Federico Maggi

You can download the database of my publications as a BibTeX file, or clone the repository containing the PDFs as well.

Conference Papers

Download papers.bib

An Experimental Security Analysis of an Industrial Robot ControllerDavide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea Maria Zanchettin, and Stefano Zanero. In Proceedings of the 38th IEEE symposium on security and privacy. S&P ’17. San Jose, CA: ACM. (May 2017) [PDF]

ShieldFS: A Self-Healing, Ransomware-Aware FilesystemAndrea Continella, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, and Federico Maggi. In Proceedings of the 32nd Annual Computer Security Applications Conference. ACSAC ’16. Los Angeles, USA: ACM. (December 2016) [PDF]

On-Chip System Call Tracing: A Feasibility Study and Open PrototypeChenghyu Zheng, Mila Dalla Preda, Jorge Granjal, Stefano Zanero, and Federico Maggi. In IEEE Conference on Communications and Network Security (CNS). Philadelphia, US. (October 2016) [PDF]

Trellis: Privilege Separation for Multi-User Applications Made EasyAndrea Mambretti, Kaan Onarlioglu, Collin Mulliner, William Robertson, Engin Kirda, Federico Maggi, and Stefano Zanero. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID). Paris, France. (September 2016) [PDF]

DroydSeuss: A Mobile Banking Trojan Tracker - Short PaperAlberto Coletta, Victor Van der Veen, and Federico Maggi. In Financial Cryptography and Data Security. Lecture notes in computer science (lncs). Springer Berlin Heidelberg. (February 2016) [PDF]

Grab ’N Run: Secure and Practical Dynamic Code Loading for Android ApplicationsLuca Falsina, Yanick Fratantonio, Stefano Zanero, Christopher Kruegel, Giovanni Vigna, and Federico Maggi. In Proceedings of the 31st Annual Computer Security Applications Conference. ACSAC ’15. Los Angeles, USA: ACM, 201–210. DOI: http://dx.doi.org/10.1145/2818000.2818042 (December 2015) [PDF]

HelDroid: Dissecting and Detecting Mobile RansomwareNiccolò Andronio, Stefano Zanero, and Federico Maggi. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID). Lecture notes in computer science. Kyoto, Japan, 382–404. DOI: http://dx.doi.org/10.1007/978-3-319-26362-5_18 (October 2015) [PDF]

Jackdaw: Towards Automatic Reverse Engineering of Large Datasets of BinariesMario Polino, Andrea Scorti, Federico Maggi, and Stefano Zanero. In Magnus Almgren, Vincenzo Gulisano, & Federico Maggi, eds. Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture notes in computer science. Springer International Publishing, 121–143. DOI: http://dx.doi.org/10.1007/978-3-319-20550-2_7 (July 9, 2015) - Link: http://link.springer.com/chapter/10.1007/978-3-319-20550-2_7 [PDF]

Face/Off: Preventing Privacy Leakage From Photos in Social NetworksPanagiotis Ilia, Iasonas Polakis, Elias Athanasopoulos, Federico Maggi, and Sotiris Ioannidis. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security. CCS ’15. New York, NY, USA: ACM, 781–792. DOI: http://dx.doi.org/10.1145/2810103.2813603 (October 2015) - Link: http://doi.acm.org/10.1145/2810103.2813603 [PDF]

Faces in the Distorting Mirror: Revisiting Photo-Based Social AuthenticationIasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, and Angelos D. Keromytis. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. CCS ’14. New York, NY, USA: ACM, 501–512. DOI: http://dx.doi.org/10.1145/2660267.2660317 (November 2014) - Link: http://doi.acm.org/10.1145/2660267.2660317 [PDF]

A Practical Attack Against a KNX-Based Building Automation SystemAlessio Antonini, Federico Maggi, and Stefano Zanero. In Proceedings of the 2Nd International Symposium on ICS & SCADA Cyber Security Research 2014. ICS-csr 2014. UK: BCS, 53–60. DOI: http://dx.doi.org/10.14236/ewic/ics-csr2014.7 (September 2014) - Link: http://dx.doi.org/10.14236/ewic/ics-csr2014.7 [PDF]

Zarathustra: Extracting WebInject Signatures from Banking TrojansClaudio Criscione, Fabio Bosatelli, Stefano Zanero, and Federico Maggi. In Proceedings of the Twelfth Annual International Conference on Privacy, Security and Trust (PST). Toronto, Canada: IEEE Computer Society, 139–148. DOI: http://dx.doi.org/10.1109/PST.2014.6890933 (July 2014) [PDF]

AndRadar: Fast Discovery of Android Applications in Alternative MarketsMartina Lindorfer, Stamatis Volanis, Alessandro Sisto, Matthias Neugschwandtner, Elias Athanasopoulos, Federico Maggi, Christian Platzer, Stefano Zanero, and Sotiris Ioannidis. In Sven Dietrich, ed. Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture notes in computer science. Springer International Publishing, 51–71. DOI: http://dx.doi.org/10.1007/978-3-319-08509-8_4 (July 2014) - Link: http://link.springer.com/chapter/10.1007/978-3-319-08509-8_4 [PDF]

Phoenix: DGA-Based Botnet Tracking and IntelligenceStefano Schiavoni, Federico Maggi, Lorenzo Cavallaro, and Stefano Zanero. In Sven Dietrich, ed. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Lecture notes in computer science. Springer International Publishing, 192–211. DOI: http://dx.doi.org/10.1007/978-3-319-08509-8_11 (July 2014) - Link: http://link.springer.com/chapter/10.1007/978-3-319-08509-8_11 [PDF]

BankSealer: An Online Banking Fraud Analysis and Decision Support SystemMichele Carminati, Roberto Caron, Federico Maggi, Ilenia Epifani, and Stefano Zanero. In Nora Cuppens-Boulahia, Frédéric Cuppens, Sushil Jajodia, Anas Abou El Kalam, & Thierry Sans, eds. ICT Systems Security and Privacy Protection. IFIP advances in information and communication technology. Springer Berlin Heidelberg, 380–394. DOI: http://dx.doi.org/10.1007/978-3-642-55415-5_32 (June 2, 2014) - Link: http://link.springer.com/chapter/10.1007/978-3-642-55415-5_32 [PDF]

Stranger Danger: Exploring the Ecosystem of Ad-Based URL Shortening ServicesNick Nikiforakis, Federico Maggi, Gianluca Stringhini, M. Zubair Rafique, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna, and Stefano Zanero. In Proceedings of the 23rd International Conference on World Wide Web. WWW ’14. Seoul, Korea: International World Wide Web Conferences Steering Committee, 51–62. DOI: http://dx.doi.org/10.1145/2566486.2567983 (April 2014) - Link: http://dx.doi.org/10.1145/2566486.2567983 [PDF]

BitIodine: Extracting Intelligence from the Bitcoin NetworkMichele Spagnuolo, Federico Maggi, and Stefano Zanero. In Financial Cryptography and Data Security. Lecture notes in computer science (lncs). Barbados: Springer Berlin Heidelberg, 457–468. DOI: http://dx.doi.org/10.1007/978-3-662-45472-5_29 (March 3, 2014) [PDF]

A Comprehensive Black-Box Methodology for Testing the Forensic Characteristics of Solid-State DrivesGabriele Bonetti, Marco Viglione, Alessandro Frossi, Federico Maggi, and Stefano Zanero. In Proceedings of the 29th Annual Computer Security Applications Conference. ACSAC ’13. New York, NY, USA: ACM, 269–278. DOI: http://dx.doi.org/10.1145/2523649.2523660 (December 2013) - Link: http://doi.acm.org/10.1145/2523649.2523660 [PDF]

Two Years of Short URLs Internet Measurement: Security Threats and CountermeasuresFederico Maggi, Alessandro Frossi, Stefano Zanero, Gianluca Stringhini, Brett Stone-Gross, Christopher Kruegel, and Giovanni Vigna. In Proceedings of the 22nd international conference on World Wide Web (WWW). Republic and Canton of Geneva, Switzerland: International World Wide Web Conferences Steering Committee, 861–872. (May 2013) [PDF]

Lines of Malicious Code: Insights Into the Malicious Software IndustryMartina Lindorfer, Alessandro Di Federico, Federico Maggi, Paolo Milani Comparetti, and Stefano Zanero. In Proceedings of the Annual Computer Security Applications Conference (ACSAC). New York, NY, USA: ACM, 349–358. DOI: http://dx.doi.org/10.1145/2420950.2421001 (December 3, 2012) [PDF]

All Your Face Are Belong to Us: Breaking Facebook’s Social AuthenticationJason Polakis, Marco Lancini, Georgios Kontaxis, Federico Maggi, Sotiris Ioannidis, Angelos Keromytis, and Stefano Zanero. In Proceedings of the Annual Computer Security Applications Conference (ACSAC). New York, NY, USA: ACM, 399–408. DOI: http://dx.doi.org/10.1145/2420950.2421008 (December 3, 2012) [PDF]

Integrated Detection of Anomalous Behavior of Computer InfrastructuresFederico Maggi and Stefano Zanero. In Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS). IEEE, 866–871. DOI: http://dx.doi.org/10.1109/NOMS.2012.6212001 (April 16, 2012) [PDF]

Finding Non-Trivial Malware Naming InconsistenciesFederico Maggi, Andrea Bellini, Guido Salvaneschi, and Stefano Zanero. In Proceedings of the 7th International Conference on Information Systems Security (ICISS). Lecture notes in computer science. Springer-Verlag, 144–159. DOI: http://dx.doi.org/10.1007/978-3-642-25560-1_10 (December 15, 2011) [PDF]

A Fast Eavesdropping Attack Against TouchscreensFederico Maggi, Alberto Volpatto, Simone Gasparini, Giacomo Boracchi, and Stefano Zanero. In Proceedings of the 7th International Conference on Information Assurance and Security (IAS). 320–325. DOI: http://dx.doi.org/10.1109/ISIAS.2011.6122840 (December 5, 2011) [PDF]

POSTER: Fast, Automatic IPhone Shoulder SurfingFederico Maggi, Alberto Volpatto, Simone Gasparini, Giacomo Boracchi, and Stefano Zanero. In Proceedings of the 18th Conference on Computer and Communication Security (CCS). ACM. DOI: http://dx.doi.org/10.1145/2093476.2093498 (October 1, 2011) [PDF]

BURN: Baring Unknown Rogue NetworksFrancesco Roveta, Luca Di Mario, Federico Maggi, Giorgio Caviglia, Stefano Zanero, and Paolo Ciuccarelli. In Proceedings of the 8th International Symposium on Visualization for Cyber Security (VizSec). New York, NY, USA: ACM, 6:1–6:10. DOI: http://dx.doi.org/10.1145/2016904.2016910 (June 20, 2011) [PDF]

Is the Future Web More Insecure? Distractions and Solutions of New-Old Security Issues and MeasuresFederico Maggi and Stefano Zanero. In Proceedings of the Worldwide Cybersecurity Summit. EWI, 1–9. (June 1, 2011) [PDF]

Effective Multimodel Anomaly Detection Using Cooperative NegotiationAlberto Volpatto, Federico Maggi, and Stefano Zanero. In Proceedings of the Decision and Game Theory for Security (GameSec). Lecture notes in computer science. Springer Berlin/Heidelberg, 180–191. DOI: http://dx.doi.org/10.1007/978-3-642-17197-0_12 (November 22, 2010) [PDF]

Are the Con Artists Back? A Preliminary Analysis of Modern Phone FraudsFederico Maggi. In Proceedings of the International Conference on Computer and Information Technology (CIT). IEEE Computer Society, 824–831. DOI: http://dx.doi.org/10.1109/CIT.2010.156 (June 29, 2010) [PDF]

A Recognizer of Rational Trace LanguagesFederico Maggi. In Proceedings of the International Conference on Computer and Information Technology (CIT). IEEE Computer Society, 257–264. DOI: http://dx.doi.org/10.1109/CIT.2010.77 (June 2010) [PDF]

Effective Anomaly Detection with Scarce Training DataWilliam Robertson, Federico Maggi, Christopher Kruegel, and Giovanni Vigna. In Proceedings of the Network and Distributed System Security Symposium (NDSS). The Internet Society. DOI: http://dx.doi.org/10.1.1.183.3323 (March 1, 2010) [PDF]

Integrated Detection of Attacks Against Browsers, Web Applications and DatabasesClaudio Criscione, Federico Maggi, Guido Salvaneschi, and Stefano Zanero. In Proceedings of the European Conference on Network Defense (EC2ND). IEEE Computer Society. DOI: http://dx.doi.org/10.1109/EC2ND.2009.13 (November 9, 2009) [PDF]

Protecting a Moving Target: Addressing Web Application Concept DriftFederico Maggi, William Robertson, Christopher Kruegel, and Giovanni Vigna. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID). DOI: http://dx.doi.org/10.1007/978-3-642-04342-0_2 (September 23, 2009) [PDF]

Selecting and Improving System Call Models for Anomaly DetectionAlessandro Frossi, Federico Maggi, Gian Luigi Rizzo, and Stefano Zanero. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). DOI: http://dx.doi.org/10.1007/978-3-642-02918-9_13 (July 9, 2009) [PDF]

On the Use of Different Statistical Tests for Alert Correlation - Short PaperFederico Maggi and Stefano Zanero. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID). 167–177. DOI: http://dx.doi.org/10.1007/978-3-540-74320-0_9 (September 5, 2007) [PDF]

Workshop Papers

Download workshops.bib

Security and Privacy Measurements on Social Networks: Experiences and Lessons LearnedIasonas Polakis, Federico Maggi, Stefano Zanero, and Angelos D. Keromytis. In 2014 third international workshop on building analysis datasets and gathering experience returns for security (badgers). Wroclaw, Poland, 18–29. DOI: http://dx.doi.org/10.1109/BADGERS.2014.9 (September 2014) [PDF]

AndroTotal: A Flexible, Scalable Toolbox and Service for Testing Mobile Malware DetectorsFederico Maggi, Andrea Valdi, and Stefano Zanero. In Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices. SPSM ’13. New York, NY, USA: ACM, 49–54. DOI: http://dx.doi.org/10.1145/2516760.2516768 (October 2013) - Link: http://doi.acm.org/10.1145/2516760.2516768 [PDF]

System Security Research at Politecnico Di MilanoFederico Maggi and Stefano Zanero. In Proceedings of the 1st SysSec Workshop (SysSec). IEEE Computer Society. DOI: http://dx.doi.org/10.1109/SysSec.2011.30 (July 6, 2011) [PDF]

A Social-Engineering-Centric Data Collection Initiative to Study PhishingFederico Maggi, Alessandro Sisto, and Stefano Zanero. In Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). New York, NY, USA: ACM, 107–108. DOI: http://dx.doi.org/10.1145/1978672.1978687 (April 10, 2011) [PDF]

Journal Papers

journals.bib

Scalable Testing of Mobile Antivirus Applications
Andrea Valdi, Eros Lever, Simone Benefico, Davide Quarta, Stefano Zanero, and Federico Maggi. Computer 48, 11. (November 2015) [PDF]

BankSealer: A Decision Support System for Online Banking Fraud Analysis and Investigation
Michele Carminati, Roberto Caron, Federico Maggi, Ilenia Epifani, and Stefano Zanero. Computers & Security. (April 2015) - Link: http://www.sciencedirect.com/science/article/pii/S0167404815000437 [PDF]

Adaptive and Flexible Smartphone Power Modeling
Alessandro Nacci, Francesco Trovò, Federico Maggi, Matteo Ferroni, Andrea Cazzola, Donatella Sciuto, and Marco Santambrogio. Mobile Networks and Applications. (October 1, 2013) [PDF]

A Security Layer for Smartphone-to-Vehicle Communication over Bluetooth
Andrea Dardanelli, Federico Maggi, Mara Tanelli, Stefano Zanero, Sergio M. Savaresi, Roman Kochanek, and Thorsten Holz. Embedded Systems Letters 5, 3. (June 21, 2013) [PDF]

Reducing False Positives in Anomaly Detectors Through Fuzzy Alert Aggregation
Federico Maggi, Matteo Matteucci, and Stefano Zanero. Information Fusion 10, 4. (October 1, 2009) [PDF]

Detecting Intrusions Through System Call Sequence and Argument Analysis
Federico Maggi, Matteo Matteucci, and Stefano Zanero. IEEE Transactions on Dependable and Secure Computing (TODS) 7, 4. (November 17, 2008) [PDF]

Seeing the Invisible: Forensic Uses of Anomaly Detection and Machine Learning
Federico Maggi, Stefano Zanero, and Vincenzo Iozzo. Operating Systems Review of the ACM Special Interest Group on Operating Systems (SIGOPS) 42, 3. (April 1, 2008) [PDF]

Technical Reports

reports.bib

European Cyber-Security Research and Innovation Federico Maggi, Stefano Zanero, and Evangelos Markatos., (January 2015) - Link: http://ercim-news.ercim.eu/en100/r-i/european-cyber-security-research-and-innovation [PDF]

XSS Peeker: A Systematic Analysis of Cross-Site Scripting Vulnerability Scanners Enrico Bazzoli, Claudio Criscione, Federico Maggi, and Stefano Zanero., arXiv. (October 15, 2014) - Link: http://arxiv.org/abs/1410.4207 [PDF]

PuppetDroid: A User-Centric UI Exerciser for Automatic Dynamic Analysis of Similar Android Applications Andrea Gianazza, Federico Maggi, Aristide Fattori, Lorenzo Cavallaro, and Stefano Zanero., arXiv. (February 19, 2014) - Link: http://arxiv.org/abs/1402.4826 [PDF]

Tracking and Characterizing Botnets Using Automatically Generated Domains Stefano Schiavoni, Federico Maggi, Lorenzo Cavallaro, and Stefano Zanero., arXiv. (November 21, 2013) - Link: http://arxiv.org/abs/1311.5612 [PDF]

Secure Integration of Mobile Devices for Automotive Services Roman Kochanek, Andrea Dardanelli, Federico Maggi, Stefano Zanero, Mara Tanelli, Sergio Savaresi, and Thorsten Holz., Politecnico di Milano. (June 1, 2012) [PDF]

Rethinking Security in a Cloudy World Federico Maggi and Stefano Zanero., Politecnico di Milano. (November 11, 2010) [PDF]

Don’t Touch a Word! A Practical Input Eavesdropping Attack Against Mobile Touchscreen Devices Federico Maggi, Alberto Volpatto, Simone Gasparini, Giacomo Boracchi, and Stefano Zanero., Politecnico di Milano. (November 1, 2010) [PDF]

Specification and Evaluation of an Efficient Recognizer for Rational Trace Languages Federico Maggi., Politecnico di Milano. (June 1, 2008) [PDF]

A Survey of Probabilistic Record Matching Models, Techniques and Tools Federico Maggi., Politecnico di Milano. (April 1, 2008) [PDF]

Dissertations

dissertations.bib

Integrated Detection of Anomalous Behavior of Computer Infrastructures.
Federico Maggi. PhD thesis. Milano, Italy: Politecnico di Milano. ( 2010) - Link: https://github.com/phretor/cs-phd-dissertation-latex-template [PDF]