Publications

MAL2IMAGE: Hybrid Image Transformation for Malware Classification
[1/Aug/2019]

Poster

Existing image transformation approaches (e.g. Nataraj et al. [1], Liu 2016 [2]) for malware detection only perform simple transformation methods that have not considered color encoding and pixel rendering techniques on the performance of machine learning classifiers.

Aims of the research: We propose a new approach to encode and arrange bytes from a binary file into images. These developed images contain statistical (e.g., entropy) and syntactic artifacts (e.g., strings) and their pixels are filled up using Hilbert curves.

Authors: 
Duc-Ly Vu
Nguyen Trong Kha
Fabio Massacci
Tam V. Nguyen
Phu H. Phung
Author (ESR): 
Ly Vu Duc (Universita Degli Studi Di Trento)

Towards Explainable Machine Learning in Intrusion Detection Systems
[1/Aug/2019]

Poster

The lacking of semantics or reasonable explanations for machine learning predictions is one of the main reasons for its adoption barrier in the field of intrusion detection. In fact, without explanations, one machine learning approach fails to gain users’ trust in its predictions, especially after having wasted their effort for examining false-positives. Therefore, we are motivated to study a novel approach of applying machine learning such that it not only efficiently detects intrusions but also provides explanations for those decisions.

Authors: 
Chau D.M. Pham
Duc-Ly Vu
Fabio Massacci
Tran Khanh Dang
Sandro Etalle
Davide Fauri
Author (ESR): 
Ly Vu Duc (Universita Degli Studi Di Trento)

Mac-A-Mal: macOS malware analysis framework resistant to anti evasion techniques
[20/Jun/2019]

With macOS increasing popularity, the number, and variety of macOS malware are rising as well. Yet, very few tools exist for dynamic analysis of macOS malware. In this paper, we propose a macOS malware analysis framework called Mac-A-Mal. We develop a kernel extension to monitor malware behavior and mitigate several anti-evasion techniques used in the wild. Our framework exploits the macOS features of XPC service invocation that typically escape traditional mechanisms for detection of children processes.

Authors: 
Duy-Phuc Pham
Duc-Ly Vu
Fabio Massacci
Author (ESR): 
Ly Vu Duc (Universita Degli Studi Di Trento)

Sharing Cyber Threat Intelligence Under the General Data Protection Regulation

Sharing Cyber Threat Intelligence (CTI) is a key strategy for improving cyber defense, but there are risks of breaching regulations and laws regarding privacy. With regulations such as the General Data Protection Regulation (GDPR) that are designed to protect citizens’ data privacy, the managers of CTI datasets need clear guidance on how and when it is legal to share such information. This paper defines the impact that GDPR legal aspects may have on the sharing of CTI. In addition, we define adequate protection levels for sharing CTI to ensure compliance with the GDPR.

Authors: 
Adham Albakri, Eerke A. Boiten, Rogério de Lemos
Author (ESR): 
Adham Albakri (University of Kent)

A Model Specification for the Design of Trust Negotiations

Trust negotiation is a type of trust management model for establishing trust between entities by a mutual exchange of credentials. This approach was designed for online environments, where the attributes of users, such as skills, habits, behaviour and experience are unknown. Required criteria of trust negotiation must be supported by a trust negotiation model in order to provide a functional, adequately robust and efficient application. Such criteria were identified previously.

Authors: 
M. Kolar, C. Fernandez-Gago and J. Lopez
Author (ESR): 
Martin Kolar (Universidad De Malaga)

TrUStAPIS: A Trust Requirements Elicitation Method for IoT
[21/May/2019]

The Internet of Things (IoT) is an environment of interconnected entities, which are identifiable, usable and controllable via the Internet. Trust is useful for a system such as the IoT as the entities involved would like to know how the other entities they have to interact with are going to perform.
When developing an IoT entity, it will be desirable to guarantee trust during its whole life cycle. Trust domain is strongly dependent on other domains such as security and privacy.

Authors: 
Davide Ferraris
Carmen Fernandez-Gago
Author (ESR): 
Davide Ferraris (Universidad De Malaga)

SmartHandle: A Novel Behavioral Biometric-based Authentication Scheme for Smart Lock Systems
[29/May/2019]

Over recent years, smart locks have evolved as cyber-physical devices that can be operated by digital keypads, physiological biometrics sensors, smart-card readers, or mobile devices pairing, to secure door access. However, the underlying authentication schemes, i.e., knowledge-based (e.g., PIN/passwords), possession-based (e.g., smartphones, smart cards), or physiological biometric-based (e.g., fingerprint, face), utilized in smart locks, have shown several drawbacks. Studies have determined that these authentication schemes are vulnerable to various attacks as well as lack usability.

Authors: 
Sandeep Gupta
Attaullah Buriro
Bruno Crispo
Author (ESR): 
Sandeep Gupta (Universita Degli Studi Di Trento)

GDPR Privacy Implications for the Internet of Things
[4/Dec/2018]

Starting on May 25th of 2018 all EU countries begin to apply the General Data Protection Regulation (GDPR). This aims to protect and regulate data privacy and applies to any organization that holds or processes data on EU citi-zens, regardless of where it is headquartered. The penalties for non-compliance can be as high as 4% of global revenue for companies. As a result, compliance with GDPR is a must for companies who deal with users’ data. The hallmark for data collection nowadays is Internet of Things devices.

Authors: 
Daniel Bastos (ESR11)
Fabio Giubilo (ESR9)
Mark Shackleton
Fadi El-Moussa
Author (ESR): 
Daniel Bastos (British Telecommunications Public Limited Company)

A Segregated Architecture for a Trust-based Network of Internet of Things
[12/Jan/2019]

With the ever-increasing number of smart home devices, the issues related to these environments are also growing. With an ever-growing attack surface, there is no standard way to protect homes and their inhabitants from new threats. The inhabitants are rarely aware of the increased security threats that they are exposed to and how to manage them. To tackle this problem, we propose a solution based on segmented architectures similar to the ones used in industrial systems.

Authors: 
Carmen Fernandez-Gago
Joshua Daniel
Javier Lopez
Author (ESR): 
Davide Ferraris (Universidad De Malaga)

Pages