Posts by Collection

[CyCon17] Scalable Architecture for Online Prioritisation of Cyber Threats

Conference Pierazzi, F., Apruzzese, G., Colajanni, M., Guido, A., & Marchetti, M., IEEE International Conference on Cyber Conflict, 2017
Oneliner: My very first paper!

[NCA17] Identifying Malicious Hosts Involved in Periodic Communications

Conference Apruzzese, G., Marchetti, M., Colajanni, M., Zoccoli, G. G., & Guido, A., IEEE International Symposium on Network Computing and Applications, 2017
Oneliner: Use one to find many (apparently, this paper has been integrated into a real SIEM product!)

[TETC17] Detection and Threat Prioritization of Pivoting Attacks in Large Networks

Journal Apruzzese, G., Pierazzi, F., Colajanni, M., & Marchetti, M., IEEE Transactions on Emerging Topics in Computing, 2017
Oneliner: How to detect lateral movement (through pivoting) using Network Flows.

[CyCon18] On the Effectiveness of Machine and Deep Learning for Cyber Security

Conference Apruzzese, G., Colajanni, M. Ferretti, L., Guido, A., & Marchetti, M., IEEE International Conference on Cyber Conflict, 2018
Oneliner: The right paper, at the right time, in the right place?

[NCA18] Evading Botnet Detectors Based on Flows and Random Forest with Adversarial Samples

Conference Apruzzese, G., & Colajanni, M., IEEE International Symposium on Network Computing and Applications [BEST STUDENT PAPER AWARD], 2018
Oneliner: The first paper using adversarial examples against Botnet Detectors (yes, the title has a typo).

[CyCon19] Addressing Adversarial Attacks Against Security Systems based on Machine Learning

Conference Apruzzese, G., Colajanni, M., Ferretti, L., & Marchetti, M., International Conference on Cyber Conflict, 2019
Oneliner: This is not just a review! We also propose an original defense against Poisoning!

[NCA19] Evaluating the effectiveness of Adversarial Attacks against Botnet Detectors

Conference Apruzzese, G., Colajanni, M., & Marchetti, M., IEEE International Symposium on Network Computing and Applications [BEST STUDENT PAPER AWARD], 2019
Oneliner: Previously, in [NCA18], we evaded 1 classifier on 1 dataset. Now, we evade 12 classifiers on 4 datasets!

[Sym20] AppCon: Mitigating Evasion Attacks to ML Cyber Detectors

Journal Apruzzese, G., Andreolini, M., Marchetti, M., Colacino, V. G., & Russo, G., Symmetry, 2020
Oneliner: Ensembling ensembles: each detector focuses on a specific attack against a specific network application!

[TETCI20] Hardening Random Forest Cyber Detectors against Adversarial Attacks

Journal Apruzzese, G., Andreolini, M., Colajanni, M., & Marchetti, M., IEEE Transactions on Emerging Topics in Computational Intelligence, 2020
Oneliner: Applying Defensive Distillation to Random Forest!

[TNSM20] Deep Reinforcement Adversarial Learning Against Botnet Evasion Attacks

Journal Apruzzese, G., Andreolini, M., Marchetti, M., Venturi, A., & Colajanni, M., IEEE Transactions on Network and Service Management, 2020
Oneliner: Offense is the best Defense! At little-to-no performance degradation.

[DiB20] DReLAB - Deep REinforcement Learning Adversarial Botnet: A benchmark dataset for adversarial attacks against botnet Intrusion Detection Systems

Journal Venturi, A., Apruzzese, G., Andreolini, M., Colajanni, M., & Marchetti, M., Data in Brief, 2021
Oneliner: Dataset, code snippet and tutorial for [TNSM20].

[IM21] Towards an Efficient Detection of Pivoting Activity

Workshop Husák, M., Apruzzese, G., Yang, S. J., & Werner, G., IFIP/IEEE International Symposium on Integrated Network Management, 2021
Oneliner: Uh-oh! It appears that detecting pivoting on external traffic is unfeasible!

[DTRAP21] Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

Journal Apruzzese, G., Andreolini, M., Ferretti, L., Marchetti, M., & Colajanni, M., ACM Digital Threats: Research and Practice, 2021
Oneliner: Using adversarial examples against ML-NIDS is not a feasible strategy.

[ARES21] On the Evaluation of Sequential Machine Learning for Network Intrusion Detection

Conference Corsini, A., Yang, S. J., & Apruzzese, G., International Conference on Availability, Reliability and Security, 2021
Oneliner: Are temporal patterns useful for ML-NIDS? Let's test this out with a fair comparison between LSTM and traditional FNN.

[TNSM22a] The Cross-evaluation of Machine Learning-based Network Intrusion Detection Systems

Journal Apruzzese, G., Pajola, L., & Conti, M., IEEE Transactions on Network and Service Management, 2022
Oneliner: Let's mix 'n match those datasets!

[DLS22] Concept-based Adversarial Attacks: Tricking Humans and Classifiers Alike

Workshop Schneider, J., & Apruzzese, G., IEEE Symposium on Security and Privacy – Deep Learning and Security Workshop, 2022
Oneliner: What's the point of minimal perturbations if we want to fool humans?

[DTRAP22] The Role of Machine Learning in Cybersecurity

Journal Apruzzese, G., Laskov, P., de Oca, E. M., Mallouli, W., Rapa, L. B., Grammatopoulos, A. V., & Franco, F. D., ACM Digital Threats: Research and Practice, 2022
Oneliner: Explaining ML & Cybersecurity in a notation-free way -- a joint effort involving Researchers, Practitioners and Regulatory Bodies.

[EuroSP22] SoK: The Impact of Unlabelled Data in Cyberthreat Detection

Conference Apruzzese, G., Laskov, P., & Tastemirova, A., IEEE European Symposium on Security and Privacy [OUTSTANDING PRESENTATION AWARD], 2022
Oneliner: How to properly evaluate semisupervised learning methods.

[TNSM22b] Wild Networks: Exposure of 5G Network Infrastructures to Adversarial Examples

Journal Apruzzese, G., Vladimirov, R., Tastemirova, A., & Laskov, P., IEEE Transactions on Network and Service Management, 2022
Oneliner: Introducing the "myopic" threat model for adversarial ML attacks.

[TDSC22] Mitigating Adversarial Gray-Box Attacks against Phishing Detectors

Journal Apruzzese, G., & Subrahmanian, V.S., IEEE Transactions on Dependable and Secure Computing, 2022
Oneliner: A new phishing dataset, and a new defensive mechanism based on feature randomization.

[ACSAC22] SpacePhish: The Evasion-space of Adversarial Attacks against Phishing Website Detectors using Machine Learning

Conference Apruzzese, G., Conti, M., & Yuan, Y., Annual Computer Security Applications Conference, 2022
Oneliner: Revisiting adversarial attacks against phishing website detectors—even real ones. (Artifact: Reusable)

[ICSS22] Cybersecurity in the Smart Grid: Practitioners` Perspective

Workshop Meyer, J. & Apruzzese, G., Industrial Control System Security Workshop (co-located with ACSAC), 2022
Oneliner: Elucidating the disconnection between Research and Practice.

[SaTML23] Real Attackers Don`t Compute Gradients: Bridging the Gap Between Adversarial ML Research and Practice

Conference Apruzzese, G., Anderson, H. S., Dambra, S., Freeman, D., Pierazzi, F., & Roundy, K. A., IEEE Conference on Secure and Trustworthy Machine Learning, 2023
Oneliner: Let's change the domain of adversarial ML. For real.

[CODASPY23] Attribute Inference Attacks in Online Multiplayer Video Games: a Case Study on Dota2

Conference Tricomi, P. P., Facciolo, L., Apruzzese, G., & Conti, M., ACM Conference on Data and Application Security and Privacy, 2023
Oneliner: We discovered a privacy issue affecting millions of video gamers!

[JISA23] Dual Adversarial Attacks: Fooling Humans and Classifiers

Journal Schneider, J., & Apruzzese, G., Journal of Information Security and Applications, 2023
Oneliner: We extend the [DLS22] paper and we also carry out a user-study!

[EuroSP23] SoK: Pragmatic Assessment of Machine Learning for Network Intrusion Detection

Conference Apruzzese, G., Laskov, P., & Schneider, J., IEEE European Symposium on Security and Privacy, 2023
Oneliner: Changing the evaluation methodology of research papers on ML applications for NIDS.

[ESORICS23] Attacking Logo-based Phishing Website Detectors with Adversarial Perturbations

Conference Lee, J., Xin, Z., Ng. M. P. S., Sabharwal, K., Apruzzese, G., Divakaran. D. M., European Symposium on Research In Computer Security, 2023
Oneliner: A novel attack against state-of-the-art DL methods for logo identification, validated via two user-studies.

[HICSS24] Voices from the Frontline: Revealing the AI Practitioners` viewpoint on the European AI Act

Conference Koh, F., Grosse, K., Apruzzese, G., Hawaii International Conference on System Sciences, 2023
Oneliner: What do AI practitioners think about the European regulation?

Evading Botnet Detectors based on Flows and Random Forest with Adversarial Samples

Cybersecurity & Machine Learning

Big Data Security Analytics

Evaluating the Effectiveness of Adversarial Attacks against Botnet Detectors

ASGARD Hackatons

Big Data Security Analytics: Opportunities and Issues

Cybersecurity: Machine Learning and Industry 5.0

Adversarial Attacks against ML Agents

Exposure of 5G Network Infrastructures to Adversarial Examples

The relationship between Machine Learning & Cybersecurity

Some Pragmatic Relationships between Machine Learning & Cybersecurity

Concept-based Adversarial Attacks: Tricking Humans and Classifiers Alike

SoK: The Impact of Unlabelled Data in Cyberthreat Detection

So good that it is bad. On the (re)use of Datasets in Machine Learning Security

Cybersecurity and Machine Learning: Facts and Myths

Doing Practical Research on Machine Learning & Cybersecurity

Cybersecurity in the Smart Grid: Practitioners` Perspective

SpacePhish: The Evasion-space of Adversarial Attacks against Phishing Website Detectors using Machine Learning

Real Attackers Don`t Compute Gradients: Bridging the Gap Between Adversarial ML Research and Practice

SoK: Pragmatic Assessment of Machine Learning for Network Intrusion Detection