Share This Author
SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis
- Yan Shoshitaishvili, Ruoyu Wang, Giovanni Vigna
- Computer ScienceIEEE Symposium on Security and Privacy (SP)
- 22 May 2016
This paper presents a binary analysis framework that implements a number of analysis techniques that have been proposed in the past and implements these techniques in a unifying framework, which allows other researchers to compose them and develop new approaches.
Driller: Augmenting Fuzzing Through Selective Symbolic Execution
Driller is presented, a hybrid vulnerability excavation tool which leverages fuzzing and selective concolic execution in a complementary manner, to find deeper bugs and mitigate their weaknesses, avoiding the path explosion inherent in concolic analysis and the incompleteness of fuzzing.
Detecting spammers on social networks
The results show that it is possible to automatically identify the accounts used by spammers, and the analysis was used for take-down efforts in a real-world social network.
Your botnet is my botnet: analysis of a botnet takeover
This paper reports on efforts to take control of the Torpig botnet and study its operations for a period of ten days, which provides a new understanding of the type and amount of personal information that is stolen by botnets.
Anomaly detection of web-based attacks
An intrusion detection system that uses a number of different anomaly detection techniques to detect attacks against web servers and web-based applications and derives automatically the parameter profiles associated with web applications from the analyzed data.
Prophiler: a fast filter for the large-scale detection of malicious web pages
The authors' filter, called Prophiler, uses static analysis techniques to quickly examine a web page for malicious content, and automatically derive detection models that use these features using machine-learning techniques applied to labeled datasets.
Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting
- Nick Nikiforakis, A. Kapravelos, W. Joosen, Christopher Krügel, F. Piessens, Giovanni Vigna
- Computer ScienceIEEE Symposium on Security and Privacy
- 19 May 2013
By analyzing the code of three popular browser-fingerprinting code providers, it is revealed the techniques that allow websites to track users without the need of client-side identifiers and how fragile the browser ecosystem is against fingerprinting through the use of novel browser-identifying techniques.
COMPA: Detecting Compromised Accounts on Social Networks
This work has extensively studied the use of fake (Sybil) accounts that attackers set up to distribute spam messages, which typically exhibit highly anomalous behavior, and hence, are relatively easy to detect.
Comprehensive approach to intrusion detection alert correlation
- Fredrik Valeur, Giovanni Vigna, Christopher Krügel, R. Kemmerer
- Computer ScienceIEEE Transactions on Dependable and Secure…
- 1 July 2004
This paper presents a general correlation model that includes a comprehensive set of components and a framework based on this model and shows that the correlation components are effective in achieving alert reduction and abstraction.