Publications

• ChainReactor: Automated Privilege Escalation Chain Discovery Via AI Planning
  Giulio Pasquale, Ilya Grishchenko, Riccardo Iesari, Gabriel Pizarro, Lorenzo Cavallaro, Christopher Kruegel, Giovanni Vigna
  Proceedings og the USENIX Security Symposium
  Philadelphia, PA August 2024
  [ PDF, Bib ]
• GuideEnricher: Protecting the Anonymity of Ethereum Mixing Service Users with Deep Reinforcement Learning
  Ravindu Silva, Wenbo Guo, Nicola Ruaro, Ilya Grishchenko, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Philadelphia, PA August 2024
  [ PDF, Bib ]
• Remote Keylogging Attacks in Multi-user VR Applications
  Zihao Su, Kunlin Cai, Reuben Beeler, Lukas Dresel, Allan Garcia, Ilya Grishchenko, Yuan Tian, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Philadelphia, PA August 2024
  [ PDF, Bib ]
• Unveiling the Risks of NFT Promotion Scams
  Sayak Saha Roy, Dipanjan Das, Priyanka Bose, Christopher Kruegel, Giovanni Vigna, Shirin Nilizadeh
  Proceedings of the International AAAI Conference on Web and Social Media (ICWSM)
  Buffalo, NY June 2024
  [ PDF, Bib ]
• TROJANPUZZLE: Covertly Poisoning Code-Suggestion Models
  Hojjat Aghakhani, Wei Dai, Andre Manoel, Xavier Fernandes, Anant Kharkar, Christopher Kruegel, Giovanni Vigna, David Evans, Benjamin Zorn, Robert Sim
  Proceedings of the IEEE Symposium on Security and Privacy
  San Francisco, CA May 2024
  [ PDF, Bib ]
• The Power of Default: Measuring the Effect of Slippage Tolerance in Decentralized Exchanges
  Nir Chemaya, Dingyue Liu, Robert McLaughlin, Ruaro, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Conference on Financial Cryptography and Data Security
  Willemstad, Curacao March 2024
  [ PDF, Bib ]
• Not your Type! Detecting Storage Collision Vulnerabilities in Ethereum Smart Contracts
  Nicola Ruaro, Fabio Gritti, Robert McLaughlin, Ilya Grishchenko, Christopher Kruegel, Giovanni Vigna
  Proceedings Network and Distributed Systems Security Symposium (NDSS)
  San Diego, USA February 2024
  [ PDF, Bib ]
• Shimware: Toward Practical Security Retrofitting for Monolithic Firmware Images
  Eric Gustafson, Paul Grosen, Nilo Redini, Saagar Jha, Ruoyu Wang, Andrea Continella, Kevin Fu, Sara Rampazzi, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
  Hong Kong October 2023
  [ PDF, Bib ]
• Container Orchestration Honeypot: Observing Attacks in the Wild
  Noah Spahn, Nils Hanke, Thorsten Holz, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
  Honk Kong October 2023
  [ PDF, Bib ]
• Keeping Up with the Emotets: Tracking a Multi-Infrastructure Botnet
  Oleg Boyarchuk, Sebastiano Mariani, Stefano Ortolani, Giovanni Vigna
  ACM Digital Threats: Resarch and Practice
  vol. 4, no. 3 September 2023
  [ PDF, Bib ]
• A Large Scale Study of the Ethereum Arbitrage Ecosystem
  Robert McLaughlin, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Los Angeles, USA August 2023
  [ PDF, Bib ]
• ACTOR: Action-Guided Kernel Fuzzing
  Marius Fleischer, Dipanjan Das, Priyanka Bose, Weiheng Bai, Kangjie Lu, Mathias Payer, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Los Angeles, USA August 2023
  [ PDF, Bib ]
• Confusum Contractum: Confused Deputy Vulnerabilities in Ethereum Smart Contracts
  Fabio Gritti, Nicola Ruaro, Robert McLaughlin, Priyanka Bose, Dipanjan Das, Ilya Grishchenko, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Los Angeles, USA August 2023
  [ PDF, Bib ]
• Certifiably Vulnerable: Using Certificate Transparency Logs for Target Reconnaissance
  Stijn Pletinckx, Thanh-Dat Nguyen, Tobias Fiebig, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE European Symposium on Security and Privacy (EuroSP)
  Delft, the Netherlands July 2023
  [ PDF, Bib ]
• TEEzz: Fuzzing Trusted Applications on COTS Android Devices
  Marcel Busch, Aravind Machiry, Chad Spensky, Giovanni Vigna, Christopher Kruegel, Mathias Payer
  Proceedings of the IEEE Symposium on Security and Privacy (SP)
  San Francisco May 2023
  [ PDF, Bib ]
• Columbus: Android App Testing through Systematic Callback Exploration
  Priyanka Bose, Dipanjan Das, Saastha Vasan, Sebastiano Mariani, Ilya Grishchenko, Andrea Continella, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Conference on Software Engineering (ICSE)
  Melbourne, Australia May 2023
  [ PDF, Bib ]
• Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities
  Erik Trickel, Fabio Pagani, Chang Zhu, Lukas Dresel, Giovanni Vigna, Christopher Kruegel, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupe
  Proceedings of the IEEE Symposium on Security and Privacy (SP)
  San Francisco May 2023
  [ PDF, Bib ]
• VENOMAVE: Targeted Poisoning Against Speech Recognition
  Hojjat Aghakhani, Lea Schonherr, Thorsten Eisenhofer, Dorothea Kolossa, Thorsten Holz, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Conference on Secure and Trustworthy Machine Learning (SaTML)
  Raleigh, NC February 2023
  [ PDF, Bib ]
• POPKORN: Popping Windows Kernel Drivers At Scale
  Rajat Gupta, Lukas Dresel, Noah Spahn, Giovanni Vigna, Christopher Kruegel, Taesoo Kim
  Proceedings of the Annual Computer Security Applications Conference, (ACSAC)
  Austin, TX December 2022
  [ PDF, Bib ]
• Understanding Security Issues in the NFT Ecosystem
  Dipanjan Das, Priyanka Bose, Nicola Ruaro, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Los Angeles, CA November 2022
  [ PDF, Bib ]
• Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing
  Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, Ali Abbas
  Proceedings of the USENIX Security Symposium
  Boston, USA August 2022
  [ PDF, Bib ]
• Regulator: Dynamic Analysis to Detect ReDoS
  Robert McLaughlin, Fabio Pagani, Noah Spahn, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Boston, USA August 2022
  [ PDF, Bib ]
• Decomperson: How Humans Decompile and What We Can Learn From It
  Kevin Burk, Fabio Pagani, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Boston, MA August 2022
  [ PDF, Bib ]
• Hybrid Pruning: Towards Precise Pointer and Taint Analysis
  Dipanjan Das, Priyanka Bose, Aravind Machiry, Sebastiano Mariani, Yan Shoshitaishvili, Giovanni Vigna, Christopher Kruegel
  Proceedings of the Conference on the Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
  Cagliari, Italy June 2022
  [ PDF, Bib ]
• DEEPCASE: Semi-Supervised Contextual Analysis of Security Events
  Thijs Ede, Hojjat Aghakhani, Noah Spahn, Riccardo Bortolameotti, Marco Cova, Andrea Continella, Maarten Steen, Andreas Peter, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy (SP)
  San Francisco, CA May 2022
  [ PDF, Bib ]
• HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images
  Fabio Gritti, Fabio Pagani, Ilya Grishchenko, Lukas Dresel, Nilo Redini, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy (SP)
  San Francisco May 2022
  [ PDF, Bib ]
• SYMBEXCEL: Automated Analysis and Understanding of Malicious Excel 4.0 Macros
  Nicola Ruaro, Fabio Pagani, Stefano Ortolani, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy (SP)
  San Francisco May 2022
  [ PDF, Bib ]
• SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds
  Priyanka Bose, Dipanjan Das, Yanju Chen, Yu Feng, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy (SP)
  San Francisco, CA May 2022
  [ PDF, Bib ]
• Tarnhelm: Isolated, Transparent and Confidential Execution of Arbitrary Code in ARM's TrustZone
  Davide Quarta, Michele Ianni, Aravind Machiry, Yanick Fratantonio, Eric Gustafson, Davide Balzarotti, Martina Lindorfer, Giovanni Vign, Christopher Kruegel
  Proceedings of the ACM Workshop on Research on Offensive and Defensive Techniques in the Context of Man At The End Attacks (CheckMATE)
  Seoul, South Korea November 2021
  [ PDF, Bib ]
• Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Giovanni Vigna, Elaine Shi
  ACM
  Virtual Conference November 2021
  [ PDF, Bib ]
• SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning
  Nicola Ruaro, Lukas Dresel, Kyle Zeng, Tiffany Bao, Mario Polino, Andrea Continella, Stefano Zanero, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
  San Sebastian, Spain October 2021
  [ PDF, Bib ]
• Bullseye Polytope: A Scalable Clean-Label Poisoning Attack with Improved Transferability
  Hojjat Aghakhani, Dongyu Meng, Yu-Xiang Wang, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE European Symposium on Security and Privacy (Euro SP)
  Vienna, Austria September 2021
  [ PDF, Bib ]
• Token-Level Fuzzing
  Christopher Salls, Chani Jindal, Jake Corina, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Virtual August 2021
  [ PDF, Bib ]
• Toward a Secure Crowdsourced Location Tracking System
  Chinmay Garg, Aravind Machiry, Andrea Continella, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)
  Virtual June 2021
  [ PDF, Bib ]
• Bran: Reduce Vulnerability Search Space in Large Open-Source Repositories by Learning Bug Symptoms
  Dongyu Meng, Michele Guerriero, Aravind Machiry, Hojjat Aghakhani, Priyanka Bose, Andrea Continella, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Asia Conference on Computer and Communications Security (AsiaCCS)
  Hong Kong, China June 2021
  [ PDF, Bib ]
• Conware: Automated Modeling of Hardware Peripherals
  Chad Spensky, Aravind Machiry, Nilo Redini, Colin Unger, Graham Foster, Evan Blasband, Hamed Okhravi, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Asia Conference on Computer and Communications Security (AsiaCCS)
  Hong Kong, China June 2021
  [ PDF, Bib ]
• Glitching Demystified: Analyzing Control-flow-based Glitching Attacks and Defenses
  Chad Spensky, Aravind Machiry, Nathan Burow, Hamed Okhravi, Rick Housley, Zhongshu Gu, Hani Jamjoom, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
  Taipei, Taiwan June 2021
  [ PDF, Bib ]
• DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices
  Nilo Redini, Andrea Continella, Dipanjan Das, Giulio Pasquale, Noah Spahn, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  Virtual May 2021
  [ PDF, Bib ]
• One Size Does Not Fit All: A Longitudinal Analysis of Brazilian Financial Malware
  Marcus Botacin, Hojjat Aghakhani, Stefano Ortolani, Christopher Kruegel, Giovanni Vigna, Daniela Oliveira, Paulo Geus, Andre Gregio
  ACM Transactions on Privacy and Security
  vol. 24, no. 2 January 2021
  [ PDF, Bib ]
• Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Jonathan Katz, Giovanni Vigna
  ACM
  Virtual Conference November 2020
  [ PDF, Bib ]
• Tracing and Analyzing Web Access Paths Based on User-Side Data Collection: How Do Users Reach Malicious URLs?
  Takeshi Takahashi, Christopher Kruegel, Giovanni Vigna, Katsunari Yoshioka, Daisuke Inoue
  International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
  San Sebastian, Spain October 2020
  [ PDF, Bib ]
• HALucinator: Firmware Re-hosting through Abstraction Layer Emulation
  Abraham Clements, Eric Gustafson, Tobias Scharnowski, Paul Grosen, David Fritz, Christopher Kruegel, Giovanni Vigna, Saurabh Bagchi, Mathias Payer
  Proceedings of the USENIX Security Symposium
  Boston, MA August 2020
  [ PDF, Bib ]
• On the Security of Application Installers and Online Software Repositories
  Marcus Botacin, Giovanni Bertao, Paulo Geus, Andre Gregio, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)
  Lisboa, Portugal July 2020
  [ PDF, Bib ]
• Exploring Abstraction Functions in Fuzzing
  Christopher Salls, Aravind Machiry, Adam Doupe, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Conference on Communications and Network Security (CNS)
  Avignon, France June 2020
  [ PDF, Bib ]
• TRUST.IO: Protecting Physical Interfaces on Cyber-physical Systems
  Chad Spensky, Aravind Machiry, Marcel Busch, Kevin Leach, Rick Housley, Christopher Kruegel, Giovanni Vigna
  IEEE Conference on Communications and Network Security (CNS)
  Avignon, France June 2020
  [ PDF, Bib ]
• SYMBION: Interleaving Symbolic with Concrete Execution
  Fabio Gritti, Lorenzo Fontana, Eric Gustafson, Fabio Pagani, Andrea Continella, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Conference on Communications and Network Security (CNS)
  Avignon, France June 2020
  [ PDF, Bib ]
• SPIDER: Enabling Fast Patch Propagation in Related Software Repositories
  Aravind Machiry, Nilo Redini, Eric Camellini, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  San Francisco, CA May 2020
  [ PDF, Bib ]
• KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware
  Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  San Francisco, CA May 2020
  [ PDF, Bib ]
• Dirty Clicks: A Study of the Usability and Security Implications of Click-related Behaviors on the Web
  Iskander Sanchez-Rola, Davide Balzarotti, Christopher Kruegel, Giovanni Vigna, Igor Santos
  Proceedings of The Web Conference (WWW)
  Taipei, Taiwan April 2020
  [ PDF, Bib ]
• When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features
  Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna, Christopher Kruegel
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2020
  [ PDF, Bib ]
• Neurlux: Dynamic Malware Analysis Without Feature Engineering
  Chani Jindal, Christopher Salls, Hojjat Aghakhani, Keith Long, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  San Juan, Puerto Rico December 2019
  [ PDF, Bib ]
• Sleak: Automating Address Space Layout Derandomization
  Christophe Hauser, Jayakrishna Menon, Yan Shoshitaishvili, Ruoyu Wang, Giovanni Vigna, Christopher Kruegel
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  San Juan, Puerto Rico December 2019
  [ PDF, Bib ]
• Toward the Analysis of Embedded Firmware Through Automated Re-hosting
  Eric Gustafson, Marius Muench, Chad Spensky, Nilo Redini, Aravind Machiry, Aurelien Francillon, Davide Balzarotti, Yung Choe, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses (RAID)
  Beijing, China September 2019
  [ PDF, Bib ]
• BinTrimmer: Towards Static Binary Debloating Through Abstract Interpretation
  Nilo Redini, Ruoyu Wang, Aravind Machiry, Yan Shoshitaishvili, Giovanni Vigna, Christopher Kruegel
  Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)
  Gothenburg, Sweden June 2019
  [ PDF, Bib ]
• Think Outside the Dataset: Finding Fraudulent Reviews using Cross-Dataset Analysis
  Shirin Nilizadeh, Hojjat Aghakhani, Eric Gustafson, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Web Conference (WWW)
  San Francisco, USA May 2019
  [ PDF, Bib ]
• BootKeeper: Validating Software Integrity Properties on Boot Firmware Images
  Ronny Chevalier, Stefano Cristalli, Christophe Hauser, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, Danilo Bruschi, Andrea Lanzi
  Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY)
  Dallas, USA March 2019
  [ PDF, Bib ]
• Towards Automatically Generating a Sound and Complete Dataset for Evaluating Static Analysis Tools
  Aravind Machiry, Nilo Redini, Eric Gustafson, Hojjat Aghakhani, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Workshop on Binary Analysis Research (BAR)
  San Diego, USA February 2019
  [ PDF, Bib ]
• PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
  Dokyung Song, Felicitas Hetzelt, Dipanjan Das, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, Michael Franz
  Proceedings of the Network and Distributed Systems Security Symposium (NDSS)
  San Diego, USA February 2019
  [ PDF, Bib ]
• Using Loops For Malware Classification Resilient to Feature-unaware Perturbations
  Aravind Machiry, Nilo Redini, Eric Gustafson, Yanick Fratantonio, Yung Choe, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  San Juan, Puerto Rico December 2018
  [ PDF, Bib ]
• MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense
  Radhesh Konoth, Emanuele Vineti, Veelasha Moonsamy, Martina Lindorfer, Christopher Kruegel, Herbert Bos, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Toronto, Canada October 2018
  [ PDF, Bib ]
• Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks
  Wei Meng, Chenxiong Qian, Shuang Hao, Kevin Borgolte, Giovanni Vigna, Christopher Kruegel, Wenke Lee
  Proceedings of the USENIX Security Symposium
  Baltimore, MD August 2018
  [ PDF, Bib ]
• HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security
  Moritz Eckert, Antonio Bianchi, Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Baltimore, MD August 2018
  [ PDF, Bib ]
• GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM
  Victor Veen, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, Kaveh Razavi
  Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
  Paris, France June 2018
  [ PDF, Bib ]
• Peer to Peer Hate: Hate Speech Instigators and Their Targets
  May ElSherif, Shirin Nilizadeh, Dana Nguyen, Giovanni Vigna, Elizabeth Belding
  Proceedings of the International AAAI Conference on Web and Social Media (ICWSM)
  Stanford, CA June 2018
  [ PDF, Bib ]
• Detecting Deceptive Reviews using Generative Adversarial Networks
  Hojjat Aghakhani, Aravind Machiry, Shirin Nilizadeh, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Deep Learning and Security Workshop
  San Francisco, CA May 2018
  [ PDF, Bib ]
• Enumerating Active IPv6 Hosts for Large-scale Security Scans via DNSSEC-signed Reverse Zones
  Kevin Borgolte, Shuang Hao, Tobias Fiebig, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  San Francisco, CA May 2018
  [ PDF, Bib ]
• Measuring E-Mail Header Injections on the World Wide Web
  Sai Chandramouli, Pierre-Marie Bajan, Christopher Kruegel, Giovanni Vigna, Ziming Zhao, Adam Doupe, Gail-Joon Ahn
  Proceedings of the ACM Symposium on Applied Computing (SAC)
  Pau, France April 2018
  [ PDF, Bib ]
• Mechanical Phish: Resilient Autonomous Hacking
  Yan Shoshitaishvili, Antonio Bianchi, Kevin Borgolte, Amat Cama, Jacopo Corbetta, Francesco Disperati, Audrey Dutcher, John Grosen, Paul Grosen, Aravind Machiry, Chris Salls, Nick Stephens, Ruoyu Wang, Giovanni Vigna
  IEEE Security and Privacy Magazine
  vol. 16, no. 2 March 2018
  [ PDF, Bib ]
• In rDNS We Trust: Revisiting a Common Data-Source's Reliability
  Tobias Fiebig, Kevin Borgolte, Shuang Hao, Christopher Kruegel, Giovanni Vigna, Anja Feldmann
  Proceedings of the Passive and Active Measurement Conference (PAM)
  Berlin, Germany March 2018
  [ PDF, Bib ]
• Broken Fingers: On the Usage of the Fingerprint API in Android
  Antonio Bianchi, Yanick Fratantonio, Aravind Machiry, Christopher Kruegel, Giovanni Vigna, Pak Chung, Wenke Lee
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2018
  [ PDF, Bib ]
• Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates
  Kevin Borgolte, Tobias Fiebig, Shuang Hao, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2018
  [ PDF, Bib ]
• Exploitation and Mitigation of Authentication Schemes Based on Device-Public Information
  Antonio Bianchi, Eric Gustafson, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Annual Computer Security Application Conference (ACSAC)
  Orlando, FL December 2017
  [ PDF, Bib ]
• Piston: Uncooperative Remote Runtime Patching
  Christopher Salls, Yan Shoshitaishvili, Nick Stephens, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Orlando, FL December 2017
  [ PDF, Bib ]
• Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance
  Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Dallas, TX October 2017
  [ PDF, Bib ]
• POISED: Spotting Twitter Spam Off the Beaten Paths
  Shirin Nilizadeh, Francois Labreche, Alireza Sadighian, Ali Zand, Jose Fernandez, Christopher Kruegel, Gianluca Stringhini, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Dallas, TX October 2017
  [ PDF, Bib ]
• DIFUZE: Interface Aware Fuzzing for Kernel Drivers
  Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Dallas, TX October 2017
  [ PDF, Bib ]
• How Shall We Play a Game: A Game-Theoretical Model for Cyber-warfare Games
  Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna, David Brumley
  Proceedings of the IEEE Computer Security Foundations Symposium (CSF)
  Santa Barbara, CA August 2017
  [ PDF, Bib ]
• DR.CHECKER: A Soundy Analysis for Linux Kernel Drivers
  Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Vancouver, BC August 2017
  [ PDF, Bib ]
• Shell We Play A Game? CTF-as-a-service for Security Education
  Erik Trickel, Francesco Disperati, Eric Gustafson, Faezeh Kalantari, Mike Mabey, Naveen Tiwari, Yeganeh Safaei, Adam Doupe, Giovanni Vigna
  Proceedings of the USENIX Workshop on Advances in Security Education (ASE)
  Vancouver, BC August 2017
  [ PDF, Bib ]
• BootStomp: On the Security of Bootloaders in Mobile Devices
  Nilo Redini, Aravind Machiry, Dipanjan Das, Yanick Fratantonio, Antonio Bianchi, Eric Gustafson, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Vancouver, BC August 2017
  [ PDF, Bib ]
• Towards Detecting Compromised Accounts on Social Networks
  Manuel Egele, Gianluca Stringhini, Christopher Kruegel, Giovanni Vigna
  IEEE Transactions on Dependable and Secure Computing
  vol. 14, no. 4 July/August 2017
  [ PDF, Bib ]
• Gossip: Automatically Identifying Malicious Domains from Mailing List Discussions
  Cheng Huang, Shuang Hao, Luca Invernizzi, Jiayong Liu, Yong Fang, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Asia Conference on Computer and Communications Security (AsiaCCS)
  Abu Dhabi, UAE April 2017
  [ PDF, Bib ]
• Something From Nothing (There): Collecting Global IPv6 Datasets From DNS
  Tobias Fiebig, Kevin Borgolte, Shuang Hao, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Passive Active Measurement Conference (PAM)
  Sydney, Australia March 2017
  [ PDF, Bib ]
• Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
  Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2017
  [ PDF, Bib ]
• BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments
  Aravind Machiry, Eric Gustafson, Chad Spensky, Christopher Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Choe, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2017
  [ PDF, Bib ]
• Ramblr: Making Reassembly Great Again
  Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2017
  [ PDF, Bib ]
• Cyber Grand Shellphish
  Shellphish Group
  Phrack Magazine
  Online Publication January 2017
  [ PDF, Bib ]
• Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
  Victor Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Vienna, Austria October 2016
  [ PDF, Bib ]
• Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory
  Marius Muench, Fabio Pagani, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna, Davide Balzarotti
  Proceedings of the International Symposium on Research in Attacks, Intrusions and Defense (RAID)
  Evry, France September 2016
  [ PDF, Bib ]
• On the Privacy and Security of the Ultrasound Ecosystem
  Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico Maggi, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Privacy Enhancing Technologies Symposium (PETS)
  Minneapolis, MN July 2016
  [ PDF, Bib ]
• (State of) The Art of War: Offensive Techniques in Binary Analysis
  Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Audrey Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  San Jose, CA May 2016
  [ PDF, Bib ]
• TriggerScope: Towards Detecting Logic Bombs in Android Apps
  Yanick Fratantonio, Antonio Bianchi, William Robertson, Engin Kirda, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  San Jose, CA May 2016
  [ PDF, Bib ]
• Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy
  Vitor Afonso, Antonio Bianchi, Yanick Fratantonio, Adam Doupe, Mario Polino, Paulo Geus, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2016
  [ PDF, Bib ]
• Driller: Augmenting Fuzzing Through Selective Symbolic Execution
  Nick Stephens, John Grosen, Christopher Salls, Audrey Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2016
  [ PDF, Bib ]
• Grab 'n Run: Secure and Practical Dynamic Code Loading for Android Applications
  Luca Falsina, Yanick Fratantonio, Stefano Zanero, Christopher Kruegel, Giovanni Vigna, Federico Maggi
  Proceedings of the Annual Computer Security Application Conference (ACSAC)
  Los Angeles, CA December 2015
  [ PDF, Bib ]
• Know Your Achilles' Heel: Automatic Detection of Network Critical Services
  Ali Zand, Amir Houmansadr, Giovanni Vigna, Richard Kemmerer, Christopher Kruegel
  Proceedings of the Annual Computer Security Application Conference (ACSAC)
  Los Angeles, CA December 2015
  [ PDF, Bib ]
• BareDroid: Large-Scale Analysis of Android Apps on Real Devices
  Simone Mutti, Yanick Fratantonio, Antonio Bianchi, Luca Invernizzi, Jacopo Corbetta, Dhilung Kirat, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Annual Computer Security Application Conference (ACSAC)
  Los Angeles, CA December 2015
  [ PDF, Bib ]
• MalGene: Automatic Extraction of Malware Analysis Evasion Signature
  Dhilung Kirat, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Denver, CO October 2015
  [ PDF, Bib ]
• NJAS: Sandboxing Unmodified Applications in non-rooted Devices Running Stock Android
  Antonio Bianchi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM)
  Denver, CO October 2015
  [ PDF, Bib ]
• Drops for Stuff: An Analysis of Reshipping Mule Scams
  Shuang Hao, Kevin Borgolte, Nick Nikiforakis, Gianluca Stringhini, Manuel Egele, Michael Eubanks, Brian Krebs, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Denver, CO October 2015
  [ PDF, Bib ]
• CLAPP: Characterizing Loops in Android Applications
  Yanick Fratantonio, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Symposium on the Foundations of Software Engineering (FSE)
  Bergamo, Italy September 2015
  [ PDF, Bib ]
• How the ELF Ruined Christmas
  Alessandro Federico, Amat Cama, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Washington, D.C. August 2015
  [ PDF, Bib ]
• EvilCohort: Detecting Communities Of Malicious Accounts On Online Services
  Gianluca Stringhini, Pierre Mourlanne, Gregoire Jacob, Manuel Egele, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Washington, DC August 2015
  [ PDF, Bib ]
• Prison: Tracking Process Interactions to Contain Malware
  Benjamin Caillat, Bob Gilbert, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Symposium on Cyberspace Safety and Security (CSS)
  New York, USA August 2015
  [ PDF, Bib ]
• ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities
  Michael Weissbacher, William Robertson, Engin Kirda, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Washington, D.C. August 2015
  [ PDF, Bib ]
• Meerkat: Detecting Website Defacements through Image-based Object Recognition
  Kevin Borgolte, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Washington, D.C. August 2015
  [ PDF, Bib ]
• On the Security and Engineering Implications of Finer-Grained Access Controls for Android Developers and Users
  Yanick Fratantonio, Antonio Bianchi, William Robertson, Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna
  Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
  Milan, Italy July 2015
  [ PDF, Bib ]
• Portrait of a Privacy Invasion: Detecting Relationships Through Large-scale Photo Analysis
  Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings on Privacy Enhancing Technologies Symposium (PETS)
  Philadelphia, PA June 2015
  [ PDF, Bib ]
• Framing Dependencies Introduced by Underground Commoditization
  Kurt Thomas, Danny Huang, David Wang, Elie Bursztein, Chris Grier, Thomas Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, Giovanni Vigna
  Proceedings of the Workshop on the Economics of Information Security (WEIS)
  The Netherlands June 2015
  [ PDF, Bib ]
• What the App is That? Deception and Countermeasures in the Android User Interface
  Antonio Bianchi, Jacopo Corbetta, Luca Invernizzi, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  San Jose, CA May 2015
  [ PDF, Bib ]
• A Large-Scale Study of Mobile Web App Security
  Patrick Mutchler, Adam Doupe, John Mitchell, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Workshop Mobile Security Technology (MoST)
  San Jose May 2015
  [ PDF, Bib ]
• Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
  Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2015
  [ PDF, Bib ]
• EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework
  Yinzhi Cao, Yanick Fratantonio, Antonio Bianchi, Manuel Egele, Christopher Kruegel, Giovanni Vigna, Yan Chen
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2015
  [ PDF, Bib ]
• The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements (short paper)
  Apostolis Zarras, Alexandros Kapravelos, Gianluca Strighini, Thorsten Holz, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM SIGCOMM Conference on Internet Measurement Conference (IMC)
  Vancouver, Canada November 2014
  [ PDF, Bib ]
• Protecting Web Single Sign-on against Relying party Impersonation Attacks through a Bi-directional Secure Channel with Authentication
  Yinzhi Cao, Yan Shoshitaishvili, Kevin Borgolte, Christopher Kruegel, Giovanni Vigna, Yan Chen
  Proceedings of the International Symposium on Research in Attacks, Intrusions and Defense (RAID)
  Gothenburgh, Sweden September 2014
  [ PDF, Bib ]
• Eyes of a Human, Eyes of a Program: Leveraging different views of the web for analysis and detection
  Jacopo Corbetta, Luca Invernizzi, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Symposium on Research in Attacks, Intrusions and Defense (RAID)
  Gothenburgh, Sweden September 2014
  [ PDF, Bib ]
• Ten Years of iCTF: The Good, The Bad, and The Ugly
  Giovanni Vigna, Kevin Borgolte, Jacopo Corbetta, Adam Doupe, Yanick Fratantonio, Luca Invernizzi, Dhilung Kirat, Yan Shoshitaishvili
  Proceedings of the USENIX Summit on Gaming, Games and Gamification in Security Education (3GSE)
  San Diego, CA August 2014
  [ PDF, Bib ]
• Hulk: Eliciting Malicious Behavior in Browser Extensions
  Alexandros Kapravelos, Chris Grier, Neha Chachra, Christopher Kruegel, Giovanni Vigna, Vern Paxson
  Proceedings of the USENIX Security Symposium
  San Diego, USA August 2014
  [ PDF, Bib ]
• BareCloud: Bare-metal Analysis-based Evasive Malware Detection
  Dhilung Kirat, Giovanni Vigna, Christopher Kruegel
  Proceedings of the USENIX Security Symposium
  San Diego, CA August 2014
  [ PDF, Bib ]
• PExy: The other side of Exploit Kits
  Giancarlo Maio, Alexandros Kapravelos, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
  London, UK July 2014
  [ PDF, Bib ]
• The Harvester, the Botmaster, and the Spammer: On the Relations Between the Different Actors in the Spam Landscape
  Gianluca Stringhini, Oliver Hohlfeld, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS)
  Kyoto, Japan June 2014
  [ PDF, Bib ]
• The Tricks of the Trade: What Makes Spam Campaigns Successful?
  Jane Iedemska, Gianluca Stringhini, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Workshop on Cyber Crime (IWCC)
  San Jose, CA May 2014
  [ PDF, Bib ]
• Relevant Change Detection: A Framework for the Precise Extraction of Modified and Novel Web-based Content as a Filtering Technique for Analysis Engines
  Kevin Borgolte, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Developers' Track of the International World Wide Web Conference (WWWdev)
  Seoul, Korea April 2014
  [ PDF, Bib ]
• Stranger Danger: Exploring the Ecosystem of Ad-based URL Shortening Services
  Nick Nikiforakis, Federico Maggi, Gianluca Stringhini, M Rafique, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna, Stefano Zanero
  Proceedings of the International World Wide Web Conference (WWW)
  Seoul, South Korea April 2014
  [ PDF, Bib ]
• Rippler: Delay Injection for Service Dependency Detection
  Ali Zand, Giovanni Vigna, Richard Kemmerer, Christopher Kruegel
  Proceedings of IEEE INFOCOM Conference
  Toronto, Canada April 2014
  [ PDF, Bib ]
• Extracting Probable Command and Control Signatures for Detecting Botnets
  Ali Zand, Giovanni Vigna, Xifeng Yan, Christopher Kruegel
  Proceedings of the ACM Symposium on Applied Computing (SAC)
  Gyeongju, Korea March 2014
  [ PDF, Bib ]
• Do You Feel Lucky? A Large-Scale Analysis of Risk-Rewards Trade-Offs in Cyber Security
  Yan Shoshitaishvili, Luca Invernizzi, Adam Doupe, Giovanni Vigna
  Proceedings of the ACM Symposium on Applied Computing (SAC)
  Gyeongju, Korea March 2014
  [ PDF, Bib ]
• Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications
  Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2014
  [ PDF, Bib ]
• Nazca: Detecting Malware Distribution in Large-Scale Networks
  Luca Invernizzi, Stanislav Miskovic, Ruben Torres, Sabyaschi Saha, Sung-Ju Lee, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2014
  [ PDF, Bib ]
• Message In A Bottle: Sailing Past Censorship
  Luca Invernizzi, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  New Orleans, USA December 2013
  [ PDF, Bib ]
• SARVAM: Search And RetrieVAl of Malware
  Lakshmnanan Nataraj, Dhilung Kirat, B.S. Manjunath, Giovanni Vigna
  Annual Computer Security Applications Conference (ACSAC) Workshop on Next Generation Malware Attacks and Defense (NGMAD)
  New Orleans, USA December 2013
  [ PDF, Bib ]
• SigMal: A Static Signal Processing Based Malware Triage
  Dhilung Kirat, Lakshmanan Nataraj, Giovanni Vigna, B.S. Manjunath
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  New Orleans, USA December 2013
  [ PDF, Bib ]
• Shady Paths: Leveraging Surfing Crowds to Detect Malicious Web Pages
  Gianluca Stringhini, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Berlin, Germany November 2013
  [ PDF, Bib ]
• Delta: Automatic Identification of Unknown Web-based Infection Campaigns
  Kevin Borgolte, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Berlin, Germany November 2013
  [ PDF, Bib ]
• deDacota: Toward Preventing Server-Side XSS via Automatic Code and Data Separation
  Adam Doupe, Weidong Cui, Mariusz Jakubowski, Marcus Peinado, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Berlin, Germany November 2013
  [ PDF, Bib ]
• Practical Attacks Against The I2P Network
  Christoph Egger, Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
  St. Lucia October 2013
  [ PDF, Bib ]
• Follow the Green: Growth and Dynamics in Twitter Follower Markets
  Gianluca Stringhini, Gang Wang, Manuel Egele, Christopher Kruegel, Giovanni Vigna, Haitao Zheng, Ben Zhao
  Proceedings of the Internet Measurement Conference (IMC)
  Barcelona, Spain October 2013
  [ PDF, Bib ]
• Steal This Movie - Automatically Bypassing DRM Protection in Streaming Media Services
  Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Washington, D.C. August 2013
  [ PDF, Bib ]
• Revolver: An Automated Approach to the Detection of Evasive Web-based Malware
  Alexandros Kapravelos, Yan Shoshitaishvili, Marco Cova, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Washington, D.C. August 2013
  [ PDF, Bib ]
• Formulating Cyber-Security as Convex Optimization Problems
  Kyriakos Vamvoudakis, Joao Hespanha, Richard Kemmerer, Giovanni Vigna
  Control of Cyber-Physical Systems
  Lecture Notes in Control and Information Sciences July 2013
  [ PDF, Bib ]
• Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting
  Nick Nikiforakis, Alexandros Kapravelos, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  S. Francisco, CA May 2013
  [ PDF, Bib ]
• Two Years of Short URLs Internet Measurement: Security Threats and Countermeasures
  Federico Maggi, Alessandro Frossi, Stefano Zanero, Gianluca Stringhini, Brett Stone-Gross, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International World Wide Web Conference (WWW)
  Rio de Janeiro, Brazil May 2013
  [ PDF, Bib ]
• EARs in the Wild: Large-Scale Analysis of Execution After Redirect Vulnerabilities
  Pierre Payet, Adam Doupe, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Symposium On Applied Computing (SAC)
  Coimbra, Portugal March 2013
  [ PDF, Bib ]
• COMPA: Detecting Compromised Accounts on Social Networks
  Manuel Egele, Gianluca Stringhini, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ISOC Network and Distributed Systems Symposium (NDSS)
  San Diego, CA February 2013
  [ PDF, Bib ]
• Jarhead: Analysis and Detection of Malicious Java Applets
  Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Orlando, FL December 2012
  [ PDF, Bib ]
• BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection
  Florian Tegeler, Xiaoming Fu, Giovanni Vigna, Christopher Kruegel
  Proceedings of the ACM Conference on emerging Networking EXperiments and Technologies (CoNEXT)
  Nice, France December 2012
  [ PDF, Bib ]
• You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions
  Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Raleigh, NC October 2012
  [ PDF, Bib ]
• Blacksheep: Detecting Compromised Hosts in Homogeneous Crowds
  Antonio Bianchi, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  USA October 2012
  [ PDF, Bib ]
• FlashDetect: ActionScript 3 malware detection
  Timon Overveldt, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Symposium on Research in Attacks, Intrusions and Defenses (RAID)
  The Netherlands September 2012
  [ PDF, Bib ]
• Poultry Markets: On the Underground Economy of Twitter Followers
  Gianluca Stringhini, Manuel Egele, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Workshop on Online Social Networks (WOSN)
  Helsinki, Finland August 2012
  [ PDF, Bib ]
• PUBCRAWL: Protecting Users and Businesses from CRAWLers
  Gregoire Jacob, Engin Kirda, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Bellevue, WA August 2012
  [ PDF, Bib ]
• Enemy of the State: A State-Aware Black-Box Vulnerability Scanner
  Adam Doupe, Ludovico Cavedon, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Bellevue, WA August 2012
  [ PDF, Bib ]
• B@bel: Leveraging Email Delivery for Spam Mitigation
  Gianluca Stringhini, Manuel Egele, Apostolis Zarras, Thorsten Holz, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Bellevue, WA August 2012
  [ PDF, Bib ]
• A Static, Packer-agnostic Filter to Detect Similar Malware Samples
  Gregoire Jacob, Paolo Comparetti, Matthias Neugschwandtner, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
  Crete, Greece July 2012
  [ PDF, Bib ]
• Message In A Bottle: Sailing Past Censorship
  Luca Invernizzi, Christopher Kruegel, Giovanni Vigna
  Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETS)
  Vigo, Spain July 2012
  [ PDF, Bib ]
• Tracking Memory Writes for Malware Classification and Code Reuse Identification
  Andre Gregio, Paulo Geus, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
  Crete, Greece July 2012
  [ PDF, Bib ]
• EvilSeed: A Guided Approach to Finding Malicious Web Pages
  Luca Invernizzi, Stefano Benvenuti, Marco Cova, Paolo Milani-Comparetti, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  S. Francisco, CA May 2012
  [ PDF, Bib ]
• Nexat: A History-Based Approach to Predict Attacker Actions
  Casey Cipriano, Ali Zand, Amir Houmansadr, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Orlando, FL December 2011
  [ PDF, Bib ]
• BareBox: Efficient Malware Analysis on Bare Metal
  Dhilung Kirat, Giovanni Vigna, Christopher Kruegel
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Orlando, FL December 2011
  [ PDF, Bib ]
• Hit 'em Where it Hurts: A Live Security Exercise on Cyber Situational Awareness
  Adam Doupe, Manuel Egele, Benjamin Caillat, Gianluca Stringhini, Gorkem Yakin, Ali Zand, Ludovico Cavedon, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Orlando, FL December 2011
  [ PDF, Bib ]
• Understanding Fraudulent Activities in Online Ad Exchanges
  Brett Stone-Gross, Ryan Stevens, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna, Apostolis Zarras
  Proceedings of the Internet Measurement Conference (IMC)
  Berlin, Germany November 2011
  [ PDF, Bib ]
• Fear the EAR: Discovering and Mitigating Execution After Redirect Vulnerabilities
  Adam Doupe, Bryce Boe, Christopher Kruegel, Giovanni Vigna
  Proceeding of the ACM Conference on Computer and Communications Security (CCS)
  Chicago, IL October 2011
  [ PDF, Bib ]
• Dymo: Tracking Dynamic Code Identity
  Bob Gilbert, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Symposium on Recent Advances in Intrusion Detection (RAID)
  S. Francisco, CA September 2011
  [ PDF, Bib ]
• Shellzer: a tool for the dynamic analysis of malicious shellcode
  Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Symposium on Recent Advances in Intrusion Detection (RAID)
  S. Francisco, CA September 2011
  [ PDF, Bib ]
• Getting the Face Behind the Squares: Reconstructing Pixelized Video Streams
  Ludovico Cavedon, Luca Foschini, Giovanni Vigna
  Proceedings of the USENIX Workshop On Offensive Technologies (WOOT)
  San Francisco, CA August 2011
  [ PDF, Bib ]
• BotMagnifier: Locating Spambots on the Internet
  Gianluca Stringhini, Thorsten Holz, Brett Stone-Gross, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  S. Francisco, CA August 2011
  [ PDF, Bib ]
• MISHIMA: Multilateration of Internet hosts hidden using malicious fast-flux agents
  Greg Banks, Aristide Fattori, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna
  Proceedings of Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
  Amsterdam, The Netherlands July 2011
  [ PDF, Bib ]
• Escape from Monkey Island: Evading High-Interaction Honeyclients
  Alexandros Kapravelos, Marco Cova, Christopher Kruegel, Giovanni Vigna
  Proceedings of Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
  Amsterdam, The Netherlands July 2011
  [ PDF, Bib ]
• The Underground Economy of Fake Antivirus Software
  Brett Stone-Gross, Ryan Abman, Richard Kemmerer, Christopher Kruegel, Doug Steigerwald, Giovanni Vigna
  Proceedings of the Workshop on Economics of Information Security (WEIS)
  Washington, DC June 2011
  [ PDF, Bib ]
• Challenges for Dynamic Analysis of iOS Applications
  Martin Szydlowski, Manuel Egele, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Workshop on Open Research Problems in Network Security (iNetSec)
  Luzerne, Switzerland June 2011
  [ PDF, Bib ]
• Proceedings of the IEEE Symposium on Security and Privacy
  Giovanni Vigna, Somesh Jha
  IEEE
  Oakland, CA May 2011
  [ PDF, Bib ]
• Peering Through the iFrame
  Brett Stone-Gross, Marco Cova, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Conference on Computer Communications (INFOCOM) Mini Conference
  Shanghai, China April 2011
  [ PDF, Bib ]
• The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns
  Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, Giovanni Vigna
  USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)
  Boston, MA March 2011
  [ PDF, Bib ]
• Prophiler: A Fast Filter for the Large-Scale Detection of Malicious Web Pages
  Davide Canali, Marco Cova, Christopher Kruegel, Giovanni Vigna
  Proceedings of the World Wide Web Conference (WWW)
  Hiderabad, India March 2011
  [ PDF, Bib ]
• PiOS: Detecting Privacy Leaks in iOS Applications
  Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2011
  [ PDF, Bib ]
• Analysis of a Botnet Takeover
  Brett Stone-Gross, Marco Cova, Bob Gilbert, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna
  IEEE Security and Privacy Magazine
  vol. 9, no. 1 January 2011
  [ PDF, Bib ]
• Network Intrusion Detection: Dead or Alive?
  Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Austin, TX December 2010
  [ PDF, Bib ]
• Detecting Spammers on Social Networks
  Gianluca Stringhini, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Austin, TX December 2010
  [ PDF, Bib ]
• Toward Automated Detection of Logic Vulnerabilities in Web Applications
  Vika Felmetsger, Ludovico Cavedon, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Washington, DC August 2010
  [ PDF, Bib ]
• Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners
  Adam Doupe, Marco Cova, Giovanni Vigna
  Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
  Bonn, Germany July 2010
  [ PDF, Bib ]
• Organizing Large Scale Hacking Competitions
  Nicholas Childers, Bryce Boe, Lorenzo Cavallaro, Ludovico Cavedon, Marco Cova, Manuel Egele, Giovanni Vigna
  Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
  Bonn, Germany July 2010
  [ PDF, Bib ]
• An Experience in Testing the Security of Real-world Electronic Voting Systems
  Davide Balzarotti, Greg Banks, Marco Cova, Vika Felmetsger, Richard Kemmerer, Wil Robertson, Fredrik Valeur, Giovanni Vigna
  IEEE Transactions on Software Engineering
  vol. 36, no. 4 July/August 2010
  [ PDF, Bib ]
• Proceedings of the IEEE Symposium on Security and Privacy
  David Evans, Giovanni Vigna
  IEEE
  Oakland, CA May 2010
  [ PDF, Bib ]
• Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code
  Marco Cova, Christopher Kruegel, Giovanni Vigna
  Proceedings of the World Wide Web Conference (WWW)
  Raleigh, NC April 2010
  [ PDF, Bib ]
• Are BGP Routers Open To Attack? An Experiment
  Ludovico Cavedon, Christopher Kruegel, Giovanni Vigna
  Proceedings of the iNetSec Conference
  Sophia, Bulgaria March 2010
  [ PDF, Bib ]
• Efficient Detection of Split Personalities in Malware
  Davide Balzarotti, Marco Cova, Christoph Karlberger, Christopher Kruegel, Engin Kirda, Giovanni Vigna
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2010
  [ PDF, Bib ]
• Effective Anomaly Detection with Scarce Training Data
  William Robertson, Federico Maggi, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2010
  [ PDF, Bib ]
• Analyzing and Detecting Malicious Flash Advertisements
  Sean Ford, Marco Cova, Christopher Kruegel, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Honolulu, HI December 2009
  [ PDF, Bib ]
• Your Botnet is My Botnet: Analysis of a Botnet Takeover
  Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Chicago, IL November 2009
  [ PDF, Bib ]
• Automated Spyware Collection and Analysis
  Andreas Stamminger, Christopher Kruegel, Giovanni Vigna, Engin Kirda
  Proceedings of the Information Security Conference (ISC)
  Pisa, Italy September 2009
  [ PDF, Bib ]
• Protecting a Moving Target: Addressing Web Application Concept Drift
  Federico Maggi, Wil Robertson, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID)
  Saint-Malo, France September 2009
  [ PDF, Bib ]
• Static Enforcement of Web Application Integrity Through Strong Typing
  Wil Robertson, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Montreal, Canada August 2009
  [ PDF, Bib ]
• Client-Side Cross-Site Scripting Protection
  Engin Kirda, Nenad Jovanovic, Christopher Kruegel, Giovanni Vigna
  Computers and Security
  vol. 28, no. 7 July 2009
  [ PDF, Bib ]
• Reducing Errors in the Anomaly-based Detection of Web-Based Attacks through the Combined Analysis of Web Requests and SQL Queries
  Giovanni Vigna, Fredrik Valeur, Davide Balzarotti, William Robertson, Christopher Kruegel, Engin Kirda
  Journal of Computer Security
  vol. 17, no. 3 March 2009
  [ PDF, Bib ]
• Proceedings of the 16th Annual Network & Distributed System Security Symposium
  Giovanni Vigna
  Internet Society
  San Diego, CA February 2009
  [ PDF, Bib ]
• A Parallel Architecture for Stateful, High-Speed Intrusion Detection
  Luca Foschini, Ashish Thapliyal, Lorenzo Cavallaro, Christopher Kruegel, Giovanni Vigna
  Proceedings of the International Conference on Information Systems Security (ICISS)
  Hyderabad, India December 2008
  [ PDF, Bib ]
• There is No Free Phish: An Analysis of Free and Live Phishing Kits
  Marco Cova, Christopher Kruegel, Giovanni Vigna
  Proceedings of the USENIX Workshop On Offensive Technologies (WOOT)
  San Jose, CA August 2008
  [ PDF, Bib ]
• Are Your Votes Really Counted? Testing the Security of Real-world Electronic Voting Systems
  Davide Balzarotti, Greg Banks, Marco Cova, Vika Felmetsger, Richard Kemmerer, Wil Robertson, Fredrik Valeur, Giovanni Vigna
  Proceedings of he International Symposium on Software Testing and Analysis (ISSTA)
  Seattle, WA July 2008
  [ PDF, Bib ]
• ClearShot: Eavesdropping on Keyboard Input from Video
  Davide Balzarotti, Marco Cova, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  Oakland, CA May 2008
  [ PDF, Bib ]
• Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
  Davide Balzarotti, Marco Cova, Vika Felmetsger, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, Giovanni Vigna
  Proceedings of the IEEE Symposium on Security and Privacy
  Oakland, CA May 2008
  [ PDF, Bib ]
• EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing
  Patrick McDaniel, Matt Blaze, Giovanni Vigna
  Ohio Secretary of State's EVEREST Project Report
  December 2007
  [ PDF, Bib ]
• Improving Signature Testing Through Dynamic Data Flow Analysis
  Christopher Kruegel, Davide Balzarotti, Wil Robertson, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Miami, FL December 2007
  [ PDF, Bib ]
• Feature Omission Vulnerabilities: Thwarting Signature Generation for Polymorphic Worms
  Matt Gundy, Hao Chen, Zhendong Su, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Miami, FL December 2007
  [ PDF, Bib ]
• Extending .NET Security to Unmanaged Code
  Patrick Klinkoff, Engin Kirda, Christopher Kruegel, Giovanni Vigna
  International Journal of Information Security
  vol. 6, no. 6 October 2007
  [ PDF, Bib ]
• Multi-Module Vulnerability Analysis of Web-based Applications
  Davide Balzarotti, Marco Cova, Vika Felmetsger, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Alexandria, VA October 2007
  [ PDF, Bib ]
• Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications
  Marco Cova, Davide Balzarotti, Vika Felmetsger, Giovanni Vigna
  Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID)
  Gold Coast, Australia September 2007
  [ PDF, Bib ]
• Exploiting Execution Context for the Detection of Anomalous System Calls
  Darren Mutz, Wil Robertson, Giovanni Vigna, Richard Kemmerer
  Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID)
  Gold Coast, Australia September 2007
  [ PDF, Bib ]
• Catch Me, If You Can: Evading Network Signatures with Web-based Polymorphic Worms
  Matt Gundy, Davide Balzarotti, Giovanni Vigna
  Proceedings of the First USENIX Workshop on Offensive Technologies (WOOT)
  Boston, MA August 2007
  [ PDF, Bib ]
• Vulnerability Analysis of Web Applications
  Marco Cova, Vika Felmetsger, Giovanni Vigna
  Testing and Analysis of Web Services
  L. Baresi, E. Dinitto July 2007
  [ PDF, Bib ]
• Security Evaluation of the Sequoia Voting System
  Giovanni Vigna, Richard Kemmerer, Davide Balzarotti, Greg Banks, Marco Cova, Vika Felmetsger, Wil Robertson, Fredrik Valeur
  Top-To-Bottom Review of the California Voting Machines
  July 2007
  [ PDF, Bib ]
• Static Disassembly and Code Analysis
  Giovanni Vigna
  Malware Detection
  M. Christodorescu, S. Jha, D. Maughan, D. Song, C. Wang June 2007
  [ PDF, Bib ]
• Is Code Still Moving Around? Looking Back at a Decade of Code Mobility
  Antonio Carzaniga, Gian Picco, Giovanni Vigna
  Proceedings of the International Conference on Software Engineering (ICSE)
  Minneapolis, MN May 2007
  [ PDF, Bib ]
• Using a Virtual Security Testbed for Digital Forensic Reconstruction
  Andre Arnes, Paul Haas, Giovanni Vigna, Richard Kemmerer
  Journal in Computer Virology
  vol. 2, no. 4 February 2007
  [ PDF, Bib ]
• Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis
  Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, Giovanni Vigna
  Proceeding of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2007
  [ PDF, Bib ]
• Static Detection of Vulnerabilities in x86 Executables
  Marco Cova, Vika Felmetsger, Greg Banks, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Miami, FL December 2006
  [ PDF, Bib ]
• Vulnerability Analysis of MMS User Agents
  Colin Mulliner, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Miami, FL December 2006
  [ PDF, Bib ]
• Using Hidden Markov Models to Evaluate the Risks of Intrusions: System Architecture and Model Validation
  Andre Arnes, Fredrik Valeur, Giovanni Vigna, Richard Kemmerer
  Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID)
  Hamburg, Germany September 2006
  [ PDF, Bib ]
• Behavior-based Spyware Detection
  Engin Kirda, Christopher Kruegel, Greg Banks, Giovanni Vigna, Richard Kemmerer
  Proceedings of the USENIX Security Symposium
  Vancouver, Canada August 2006
  [ PDF, Bib ]
• Extending .NET Security to Unmanaged Code
  Patrick Klinkoff, Christopher Kruegel, Engin Kirda, Giovanni Vigna
  Proceedings of the Information Security Conference (ISC)
  Samos, Greece August 2006
  [ PDF, Bib ]
• SNOOZE: toward a Stateful NetwOrk prOtocol fuzZEr
  Greg Banks, Marco Cova, Vika Felmetsger, Kevin Almeroth, Richard Kemmerer, Giovanni Vigna
  Proceedings of the Information Security Conference (ISC)
  Samos, Greece August 2006
  [ PDF, Bib ]
• Using Labeling to Prevent Cross-Service Attacks Against Smart Phones
  Colin Mulliner, Giovanni Vigna, David Dagon, Wenke Lee
  Proceedings of the Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)
  Berlin, Germany July 2006
  [ PDF, Bib ]
• Digital Forensic Reconstruction and the Virtual Security Testbed ViSe
  Andre Arnes, Paul Haas, Giovanni Vigna, Richard Kemmerer
  Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
  Berlin, Germany June 2006
  [ PDF, Bib ]
• An Anomaly-driven Reverse Proxy for Web Applications
  Fredrik Valeur, Giovanni Vigna, Christopher Kruegel, Engin Kirda
  Proceedings of the ACM Symposium on Applied Computing (SAC)
  Dijon, France April 2006
  [ PDF, Bib ]
• Noxes: A Client-Side Solution for Mitigating Cross Site Scripting Attacks
  Engin Kirda, Christopher Kruegel, Giovanni Vigna, Nenad Jovanovic
  Proceedings of the ACM Symposium on Applied Computing (SAC)
  Dijon, France April 2006
  [ PDF, Bib ]
• Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks
  Wil Robertson, Giovanni Vigna, Christopher Kruegel, Richard Kemmerer
  Proceeding of the Network and Distributed System Security Symposium (NDSS)
  San Diego, CA February 2006
  [ PDF, Bib ]
• Anomalous System Call Detection
  Darren Mutz, Fredrik Valeur, Christopher Kruegel, Giovanni Vigna
  ACM Transactions on Information and System Security
  vol. 9, no. 1 February 2006
  [ PDF, Bib ]
• Host-based Intrusion Detection Systems
  Giovanni Vigna, Christopher Kruegel
  Handbook of Information Security
  H. Bigdoli December 2005
  [ PDF, Bib ]
• Hi-DRA: Intrusion Detection for Internet Security
  Richard Kemmerer, Giovanni Vigna
  IEEE Proceedings
  vol. 93, no. 10 October 2005
  [ PDF, Bib ]
• Polymorphic Worm Detection Using Structural Information of Executables
  Christopher Kruegel, Engin Kirda, Darren Mutz, Wil Robertson, Giovanni Vigna
  Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID)
  Seattle, WA September 2005
  [ PDF, Bib ]
• A Multi-model Approach to the Detection of Web-based Attacks
  Christopher Kruegel, Giovanni Vigna, Wil Robertson
  Computer Networks
  vol. 48, no. 5 August 2005
  [ PDF, Bib ]
• Automating Mimicry Attacks Using Static Binary Analysis
  Christopher Kruegel, Engin Kirda, Darren Mutz, Wil Robertson, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Baltimore, MD August 2005
  [ PDF, Bib ]
• A Learning-Based Approach to the Detection of SQL Attacks
  Fredrik Valeur, Darren Mutz, Giovanni Vigna
  Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
  Vienna, Austria July 2005
  [ PDF, Bib ]
• Detecting Malicious JavaScript Code in Mozilla
  Oystein Hallaraker, Giovanni Vigna
  Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS)
  Shanghai, China June 2005
  [ PDF, Bib ]
• Exploiting OS-level Mechanisms to Implement Mobile Code Security
  Vika Felmetsger, Giovanni Vigna
  Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS)
  Shanghai, China June 2005
  [ PDF, Bib ]
• Intrusion Detection and Correlation: Challenges and Solutions
  Christopher Kruegel, Fredrik Valeur, Giovanni Vigna
  Springer
  Advances in Information Security June 2005
  [ PDF, Bib ]
• Reverse Engineering of Network Signatures
  Christopher Kruegel, Darren Mutz, Wil Robertson, Giovanni Vigna, Richard Kemmerer
  Proceedings of the AusCERT Asia Pacific Information Technology Security Conference
  Gold Coast, Australia May 2005
  [ PDF, Bib ]
• Sensor Families for Intrusion Detection Infrastructures
  Richard Kemmerer, Giovanni Vigna
  Managing Cyber Threats: Issues, Approaches and Challenges
  V. Kumar, J. Srivastava, A. Lazarevic January 2005
  [ PDF, Bib ]
• An Intrusion Detection Tool for AODV-based Ad Hoc Wireless Networks
  Giovanni Vigna, Sumit Gwalani, Kavitha Srinivasan, Elizabeth Belding-Royer, Richard Kemmerer
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Tucson, AZ December 2004
  [ PDF, Bib ]
• Detecting Kernel-Level Rootkits Through Binary Analysis
  Christopher Kruegel, Wil Robertson, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Tucson, AZ December 2004
  [ PDF, Bib ]
• Detecting Attacks That Exploit Application-Logic Errors Through Application-Level Auditing
  Jingyu Zhou, Giovanni Vigna
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Tucson, AZ December 2004
  [ PDF, Bib ]
• Testing Network-based Intrusion Detection Signatures Using Mutant Exploits
  Giovanni Vigna, Wil Robertson, Davide Balzarotti
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Washington, DC October 2004
  [ PDF, Bib ]
• Using Alert Verification to Identify Successful Intrusion Attempts
  Christopher Kruegel, Wil Robertson, Giovanni Vigna
  Practice in Information Processing and Communication (PIK)
  vol. 27, no. 4 October -- December 2004
  [ PDF, Bib ]
• Static Disassembly of Obfuscated Binaries
  Christopher Kruegel, Wil Robertson, Fredrik Valeur, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  San Diego, CA August 2004
  [ PDF, Bib ]
• A Comprehensive Approach to Intrusion Detection Alert Correlation
  Fredrik Valeur, Giovanni Vigna, Christopher Kruegel, Richard Kemmerer
  IEEE Transactions on Dependable and Secure Computing
  vol. 1, no. 3 July-September 2004
  [ PDF, Bib ]
• Mobile Agents: Ten Reasons For Failure
  Giovanni Vigna
  Proceedings of the IEEE International Conference on Mobile Data Management (MDM)
  Berkeley, CA January 2004
  [ PDF, Bib ]
• An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems
  Darren Mutz, Giovanni Vigna, Richard Kemmerer
  Proceedings of the 2003 Annual Computer Security Applications Conference (ACSAC)
  Las Vegas, Nevada December 2003
  [ PDF, Bib ]
• A Stateful Intrusion Detection System for World-Wide Web Servers
  Giovanni Vigna, Wil Robertson, Vishal Kher, Richard Kemmerer
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Las Vegas, NV December 2003
  [ PDF, Bib ]
• On the Detection of Anomalous System Call Arguments
  Christopher Kruegel, Darren Mutz, Fredrik Valeur, Giovanni Vigna
  Proceedings of the European Symposium on Research in Computer Security (ESORICS)
  Gjovik, Norway October 2003
  [ PDF, Bib ]
• Anomaly Detection of Web-based Attacks
  Christopher Kruegel, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Washington, DC October 2003
  [ PDF, Bib ]
• A Topological Characterization of TCP/IP Security
  Giovanni Vigna
  Proceedings of the International Symposium of Formal Methods Europe (FME)
  Pisa, Italy September 2003
  [ PDF, Bib ]
• Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID)
  Giovanni Vigna, Erland Jonnson, Christopher Kruegel
  LNCS
  Pittsburgh, PA September 2003
  [ PDF, Bib ]
• Designing and Implementing a Family of Intrusion Detection Systems
  Giovanni Vigna, Fredrik Valeur, Richard Kemmerer
  Proceedings of the European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE)
  Helsinki, Finland September 2003
  [ PDF, Bib ]
• Detecting Malicious Java Code Using Virtual Machine Auditing
  Sunil Soman, Chandra Krintz, Giovanni Vigna
  Proceedings of the USENIX Security Symposium
  Washington, DC August 2003
  [ PDF, Bib ]
• Teaching Network Security Through Live Exercises
  Giovanni Vigna
  Proceedings of the Third Annual World Conference on Information Security Education (WISE)
  Monterey, CA June 2003
  [ PDF, Bib ]
• Teaching Hands-On Network Security: Testbeds and Live Exercises
  Giovanni Vigna
  Journal of Information Warfare
  vol. 3, no. 2 February 2003
  [ PDF, Bib ]
• Composable Tools For Network Discovery and Security Analysis
  Giovanni Vigna, Fredrik Valeur, Jingyu Zhou, Richard Kemmerer
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Las Vegas, NV December 2002
  [ PDF, Bib ]
• Mnemosyne: Designing and Implementing Network Short-Term Memory
  Giovanni Vigna, Andrew Mitchell
  Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS)
  Greenbelt, MD December 2002
  [ PDF, Bib ]
• Sensor-Based Intrusion Detection for Intra-Domain Distance-Vector Routing
  Vishal Mittal, Giovanni Vigna
  Proceedings of the ACM Conference on Computer and Communications Security (CCS)
  Washington, DC November 2002
  [ PDF, Bib ]
• Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID)
  Andreas Wespi, Giovanni Vigna, Luca Deri
  LNCS
  Zurich, Switzerland October 2002
  [ PDF, Bib ]
• An Intrusion Detection System for Aglets
  Giovanni Vigna, Bryan Cassell, Dave Fayram
  Proceedings of the International Conference on Mobile Agents (MA)
  Barcelona, Spain October 2002
  [ PDF, Bib ]
• Stateful Intrusion Detection for High-Speed Networks
  Christopher Kruegel, Fredrik Valeur, Giovanni Vigna, Richard Kemmerer
  Proceedings of the IEEE Symposium on Security and Privacy
  Oakland, CA May 2002
  [ PDF, Bib ]
• Intrusion Detection: A Brief History and Overview
  Richard Kemmerer, Giovanni Vigna
  IEEE Computer
  vol. 1, no. 1 April 2002
  [ PDF, Bib ]
• STATL: An Attack Language for State-based Intrusion Detection
  Steve Eckmann, Giovanni Vigna, Richard Kemmerer
  Journal of Computer Security
  vol. 10, no. 1/2 January 2002
  [ PDF, Bib ]
• Evaluating the Security Of Three Java-Based Mobile Agent Systems
  Sebastian Fischmeister, Giovanni Vigna, Richard Kemmerer
  Proceedings of the International Conference on Mobile Agents (MA)
  Atlanta, GA December 2001
  [ PDF, Bib ]
• Designing a Web of Highly-Configurable Intrusion Detection Sensors
  Giovanni Vigna, Richard Kemmerer, Per Blix
  Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID)
  Davis, CA October 2001
  [ PDF, Bib ]
• MASSA: Mobile Agents Security through Static/Dynamic Analysis
  Alessandro Orso, Mary Harrold, Giovanni Vigna
  Proceedings of the ICSE Workshop on Software Engineering and Mobility (WSEM)
  Toronto, Canada April 2001
  [ PDF, Bib ]
• Security Testing of an Online Banking Service
  Andre Santos, Giovanni Vigna, Richard Kemmerer
  E-Commerce Security and Privacy
  A. Ghosh January 2001
  [ PDF, Bib ]
• STATL: An Attack Language for State-based Intrusion Detection
  Steve Eckmann, Giovanni Vigna, Richard Kemmerer
  Proceedings of the ACM Workshop on Intrusion Detection Systems
  Athens, Greece November 2000
  [ PDF, Bib ]
• Security Testing of the Online Banking Service of a Large International Bank
  Andre Santos, Giovanni Vigna, Richard Kemmerer
  Proceedings of the ACM Workshop on Security and Privacy in E-Commerce (WSPEC)
  Athens, Greece November 2000
  [ PDF, Bib ]
• Attack Languages
  Giovanni Vigna, Steve Eckmann, Richard Kemmerer
  Proceedings of the IEEE Information Survivability Workshop (ISW)
  Boston, MA October 2000
  [ PDF, Bib ]
• The STAT Tool Suite
  Giovanni Vigna, Steve Eckmann, Richard Kemmerer
  Proceedings of DISCEX
  Hilton Head, SC January 2000
  [ PDF, Bib ]
• Security Analysis of Mobile Code Systems
  Sebastian Fischmeister, Giovanni Vigna
  Technical Report
  Department of Computer Science, UCSB December 1999
  [ PDF, Bib ]
• NetSTAT: A Network-based Intrusion Detection System
  Giovanni Vigna, Richard Kemmerer
  Journal of Computer Security
  vol. 7, no. 1 January 1999
  [ PDF, Bib ]
• NetSTAT: A Network-based Intrusion Detection Approach
  Giovanni Vigna, Richard Kemmerer
  Proceedings of the Annual Computer Security Applications Conference (ACSAC)
  Scottsdale, AZ December 1998
  [ PDF, Bib ]
• Software Engineering Issues in Network Computing
  Carlo Ghezzi, Giovanni Vigna
  Requirements Targeting Software and Systems Engineering
  M. Broy, B. Rumpe August 1998
  [ PDF, Bib ]
• Cryptographic Traces for Mobile Agents
  Giovanni Vigna
  Mobile Agents and Security
  LNCS State-of-the-Art Survey June 1998
  [ PDF, Bib ]
• A Model-Centered Electronic Commerce Middleware
  Giovanni Vigna, Luca Bonomi
  Proceedings of the International IFIP Working Conference on Trends in Electronic Commerce (TrEC)
  Hamburg, Germany June 1998
  [ PDF, Bib ]
• Mobile Agents and Security
  Giovanni Vigna
  LNCS State-of-the-Art Survey
  Springer-Verlag June 1998
  [ PDF, Bib ]
• Understanding Code Mobility
  Alfonso Fuggetta, Gian Picco, Giovanni Vigna
  IEEE Transactions on Software Engineering
  vol. 24, no. 5 May 1998
  [ PDF, Bib ]
• Towards a Software Engineering Approach to Web Site Development
  Francesco Coda, Carlo Ghezzi, Giovanni Vigna, Franca Garzotto
  Proceedings of the International Workshop on Software Specification and Design
  Ise-Shima, Japan April 1998
  [ PDF, Bib ]
• Mobile Code Technologies, Paradigms, and Applications
  Giovanni Vigna
  Politecnico di Milano
  PhD Thesis February 1998
  [ PDF, Bib ]
• Protecting Mobile Agents through Tracing
  Giovanni Vigna
  Proceedings of the International ECOOP Workshop on Mobile Object Systems
  Jyvaskyla, Finland June 1997
  [ PDF, Bib ]
• Mobile Code Paradigms and Technologies: A Case Study
  Carlo Ghezzi, Giovanni Vigna
  Proceedings of the International Workshop on Mobile Agents (MA)
  Berlin, Germany April 1997
  [ PDF, Bib ]
• Designing Distributed Applications with Mobile Code Paradigms
  Antonio Carzaniga, Gian Picco, Giovanni Vigna
  Proceedings of the International Conference on Software Engineering (ICSE)
  Boston, MA April 1997
  [ PDF, Bib ]
• Analyzing Mobile Code Languages
  Gianpaolo Cugola, Carlo Ghezzi, Gian Picco, Giovanni Vigna
  Mobile Object Systems: Towards the Programmable Internet
  J. Vitek, C. Tschudin April 1997
  [ PDF, Bib ]
• A Topological Characterization of TCP/IP Security
  Giovanni Vigna
  Technical Report
  Politecnico di Milano November 1996
  [ PDF, Bib ]
• A Characterization of Mobility and State Distribution in Mobile Code Languages
  Gianpaolo Cugola, Carlo Ghezzi, Gian Picco, Giovanni Vigna
  Proceedings of the ECOOP Workshop on Mobile Object Systems
  Linz, Austria July 1996
  [ PDF, Bib ]
• Inspect: A Distributed Approach To Automated Audit Trail Analysis
  Giovanni Vigna
  Technical Report
  Politecnico di Milano June 1995
  [ PDF, Bib ]
• Archetype: Addressing Configuration Issues in Software Architectures
  Sergio Bandinelli, Antonio Carzaniga, Giovanni Vigna
  Proceedings of the ICSE International Workshop on Architectures for Software Systems
  Seattle, WA April 1995
  [ PDF, Bib ]
• Designing and Implementing Inter-Client Communication in the O2 Database Management System
  Antonio Carzaniga, Gian Picco, Giovanni Vigna
  Proceedings of the International Symposium on Object-Oriented Methodologies and Systems (ISOOMS)
  Palermo, Italy September 1994
  [ PDF, Bib ]
• The Design and Implementation of SPADE-1 2.0
  Antonio Carzaniga, Giovanni Vigna
  Politecnico di Milano
  Master's Thesis July 1994
  [ PDF, Bib ]