Publications | Federico Maggi

Federico Maggi, Andrea Guglielmini (2021). RFQuack: A Universal Hardware-Software Toolkit for Wireless Protocol (Security) Analysis and Research.

PDF

Federico Maggi, Marco Balduzzi, Rainer Vosseler, Martin Rösler, Walter Quadrini, Giacomo Tavola, Marcello Pogliani, Davide Quarta, Stefano Zanero (2020). Smart Factory Security: A Case Study on a Modular SmartManufacturing System. International Conference on Industry 4.0 and Smart Manufacturing.

PDF

Marcello Pogliani, Federico Maggi, Marco Balduzzi, Davide Quarta, Stefano Zanero (2020). Detecting Unsafe Code Patterns in Industrial Robot Programs. Proceedings of the 2020 on Asia Conference on Computer and Communications Security.

PDF

Federico Maggi, Marcello Pogliani, Martino, Vittone, Davide Quarta, Stefano Zanero, Marco Balduzzi, Rainer Vosseler, Martin Rösler (2020). Rogue Automation: Vulnerable and Malicious Code in Industrial Programming. Trend Micro Research.

PDF

Federico Maggi, Marcello Pogliani (2020). Attacks on Smart Manufactururing Systems: A Forward-looking Security Analysis. Trend Micro Research.

PDF

Stephen Hilt, Federico Maggi, Charles Perine, Lord Remorin, Martin Rösler, Rainer Vosseler (2020). Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats. Trend Micro Research.

PDF

Federico Maggi, Marco Balduzzi, Jonathan Andersson, Philippe Lin, Stephen Hilt, Akira Urano, Rainer Vosseler (2019). A Security Evaluation of Industrial Radio Remote Controllers. Proceedings of the 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA).

PDF

Marcello Pogliani, Davide Quarta, Mario Polino, Martino Vittone, Federico Maggi, Stefano Zanero (2019). Security of controlled manufacturing systems in the connected factory: the case of industrial robots. Journal of Computer Virology and Hacking Techniques.

PDF

Jonathan Andersson, Marco Balduzzi, Stephen Hilt, Philippe Lin, Federico Maggi, Akira Urano, Rainer Vosseler (2019). A Security Analysis of Radio Remote Controllers for Industrial Applications. Trend Micro Research.

PDF

Federico Maggi, Rainer Vosseler, Davide Quarta (2018). The Fragility of Industrial IoT's Data Backbone: Security and Privacy Issues in MQTT and CoAP Protocols. Trend Micro Research.

PDF

Federico Maggi, Marco Balduzzi, Ryan Flores, Lion Gu, Vincenzo Ciancaglini (2018). Investigating Web Defacement Campaigns at Large. Proceedings of the 2018 on Asia Conference on Computer and Communications Security.

PDF

Marco Balduzzi, Ryan Flores, Lion Gu, Federico Maggi, Vincenzo Ciancaglini, Roel Reyes, Akira Urano (2018). A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks. TrendLabs.

PDF

Apostolis Zarras, Federico Maggi (2017). Hiding Behind the Shoulders of Giants: Abusing Crawlers for Indirect Web Attacks. Proceedings of the 15th Annual International Conference on Privacy, Security and Trust (PST).

PDF

Bhargava Shastry, Federico Maggi, Fabian Yamaguchi, Konrad Rieck, Jean-Pierre Seifert (2017). Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing. 11th USENIX Workshop on Offensive Technologies USENIX Workshop on Offensive Technologies (WOOT 17).

PDF

Tommi Unruh, Bhargava Shastry, Malte Skoruppa, Federico Maggi, Konrad Rieck, Jean-Pierre Seifert, Fabian Yamaguchi (2017). Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery. Proceedings of the 11th USENIX Workshop on Offensive Technologies (WOOT 17).

PDF

Federico Maggi (2017). A Vulnerability in Modern Automotive Standards and How We Exploited It. TrendLabs Security Intelligence Blog.

PDF

Andrea Palanca, Eric Evenchick, Federico Maggi, Stefano Zanero (2017). A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks. Proceedings of the 14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA).

PDF

Andrea Continella, Michele Carminati, Mario Polino, Andrea Lanzi, Stefano Zanero, Federico Maggi (2017). Prometheus: Analyzing WebInject-based information stealers. Journal of Computer Security.

Federico Maggi, Davide Quarta, Marcello Pogliani, Mario Polino, Andrea M. Zanchettin, Stefano Zanero (2017). Rogue Robots: Testing the Limits of an Industrial Robot’s Security. TrendLabs.

PDF

Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea Maria Zanchettin, Stefano Zanero (2017). An Experimental Security Analysis of an Industrial Robot Controller. Proceedings of the 38th IEEE Symposium on Security and Privacy.

PDF Video

Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico Maggi, Christopher Kruegel, Giovanni Vigna (2017). On the Privacy and Security of the Ultrasound Ecosystem. Proceedings of the 17th Privacy Enhancing Technologies Symposium.

PDF

Andrea Continella, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, Federico Maggi (2016). ShieldFS: A Self-healing, Ransomware-aware Filesystem. Proceedings of the 32nd Annual Computer Security Applications Conference.

PDF

Chenghyu Zheng, Nicola Della Rocca, Niccolò Andronio, Stefano Zanero, Maggi Federico (2016). GreatEatlon: Fast, Static Detection of Mobile Ransomware.

PDF

Chenghyu Zheng, Mila Dalla Preda, Jorge Granjal, Stefano Zanero, Federico Maggi (2016). On-Chip System Call Tracing: A Feasibility Study and Open Prototype. IEEE Conference on Communications and Network Security (CNS).

PDF

Mila Dalla Preda, Federico Maggi (2016). Testing android malware detectors against code obfuscation: a systematization of knowledge and unified methodology. Journal of Computer Virology and Hacking Techniques.

PDF

Andrea Mambretti, Kaan Onarlioglu, Collin Mulliner, William Robertson, Engin Kirda, Federico Maggi, Stefano Zanero (2016). Trellis: Privilege Separation for Multi-User Applications Made Easy. International Symposium on Research in Attacks, Intrusions and Defenses (RAID).

PDF

Alberto Coletta, Victor Van der Veen, Federico Maggi (2016). DroydSeuss: A Mobile Banking Trojan Tracker - Short Paper. Financial Cryptography and Data Security.

PDF

Luca Falsina, Yanick Fratantonio, Stefano Zanero, Christopher Kruegel, Giovanni Vigna, Federico Maggi (2015). Grab 'n Run: Secure and Practical Dynamic Code Loading for Android Applications. Proceedings of the 31st Annual Computer Security Applications Conference.

PDF

Andrea Valdi, Eros Lever, Simone Benefico, Davide Quarta, Stefano Zanero, Federico Maggi (2015). Scalable Testing of Mobile Antivirus Applications. Computer.

PDF

Niccolò Andronio, Stefano Zanero, Federico Maggi (2015). HelDroid: Dissecting and Detecting Mobile Ransomware. International Symposium on Research in Attacks, Intrusions and Defenses (RAID).

PDF

Panagiotis Ilia, Iasonas Polakis, Elias Athanasopoulos, Federico Maggi, Sotiris Ioannidis (2015). Face/Off: Preventing Privacy Leakage From Photos in Social Networks. Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security.

PDF

Mario Polino, Andrea Scorti, Federico Maggi, Stefano Zanero (2015). Jackdaw: Towards Automatic Reverse Engineering of Large Datasets of Binaries. Detection of Intrusions and Malware, and Vulnerability Assessment.

PDF

Michele Carminati, Roberto Caron, Federico Maggi, Ilenia Epifani, Stefano Zanero (2015). BankSealer: A decision support system for online banking fraud analysis and investigation. Computers & Security.

PDF

Federico Maggi, Stefano Zanero, Evangelos Markatos (2015). European Cyber-Security Research and Innovation.

PDF

Iasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, Angelos D. Keromytis (2014). Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security.

PDF

Enrico Bazzoli, Claudio Criscione, Federico Maggi, Stefano Zanero (2014). XSS Peeker: A Systematic Analysis of Cross-site Scripting Vulnerability Scanners.

PDF

Iasonas Polakis, Federico Maggi, Stefano Zanero, Angelos D. Keromytis (2014). Security and Privacy Measurements on Social Networks: Experiences and Lessons Learned. 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS).

PDF

Alessio Antonini, Federico Maggi, Stefano Zanero (2014). A Practical Attack Against a KNX-based Building Automation System. Proceedings of the 2Nd International Symposium on ICS & SCADA Cyber Security Research 2014.

PDF

Claudio Criscione, Fabio Bosatelli, Stefano Zanero, Federico Maggi (2014). Zarathustra: Extracting WebInject Signatures from Banking Trojans. Proceedings of the Twelfth Annual International Conference on Privacy, Security and Trust (PST).

PDF

Stefano Schiavoni, Federico Maggi, Lorenzo Cavallaro, Stefano Zanero (2014). Phoenix: DGA-Based Botnet Tracking and Intelligence. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA).

PDF

Martina Lindorfer, Stamatis Volanis, Alessandro Sisto, Matthias Neugschwandtner, Elias Athanasopoulos, Federico Maggi, Christian Platzer, Stefano Zanero, Sotiris Ioannidis (2014). AndRadar: Fast Discovery of Android Applications in Alternative Markets. Detection of Intrusions and Malware, and Vulnerability Assessment.

PDF

Michele Carminati, Roberto Caron, Federico Maggi, Ilenia Epifani, Stefano Zanero (2014). BankSealer: An Online Banking Fraud Analysis and Decision Support System. ICT Systems Security and Privacy Protection.

PDF

Nick Nikiforakis, Federico Maggi, Gianluca Stringhini, M. Zubair Rafique, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna, Stefano Zanero (2014). Stranger Danger: Exploring the Ecosystem of Ad-based URL Shortening Services. Proceedings of the 23rd International Conference on World Wide Web.

PDF

Michele Spagnuolo, Federico Maggi, Stefano Zanero (2014). BitIodine: Extracting Intelligence from the Bitcoin Network. Financial Cryptography and Data Security.

PDF

Andrea Gianazza, Federico Maggi, Aristide Fattori, Lorenzo Cavallaro, Stefano Zanero (2014). PuppetDroid: A User-Centric UI Exerciser for Automatic Dynamic Analysis of Similar Android Applications.

PDF

Gabriele Bonetti, Marco Viglione, Alessandro Frossi, Federico Maggi, Stefano Zanero (2013). A Comprehensive Black-box Methodology for Testing the Forensic Characteristics of Solid-state Drives. Proceedings of the 29th Annual Computer Security Applications Conference.

PDF

Stefano Schiavoni, Federico Maggi, Lorenzo Cavallaro, Stefano Zanero (2013). Tracking and Characterizing Botnets Using Automatically Generated Domains.

PDF

Federico Maggi, Andrea Valdi, Stefano Zanero (2013). AndroTotal: A Flexible, Scalable Toolbox and Service for Testing Mobile Malware Detectors. Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices.

PDF

Alessandro Nacci, Francesco Trovò, Federico Maggi, Matteo Ferroni, Andrea Cazzola, Donatella Sciuto, Marco Santambrogio (2013). Adaptive and Flexible Smartphone Power Modeling. Mobile Networks and Applications.

PDF

Andrea Dardanelli, Federico Maggi, Mara Tanelli, Stefano Zanero, Sergio M Savaresi, Roman Kochanek, Thorsten Holz (2013). A Security Layer for Smartphone-to-Vehicle Communication over Bluetooth. Embedded Systems Letters.

PDF

Federico Maggi, Alessandro Frossi, Stefano Zanero, Gianluca Stringhini, Brett Stone-Gross, Christopher Kruegel, Giovanni Vigna (2013). Two years of short URLs internet measurement: security threats and countermeasures. Proceedings of the 22nd international conference on World Wide Web (WWW).

PDF

Martina Lindorfer, Alessandro Di Federico, Federico Maggi, Paolo Milani Comparetti, Stefano Zanero (2012). Lines of Malicious Code: Insights Into the Malicious Software Industry. Proceedings of the Annual Computer Security Applications Conference (ACSAC).

PDF

Jason Polakis, Marco Lancini, Georgios Kontaxis, Federico Maggi, Sotiris Ioannidis, Angelos Keromytis, Stefano Zanero (2012). All Your Face Are Belong to Us: Breaking Facebook's Social Authentication. Proceedings of the Annual Computer Security Applications Conference (ACSAC).

PDF

Roman Kochanek, Andrea Dardanelli, Federico Maggi, Stefano Zanero, Mara Tanelli, Sergio Savaresi, Thorsten Holz (2012). Secure Integration of Mobile Devices for Automotive Services.

PDF

Federico Maggi, Stefano Zanero (2012). Integrated Detection of Anomalous Behavior of Computer Infrastructures. Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS).

PDF

Federico Maggi, Andrea Bellini, Guido Salvaneschi, Stefano Zanero (2011). Finding Non-trivial Malware Naming Inconsistencies. Proceedings of the 7th International Conference on Information Systems Security (ICISS).

PDF

Federico Maggi, Alberto Volpatto, Simone Gasparini, Giacomo Boracchi, Stefano Zanero (2011). A Fast Eavesdropping Attack Against Touchscreens. Proceedings of the 7th International Conference on Information Assurance and Security (IAS).

PDF

Federico Maggi, Alberto Volpatto, Simone Gasparini, Giacomo Boracchi, Stefano Zanero (2011). POSTER: Fast, Automatic iPhone Shoulder Surfing. Proceedings of the 18th Conference on Computer and Communication Security (CCS).

PDF

Federico Maggi, Stefano Zanero (2011). System Security research at Politecnico di Milano. Proceedings of the 1st SysSec Workshop (SysSec).

PDF

Francesco Roveta, Luca Di Mario, Federico Maggi, Giorgio Caviglia, Stefano Zanero, Paolo Ciuccarelli (2011). BURN: Baring Unknown Rogue Networks. Proceedings of the 8th International Symposium on Visualization for Cyber Security (VizSec).

PDF

Federico Maggi, Stefano Zanero (2011). Is the future Web more insecure? Distractions and solutions of new-old security issues and measures. Proceedings of the Worldwide Cybersecurity Summit.

PDF

Federico Maggi, Alessandro Sisto, Stefano Zanero (2011). A social-engineering-centric data collection initiative to study phishing. Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS).

PDF

Alberto Volpatto, Federico Maggi, Stefano Zanero (2010). Effective Multimodel Anomaly Detection Using Cooperative Negotiation. Proceedings of the Decision and Game Theory for Security (GameSec).

PDF

Federico Maggi, Stefano Zanero (2010). Rethinking security in a cloudy world.

PDF

Federico Maggi, Alberto Volpatto, Simone Gasparini, Giacomo Boracchi, Stefano Zanero (2010). Don't touch a word! A practical input eavesdropping attack against mobile touchscreen devices.

PDF

Federico Maggi (2010). Are the Con Artists Back? A Preliminary Analysis of Modern Phone Frauds. Proceedings of the International Conference on Computer and Information Technology (CIT).

PDF

Federico Maggi (2010). A Recognizer of Rational Trace Languages. Proceedings of the International Conference on Computer and Information Technology (CIT).

PDF

William Robertson, Federico Maggi, Christopher Kruegel, Giovanni Vigna (2010). Effective Anomaly Detection with Scarce Training Data. Proceedings of the Network and Distributed System Security Symposium (NDSS).

PDF

Federico Maggi (2010). Integrated Detection of Anomalous Behavior of Computer Infrastructures.

PDF

Claudio Criscione, Federico Maggi, Guido Salvaneschi, Stefano Zanero (2009). Integrated Detection of Attacks Against Browsers, Web Applications and Databases. Proceedings of the European Conference on Network Defense (EC2ND).

PDF

Federico Maggi, Matteo Matteucci, Stefano Zanero (2009). Reducing false positives in anomaly detectors through fuzzy alert aggregation. Information Fusion.

PDF

Federico Maggi, William Robertson, Christopher Kruegel, Giovanni Vigna (2009). Protecting a Moving Target: Addressing Web Application Concept Drift. Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID).

PDF

Alessandro Frossi, Federico Maggi, Gian Luigi Rizzo, Stefano Zanero (2009). Selecting and Improving System Call Models for Anomaly Detection. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA).

PDF

Federico Maggi, Matteo Matteucci, Stefano Zanero (2008). Detecting Intrusions through System Call Sequence and Argument Analysis. IEEE Transactions on Dependable and Secure Computing (TODS).

PDF

Federico Maggi (2008). Specification and Evaluation of an Efficient Recognizer for Rational Trace Languages.

PDF

Federico Maggi, Stefano Zanero, Vincenzo Iozzo (2008). Seeing the invisible: forensic uses of anomaly detection and machine learning. Operating Systems Review of the ACM Special Interest Group on Operating Systems (SIGOPS).

PDF

Federico Maggi (2008). A Survey of Probabilistic Record Matching Models, Techniques and Tools.

PDF

Federico Maggi, Stefano Zanero (2007). On the Use of Different Statistical Tests for Alert Correlation - Short Paper. Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID).

PDF