Publications‎ > ‎

International Conference Publications


Back To The Basics: Security of Software Downloads for Smart Objects

posted Oct 8, 2018, 3:03 AM by Eric Medvet   [ updated Oct 8, 2018, 3:03 AM ]

  • 4th EAI International Conference on Smart Objects and Technologies for Social Good (GOODTECHS), 2018, Bologna (Italy), to appear
  • Alberto Bartoli, Eric Medvet, Andrea De Lorenzo, Fabiano Tarlao
Smart objects will soon pervade our homes, cities, factories, plants, and hospitals and this fact will introduce widespread important risks for the society as a whole, due to unavoidable security vulnerabilities of those objects. The problem of updating the software of smart objects in order to fix vulnerabilities will thus become of crucial importance. In this work we investigate the security of current software download environments for smart objects. This investigation allows gaining important insights into the security awareness of organizations that distribute software across the web and, more broadly, on their readiness to take control of our everyday life.

Personalized, Browser-based Visual Phishing Detection Based on Deep Learning

posted Sep 5, 2018, 3:48 AM by Eric Medvet   [ updated Sep 5, 2018, 4:18 AM ]

  • 13th International Conference on Risks and Security of Internet and Systems (CRiSIS), 2018, Arachon (France), to appear
  • Alberto Bartoli, Andrea De Lorenzo, Eric Medvet, Fabiano Tarlao
Phishing defense mechanisms that are close to browsers and that do not rely on any forms of website reputation may be a powerful tool for combating phishing campaigns that are increasingly more targeted and last for increasingly shorter life spans. Browser-based phishing detectors that are specialized for a user-selected set of targeted web sites and that are based only on the overall visual appearance of a target could be a very effective tool in this respect. Approaches of this kind have not been very successful for several reasons, including the difficulty of coping with the large set of genuine pages encountered in normal browser usage without flooding the user with false positives. In this work we intend to investigate whether then the power of modern deep learning methodologies for image classification may enable solutions that are more practical and effective. Our experimental assessment of a convolutional neural network resulted in very high classification accuracy for targeted sets of 15 websites (the largest size that we analyzed) even when immersed in a set of login pages taken from 100 websites.

Observing the Population Dynamics in GE by means of the Intrinsic Dimension

posted Jul 4, 2018, 9:15 AM by Eric Medvet   [ updated Jul 4, 2018, 9:16 AM ]

  • Evolutionary Machine Learning workshop at International Conference on Parallel Problem Solving from Nature (EML@PPSN), 2018, Coimbra (Portugal), to appear
  • Eric Medvet, Alberto Bartoli, Alessio Ansuini, Fabiano Tarlao
We explore the use of Intrinsic Dimension (ID) for gaining insights in how populations evolve in Evolutionary Algorithms. ID measures the minimum number of dimensions needed to accurately describe a dataset and its estimators are being used more and more in Machine Learning to cope with large datasets. We postulate that ID can provide information about population which is complimentary w.r.t. what (a simple measure of) diversity tells. We experimented with the application of ID to populations evolved with a recent variant of Grammatical Evolution. The preliminary results suggest that diversity and ID constitute two different points of view on the population dynamics.

Detection of Obfuscation Techniques in Android Applications

posted Jun 11, 2018, 1:17 AM by Eric Medvet   [ updated Sep 11, 2018, 12:11 AM ]

Current signature detection mechanisms can be easily evaded by malware writers by applying obfuscation techniques. Employing morphing code techniques, attackers are able to generate several variants of one malicious sample, making the corresponding signature obsolete. Considering that the signature definition is a laborious process manually performed by security analysts, in this paper we propose a method, exploiting static analysis and Machine Learning classification algorithms, to identify whether a mobile application is modified by means of one or more morphing techniques. We perform experiments on a real-world dataset of Android applications (morphed and original), obtaining encouraging results in the obfuscation technique(s) identification.

(In)Secure Configuration Practices of WPA2 Enterprise Supplicants

posted Jun 11, 2018, 1:12 AM by Eric Medvet   [ updated Sep 11, 2018, 12:11 AM ]

WPA2 Enterprise is a fundamental technology for secure communication in enterprise wireless networks. A key requirement of this technology is that WiFi-enabled devices (i.e., supplicants) be correctly configured before connecting to the enterprise wireless network. Supplicants that are not configured correctly may fall prey of attacks aimed at stealing the network credentials very easily. Such credentials have an enormous value because they usually unlock access to all enterprise services.
In this work we investigate whether users and technicians are aware of these important and widespread risks. We conducted two extensive analyses: a survey among approximately 1000 users about how they configured their WiFi devices for enterprise network access; and, a review of approximately 310 network configuration guides made available by enterprise network administrators. The results provide strong indications that the key requirement of WPA2 Enterprise is violated systematically and thus can no longer be considered realistic.

GOMGE: Gene-pool Optimal Mixing on Grammatical Evolution

posted May 15, 2018, 5:41 AM by Eric Medvet   [ updated Sep 10, 2018, 7:31 AM ]

Gene-pool Optimal Mixing Evolutionary Algorithm (GOMEA) is a recent Evolutionary Algorithm (EA) in which the interactions among parts of the solution (i.e., the linkage) are learned and exploited in a novel variation operator. We present GOMGE, the extension of GOMEA to Grammatical Evolution (GE), a popular EA based on an indirect representation which may be applied to any problem whose solutions can be described using a context-free grammar (CFG). GE is a general approach that does not require the user to tune the internals of the EA to fit the problem at hand: there is hence the opportunity for benefiting from the potential of GOMEA to automatically learn and exploit the linkage. We apply the proposed approach to three variants of GE differing in the representation (original GE, SGE, and WHGE) and incorporate in GOMGE two specific improvements aimed at coping with the high degeneracy of those representations. We experimentally assess GOMGE and show that, when coupled with WHGE and SGE, it is clearly beneficial to both effectiveness and efficiency, whereas it delivers mixed results with the original GE.

Selfish vs. Global Behavior Promotion in Car Controller Evolution

posted Apr 12, 2018, 1:46 AM by Eric Medvet   [ updated Jul 9, 2018, 4:50 AM ]

We consider collective tasks to be solved by simple agents synthesized automatically by means of neuroevolution. We investigate whether driving neuroevolution by promoting a form of selfish behavior, i.e., by optimizing a fitness index that synthesizes the behavior of each agent independent of any other agent, may also result in optimizing global, system-wide properties. We focus  on a specific and challenging task, i.e., evolutionary synthesis of agent as car controller for a road traffic scenario. Based on an extensive simulation-based analysis, our results indicate that even by optimizing the behavior of each single agent, the resulting system-wide performance is comparable to the performance resulting from optimizing the behavior of the system as a whole. Furthermore, agents evolved with a fitness promoting selfish behavior appear to lead to a system that is globally more robust with respect to the presence of unskilled agents.

Exploring the Application of GOMEA to Bit-string GE

posted Apr 12, 2018, 12:10 AM by Eric Medvet   [ updated Jul 9, 2018, 4:46 AM ]

We explore the application of GOMEA, a recent method for discovering and exploiting the model for a problem in the form of linkage, to Grammatical Evolution (GE). GE employs an indirect representation based on familiar bit-string genotypes and is applicable to any problem where the solutions may be described using a context-free grammar, which hence greatly favors its wide adoption. Being general purpose, the representation of GE raises the opportunity for benefiting from the potential of GOMEA to automatically discover and exploit the linkage. We analyze experimentally the application of GOMEA to two bit-string-based variants of GE representation (the original representation and the recent WHGE) and show that GOMEA is clearly beneficial when coupled to WHGE, whereas it delivers no significant advantages when coupled with GE.

On the Automatic Design of a Representation for Grammar-based Genetic Programming

posted Dec 27, 2017, 3:31 AM by Eric Medvet   [ updated Apr 12, 2018, 12:08 AM ]

A long-standing problem in Evolutionary Computation consists in how to choose an appropriate representation for the solutions. In this work we investigate the feasibility of synthesizing a representation automatically, for the large class of problems whose solution spaces can be defined by a context-free grammar. We propose a framework based on a form of meta-evolution in which individuals are candidate representations expressed with an ad hoc language that we have developed to this purpose. Individuals compete and evolve according to an evolutionary search aimed at optimizing such representation properties as redundancy, locality, uniformity of redundancy.
We assessed experimentally three variants of our framework on established benchmark problems and compared the resulting representations to human-designed representations commonly used (e.g., classical Grammatical Evolution). The results are promising in the sense that the evolved representations indeed exhibit better properties than the human-designed ones. Furthermore, while those improved properties do not result in a systematic improvement of search effectiveness, some of the evolved representations do improve search effectiveness over the human-designed baseline.

Impact of Code Obfuscation on Android Malware Detection based on Static and Dynamic Analysis

posted Nov 22, 2017, 8:43 AM by Eric Medvet   [ updated Feb 9, 2018, 6:21 AM ]

The huge diffusion of malware in mobile platform is plaguing users. New malware proliferates at a very fast pace: as a matter of fact, to evade the signature-based mechanism implemented in current antimalware, the application of trivial obfuscation techniques to existing malware is sufficient. In this paper, we show how the application of several morphing techniques affects the effectiveness of two widespread malware detection approaches based on Machine Learning coupled respectively with static and dynamic analysis. We demonstrate experimentally that dynamic analysis-based detection performs equally well in evaluating obfuscated and non-obfuscated malware. On the other hand, static analysis-based detection is more accurate on non-obfuscated samples but is greatly negatively affected by obfuscation: however, we also show that this effect can be mitigated by using obfuscated samples also in the learning phase.

1-10 of 69