Publications

2019

Detecting (Absent) App-to-app Authentication on Cross-device Short-distance Channels

Stefano Cristalli, Long Lu, Danilo Bruschi, Andrea Lanzi The Annual Computer Security Applications Conference (ACSAC), 2019.

Sec-Lib: Protecting Scholarly Digital Libraries From Infected Papers Using Active Machine Learning Framework

N Nissim, A Cohen, J Wu, A Lanzi, L Rokach, Y Elovici, L Giles IEEE Access 7, 110050-110073, Journal, 2019.

BootKeeper: Validating Software Integrity Properties on Boot Firmware Images

Ronny Chevalier, Stefano Cristalli, Christophe Hauser, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, Danilo Bruschi, Andrea Lanzi Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy(CODASPY), 2019.

2018

ClickShield: Are You Hiding Something? Towards Eradicating Clickjacking on Android

Andrea Possemato, Andrea Lanzi, Simon Pak Ho Chung, Wenke Lee, Yanick Fratantonio in Conference on Computer and Communications Security (CCS 2018), 2018.

Trusted Execution Path For Protecting Java Applications Against Deserialization of Untrusted Data

Cristalli Stefano, Vignati Edoardo, Bruschi Danilo, Andrea Lanzi in International Symposium on Research in Attacks, Intrusions, and Defenses (RAID), 2018.

EPIC: a Methodology for Evaluating Privacy Violation Risk in Cybersecurity Systems

Sergio Mascetti, Nadia Metoui, Andrea Lanzi, Claudio Bettini Transactions on Data Privacy Journal (TDP), 2018.

The Privacy Implications of Cyber Security Systems: A Technological Survey

Eran Toch, Claudio Bettini, Erez Shmueli, Laura Radaelli, Andrea Lanzi, Daniele Riboni, Bruno Lepri, ACM Computing Surveys (CSUR), 2018.

Security Evaluation of a Banking Fraud Analysis System

Michele Carminati, Mario Polino, Andrea Continella, Andrea Lanzi, Federico Maggi, Stefano Zanero, ACM Transactions on Privacy and Security (TOPS), 2018.

2017

Formal Verification of ARP (Address Resolution Protocol) Through SMT-Based Model Checking-A Case Study

Danilo Bruschi, Andrea Di Pasquale, Silvio Ghilardi, Andrea Lanzi, Elena Pagani
In International Conference on Integrated Formal Methods (IFM), Turin, Italy 2017.

Scholarly Digital Libraries as a Platform for Malware Distribution

Nir Nissim, Aviad Cohen, Jian Wu, Andrea Lanzi, Lior Rokach, Yuval Elovici, C Lee Giles, In International Conference SG-CRC, IOS press, Singapore, Asia 2017.

Prometheus: Analyzing WebInject-based information stealers

Andrea Continella, Michele Carminati, Mario Polino, Andrea Lanzi, Stefano Zanero, Federico Maggi Journal of Computer Security, IOS press 2017.

2016

A Security Game Model for Remote Software Protection

Nicola Basilico, Andrea Lanzi, Mattia Monga
in International Conference 11th on Availability, Reliability and Security (ARES), 2016

Subverting Operating System Properties Through Evolutionary DKOM Attacks

Mariano Graziano, Lorenzo Flore, Andrea Lanzi, Davide Balzarotti
in Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA, 2016.

Measuring the Role of Greylisting and Nolisting in Fighting Spam

Fabio Pagani, Matteo De Astis, Mariano Graziano, Andrea Lanzi, Davide Balzarotti
46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2016

Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks

Stefano Cristalli, Mattia Pagnozzi, Mariano Graziano, Andrea Lanzi, Davide Balzarotti
25th USENIX Security Symposium (USENIX Security 16), 2016

2015

Needles in a haystack: Mining information from public dynamic analysis sandboxes for malware intelligence

Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, Davide Balzarotti
24th USENIX Security Symposium (USENIX Security 15), 2015

Hypervisor-based malware protection with AccessMiner

Aristide Fattori and Andrea Lanzi and Davide Balzarotti and Engin Kirda
In Journal Computers & Security, Pages 33 - 50, Number 0, Volume 52, 2015.

2014

Improving Mac OS X security through gray box fuzzing technique

Stefano Bianchi Mazzone and Mattia Pagnozzi and Aristide Fattori and Alessandro Reina and Andrea Lanzi and Danilo Bruschi In Proceedings of the 7th European Workshop on System Security (EUROSEC), Amsterdam, The Netherlands, April, 2014.

Peerrush: mining for unwanted p2p traffic

Babak Rahbarinia, Roberto Perdisci, Andrea Lanzi, Kang Li
Journal of Information Security and Applications (JISA), 2014

On the feasibility of software attacks on commodity virtual machine monitors via direct device assignment

Gábor Pék, Andrea Lanzi, Abhinav Srivastava, Davide Balzarotti, Aurélien Francillon, Christoph Neumann Proceedings of the 9th ACM symposium on Information, computer and communications security (AsiaCCS 2014)

2005-2013

Peerrush: mining for unwanted p2p traffic

Babak Rahbarinia, Roberto Perdisci, Andrea Lanzi, Kang L International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2013.

A quantitative study of accuracy in system call-based malware detection

D Canali, A Lanzi, D Balzarotti, C Kruegel, M Christodorescu, E Kirda Proceedings of the International Symposium on Software Testing and Analysis ISSTA 2012.

Operating system interface obfuscation and the revealing of hidden operations

Abhinav Srivastava, Andrea Lanzi, Jonathon Giffin, Davide Balzarotti International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA, 2011.

Thwarting real-time dynamic unpacking

Leyla Bilge, Andrea Lanzi, Davide Balzarotti Proceedings of the Fourth European Workshop on System Security, EUROSEC 2010.

G-Free: defeating return-oriented programming through gadget-less binaries

Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, Engin Kirda Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 2010.

Accessminer: using system-centric models for malware protection

Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, Engin Kirda Proceedings of the 17th ACM conference on Computer and communications security, CCS 2010.

Secure in-vm monitoring using hardware virtualization

Monirul I Sharif, Wenke Lee, Weidong Cui, Andrea Lanzi Proceedings of the 16th ACM conference on Computer and communications security, CCS 2009.

Automatic reverse engineering of malware emulators

Monirul Sharif, Andrea Lanzi, Jonathon Giffin, Wenke Lee Security and Privacy, 2009 30th IEEE Symposium on Security and Privacy Oakland, 2009.

K-Tracer: A System for Extracting Kernel Malware Behavior

Andrea Lanzi, Monirul I Sharif, Wenke Lee NDSS Symposium, 2009

McBoost: Boosting scalability in malware collection and analysis using statistical classification of executables

Roberto Perdisci, Andrea Lanzi, Wenke Lee Computer Security Applications Conference, ACSAC 2008.

Classification of packed executables for accurate computer virus detection

Roberto Perdisci, Andrea Lanzi, Wenke Lee Journal Pattern recognition letters, 2008.

System call API obfuscation

Abhinav Srivastava, Andrea Lanzi, Jonathon Giffin International Workshop on Recent Advances in Intrusion Detection, RAID, 2008.

LISABETH: automated content-based signature generator for zero-day polymorphic worms

Lorenzo Cavallaro, Andrea Lanzi, Luca Mayer, Mattia Monga Proceedings of the fourth international workshop on Software engineering for secure systems, 2008

Impeding Malware Analysis Using Conditional Code Obfuscation.

Monirul I Sharif, Andrea Lanzi, Jonathon T Giffin, Wenke Lee NDSS Symposium, 2008.

Static analysis on x86 executables for preventing automatic mimicry attacks

Danilo Bruschi, Lorenzo Cavallaro, Andrea LanziInternational Conference on Detection of Intrusions and Malware, and Vulnerability Assessment Pagine, DIMVA 2007.

An efficient technique for preventing mimicry and impossible paths execution attacks

Danilo Bruschi, Lorenzo Cavallaro, Andrea LanziPerformance, Computing, and Communications Conference, 2007 IPCCC 2007

An efficient technique for preventing mimicry and impossible paths execution attacks

Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi Performance, Computing, and Communications Conference, 2007. IPCCC 2007

Diversified process replicæ for defeating memory error exploits

Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi Performance, Computing, and Communications Conference, 2007. IPCCC 2007

Replay attack in TCG specification and solution

Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi, Mattia Monga Computer Security Applications Conference, 21st Annual, ACSAC 2005