drift in Malware Classification Models
USENIX Sec 2017 · 26th USENIX Security Symposium, 2017
USENIX Sec 2017 · 26th USENIX Security Symposium, 2017
@inproceedings {jordaney2017,
author = {Roberto Jordaney and Kumar Sharad and Santanu K. Dash and Zhi Wang and Davide Papini and Ilia Nouretdinov and Lorenzo Cavallaro},
title = {{Transcend: Detecting Concept Drift in Malware Classification Models}},
booktitle = {26th USENIX Security Symposium},
year = {2017},
address = {Vancouver, BC},
url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/jordaney},
publisher = {USENIX Association},
note = {USENIX Sec}
}
Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting
IEEE TIFS 2017 · IEEE Trans. Information Forensics and Security, 2017
IEEE TIFS 2017 · IEEE Trans. Information Forensics and Security, 2017
@article{DBLP:journals/tifs/0029LBKTLC17,
author = {Li Li and Daoyuan Li and Tegawende F. Bissyande and Jacques Klein and Yves Le Traon and David Lo and Lorenzo Cavallaro},
title = {{Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting}},
journal = {{IEEE Trans. Information Forensics and Security}},
volume = {12},
number = {6},
pages = {1269--1284},
year = {2017},
url = {https://doi.org/10.1109/TIFS.2017.2656460},
doi = {10.1109/TIFS.2017.2656460},
timestamp = {Sun, 28 May 2017 13:17:25 +0200},
biburl = {http://dblp.uni-trier.de/rec/bib/journals/tifs/0029LBKTLC17},
bibsource = {dblp computer science bibliography, http://dblp.org},
note = {IEEE TIFS}
}
Modular Synthesis of Heap Exploits
ACM CCS-PLAS 2017 · ACM SIGSAC Workshop on Programming Languages and Analysis for Security, 2017
ACM CCS-PLAS 2017 · ACM SIGSAC Workshop on Programming Languages and Analysis for Security, 2017
@inproceedings{plas2017,
author = {Dusan Repel and Johannes Kinder and Lorenzo Cavallaro},
title = {Modular Synthesis of Heap Exploits},
booktitle = {Proc. ACM SIGSAC Workshop on Programming Languages and Analysis for Security (PLAS 2017)},
year = 2017,
note = {ACM CCS-PLAS}
}
Stack Object Protection with Low Fat Pointers
NDSS 2017 · 24th Annual Network and Distributed System Security Symposium, 2017
NDSS 2017 · 24th Annual Network and Distributed System Security Symposium, 2017
@InProceedings{lowfatstack-ndss2017,
author = {Gregory Duck and Roland Yap and Lorenzo Cavallaro},
title = {{Stack Object Protection with Low Fat Pointers}},
booktitle = {24th Annual Network and Distributed System Security Symposium, San Diego, California, USA},
year = 2017,
month = {February},
note = {NDSS}
}
Euphony: Harmonious Unification of Cacophonous Anti-Virus Vendor Labels for Android Malware
MSR 2017 · 14th International Conference on Mining Software Repositories, 2017
MSR 2017 · 14th International Conference on Mining Software Repositories, 2017
@inproceedings{DBLP:conf/msr/HurierSDBTKC17,
author = {Mederic Hurier and Guillermo Suarez-Tangil and Santanu Kumar Dash and Tegawende F. Bissyande and Yves Le Traon and Jacques Klein and Lorenzo Cavallaro},
title = {{Euphony: Harmonious Unification of Cacophonous Anti-Virus Vendor Labels for Android Malware}},
booktitle = {Proceedings of the 14th International Conference on Mining Software Repositories, {MSR} 2017, Buenos Aires, Argentina, May 20-28},
pages = {425--435},
year = {2017},
doi = {10.1109/MSR.2017.57},
timestamp = {Fri, 07 Jul 2017 14:06:35 +0200},
biburl = {http://dblp.uni-trier.de/rec/bib/conf/msr/HurierSDBTKC17},
bibsource = {dblp computer science bibliography, http://dblp.org},
note = {MSR}
}
Flipping 419 Cybercrime Scams: Targeting the Weak and the Vulnerable
ACM WWW-CyberSafety 2017 · 26th International Conference on World Wide Web Companion, 2017
ACM WWW-CyberSafety 2017 · 26th International Conference on World Wide Web Companion, 2017
@inproceedings{Mba:2017:FCS:3041021.3053892,
author = {Gibson Mba and Jeremiah Onaolapo and Gianluca Stringhini and Lorenzo Cavallaro},
title = {{Flipping 419 Cybercrime Scams: Targeting the Weak and the Vulnerable}},
booktitle = {Proceedings of the 26th International Conference on World Wide Web Companion},
series = {WWW '17 Companion},
year = {2017},
numpages = {10},
url = {https://doi.org/10.1145/3041021.3053892},
doi = {10.1145/3041021.3053892},
publisher = {International World Wide Web Conferences Steering Committee},
keywords = {419, cybercrime, scam},
note = {ACM WWW-CyberSafety}
}
The Evolution of Android Malware and Android Analysis Techniques
ACM CSUR 2017 · ACM Computing Surveys, 2017
ACM CSUR 2017 · ACM Computing Surveys, 2017
@article{Tam:2017:EAM:3022634.3017427,
author = {Kimberly Tam and Ali Feizollah and Badrul Nor Anuar and Rosli Salleh and Lorenzo Cavallaro},
title = {{The Evolution of Android Malware and Android Analysis Techniques}},
journal = {ACM Compututing Surveys},
issue_date = {February 2017},
volume = {49},
number = {4},
month = {January},
year = {2017},
issn = {0360-0300},
pages = {76:1--76:41},
articleno = {76},
numpages = {41},
url = {http://doi.acm.org/10.1145/3017427},
doi = {10.1145/3017427},
acmid = {3017427},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {Android, classification, detection, dynamic analysis, malware, static analysis},
note = {ACM CSUR}
}
DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware
ACM CODASPY 2017 · 7th ACM Conference on Data and Application Security and Privacy, 2017
ACM CODASPY 2017 · 7th ACM Conference on Data and Application Security and Privacy, 2017
@inproceedings{codaspy17,
author = {Guillermo Suarez-Tangil and Santanu Kumar Dash and Mansour Ahmadi and Johannes Kinder and Giorgio Giacinto and Lorenzo Cavallaro},
title = {{DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware}},
booktitle = {{Proceedings of the Seventh ACM Conference on Data and Application Security and Privacy}},
year = {2017},
month = {March},
url = {http://dx.doi.org/10.1145/3029806.3029825},
doi = {10.1145/3029806.3029825},
note = {ACM CODASPY}
}
Misleading Metrics: On Evaluating Machine Learning for Malware with Confidence
TR@RHUL 2016 · Technical Report, 2016
TR@RHUL 2016 · Technical Report, 2016
@TechReport{RHUL2016,
author = {Roberto Jordaney and Zhi Wang and Davide Papini and Ilia Nouretdinov and Lorenzo Cavallaro},
title = {{Misleading Metrics: On Evaluating Machine Learning for Malware with Confidence}},
institution = {Royal Holloway, University of London},
year = {2016},
number = {2016-1},
note = {TR@RHUL}
}
DroidScribe: Classifying Android Malware Based on Runtime Behavior
IEEE S&P-MoST 2016 · IEEE Security and Privacy Workshops: Mobile Security Technologies, 2016
IEEE S&P-MoST 2016 · IEEE Security and Privacy Workshops: Mobile Security Technologies, 2016
@inproceedings{most16-droidscribe,
author = {Santanu Kumar Dash and Guillermo Suarez-Tangil and Salahuddin Khan and Kimberly Tam and Mansour Ahmadi and Johannes Kinder and Lorenzo Cavallaro},
title = {DroidScribe: Classifying Android Malware Based on Runtime Behavior},
booktitle = {IEEE Security and Privacy Workshops: Mobile Security Technologies},
year = 2016,
month = {May},
note = {IEEE S&P-MoST}
}
You Can't Touch This: Consumer-centric Android Application Repackaging Detection
FGCS 2016 · Future Generation Computer Systems, 2016
FGCS 2016 · Future Generation Computer Systems, 2016
@Article{gurulian16:_you_cant_touch_this,
author = {Iakovos Gurulian and Konstantinos Markantonakis and Lorenzo Cavallaro and Keith Mayes},
title = {{You Can't Touch This: Consumer-centric Android Application Repackaging Detection}},
journal = {Future Generation Computer Systems},
year = 2016,
volume = 65,
pages = {1-9},
month = {December},
note = {FGCS}
}
Prescience: Probabilistic Guidance on the Retraining Conundrum for Malware Detection
ACM CCS-AISec 2016 · 9th ACM CCS Workshop on Artificial Intelligence and Security, 2016
ACM CCS-AISec 2016 · 9th ACM CCS Workshop on Artificial Intelligence and Security, 2016
@inproceedings{aisec16,
author = {Amit Deo and Santanu Kumar Dash and Guillermo Suarez-Tangil and Volodya Vovk and Lorenzo Cavallaro},
title = {{Prescience: Probabilistic Guidance on the Retraining Conundrum for Malware Detection}},
booktitle = {9th ACM CCS Workshop on Artificial Intelligence and Security},
year = {2016},
note = {ACM CCS-AISec}
}
Conformal Clustering and Its Application to Botnet Traffic
SLDS 2015 · 3rd International Symposium of Statistical Learning and Data Science, 2015
SLDS 2015 · 3rd International Symposium of Statistical Learning and Data Science, 2015
@inproceedings{cherubin,
author = {Giovanni Cherubin and Ilia Nouretdinov and Alexander Gammerman and Roberto Jordaney and Zhi Wang and Davide Papini and Lorenzo Cavallaro},
title = {{Conformal Clustering and Its Application to Botnet Traffic}},
booktitle = {Statistical Learning and Data Sciences, 3rd International Symposium},
year = {2015},
note = {SLDS}
}
CopperDroid: Automatic Reconstruction of Android Malware Behaviors
NDSS 2015 · 22nd Annual Network and Distributed System Security Symposium, 2015
NDSS 2015 · 22nd Annual Network and Distributed System Security Symposium, 2015
@InProceedings{copperdroid-ndss2015,
author = {Kimberly Tam, Salahuddin J. Khan, Aristide Fattori, and Lorenzo Cavallaro},
title = {{CopperDroid: Automatic Reconstruction of Android Malware Behaviors}},
booktitle = {22nd Annual Network and Distributed System Security Symposium, San Diego, California, USA},
year = 2015,
month = {February},
note = {NDSS}
}
PuppetDroid: A User-Centric UI Exerciser for Automatic Dynamic Analysis of Similar Android Applications
CoRR 2014 · arXiv CoRR, 2014
CoRR 2014 · arXiv CoRR, 2014
@article{DBLP:journals/corr/GianazzaMFCZ14,
author = {Andrea Gianazza and Federico Maggi and Aristide Fattori and Lorenzo Cavallaro and Stefano Zanero},
title = {{PuppetDroid: A User-Centric UI Exerciser for Automatic Dynamic Analysis of Similar Android Applications}},
journal = {arXiv CoRR},
year = {2014},
volume = {abs/1402.4826},
url = {http://arxiv.org/abs/1402.4826},
timestamp = {Wed, 10 Sep 2014 17:05:02 +0200},
biburl = {http://dblp.uni-trier.de/rec/bib/journals/corr/GianazzaMFCZ14},
bibsource = {dblp computer science bibliography, http://dblp.org},
note = {arXiv CoRR}
}