Publications

You can download the database of my publications as a BibTeX file, or clone the repository containing the PDFs as well.

Conference Papers

Download papers.bib

An Experimental Security Analysis of an Industrial Robot Controller
Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea Maria Zanchettin, and Stefano Zanero.
In Proceedings of the 38th IEEE symposium on security and privacy. S&P ’17. San Jose, CA: ACM. DOI: http://dx.doi.org/10.1109/SP.2017.20 (May 2017) [PDF]

ShieldFS: A Self-Healing, Ransomware-Aware Filesystem
Andrea Continella, Alessandro Guagnelli, Giovanni Zingaro, Giulio De Pasquale, Alessandro Barenghi, Stefano Zanero, and Federico Maggi.
In Proceedings of the 32nd Annual Computer Security Applications Conference. ACSAC ’16. Los Angeles, USA: ACM, 336–347. DOI: http://dx.doi.org/10.1145/2991079.2991110 (December 2016) [PDF]

On-Chip System Call Tracing: A Feasibility Study and Open Prototype
Chenghyu Zheng, Mila Dalla Preda, Jorge Granjal, Stefano Zanero, and Federico Maggi.
In IEEE Conference on Communications and Network Security (CNS). Philadelphia, US, 73–81. DOI: http://dx.doi.org/10.1109/CNS.2016.7860472 (October 2016) [PDF]

Trellis: Privilege Separation for Multi-User Applications Made Easy
Andrea Mambretti, Kaan Onarlioglu, Collin Mulliner, William Robertson, Engin Kirda, Federico Maggi, and Stefano Zanero.
In International Symposium on Research in Attacks, Intrusions and Defenses (RAID). Paris, France, 437–456. DOI: http://dx.doi.org/10.1007/978-3-319-45719-2_20 (September 2016) [PDF]

DroydSeuss: A Mobile Banking Trojan Tracker - Short Paper
Alberto Coletta, Victor Van der Veen, and Federico Maggi.
In Financial Cryptography and Data Security. Lecture notes in computer science (lncs). Springer Berlin Heidelberg. (February 2016) [PDF]

Grab ’N Run: Secure and Practical Dynamic Code Loading for Android Applications
Luca Falsina, Yanick Fratantonio, Stefano Zanero, Christopher Kruegel, Giovanni Vigna, and Federico Maggi.
In Proceedings of the 31st Annual Computer Security Applications Conference. ACSAC ’15. Los Angeles, USA: ACM, 201–210. DOI: http://dx.doi.org/10.1145/2818000.2818042 (December 2015) [PDF]

HelDroid: Dissecting and Detecting Mobile Ransomware
Niccolò Andronio, Stefano Zanero, and Federico Maggi.
In International Symposium on Research in Attacks, Intrusions and Defenses (RAID). Lecture notes in computer science. Kyoto, Japan, 382–404. DOI: http://dx.doi.org/10.1007/978-3-319-26362-5_18 (October 2015) [PDF]

Jackdaw: Towards Automatic Reverse Engineering of Large Datasets of Binaries
Mario Polino, Andrea Scorti, Federico Maggi, and Stefano Zanero.
In Magnus Almgren, Vincenzo Gulisano, & Federico Maggi, eds. Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture notes in computer science. Springer International Publishing, 121–143. DOI: http://dx.doi.org/10.1007/978-3-319-20550-2_7 (July 9, 2015) - Link: http://link.springer.com/chapter/10.1007/978-3-319-20550-2_7 [PDF]

Face/Off: Preventing Privacy Leakage From Photos in Social Networks
Panagiotis Ilia, Iasonas Polakis, Elias Athanasopoulos, Federico Maggi, and Sotiris Ioannidis.
In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security. CCS ’15. New York, NY, USA: ACM, 781–792. DOI: http://dx.doi.org/10.1145/2810103.2813603 (October 2015) - Link: http://doi.acm.org/10.1145/2810103.2813603 [PDF]

Faces in the Distorting Mirror: Revisiting Photo-Based Social Authentication
Iasonas Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, and Angelos D. Keromytis.
In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. CCS ’14. New York, NY, USA: ACM, 501–512. DOI: http://dx.doi.org/10.1145/2660267.2660317 (November 2014) - Link: http://doi.acm.org/10.1145/2660267.2660317 [PDF]

A Practical Attack Against a KNX-Based Building Automation System
Alessio Antonini, Federico Maggi, and Stefano Zanero.
In Proceedings of the 2Nd International Symposium on ICS & SCADA Cyber Security Research 2014. ICS-csr 2014. UK: BCS, 53–60. DOI: http://dx.doi.org/10.14236/ewic/ics-csr2014.7 (September 2014) - Link: http://dx.doi.org/10.14236/ewic/ics-csr2014.7 [PDF]

Zarathustra: Extracting WebInject Signatures from Banking Trojans
Claudio Criscione, Fabio Bosatelli, Stefano Zanero, and Federico Maggi.
In Proceedings of the Twelfth Annual International Conference on Privacy, Security and Trust (PST). Toronto, Canada: IEEE Computer Society, 139–148. DOI: http://dx.doi.org/10.1109/PST.2014.6890933 (July 2014) [PDF]

AndRadar: Fast Discovery of Android Applications in Alternative Markets
Martina Lindorfer, Stamatis Volanis, Alessandro Sisto, Matthias Neugschwandtner, Elias Athanasopoulos, Federico Maggi, Christian Platzer, Stefano Zanero, and Sotiris Ioannidis.
In Sven Dietrich, ed. Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture notes in computer science. Springer International Publishing, 51–71. DOI: http://dx.doi.org/10.1007/978-3-319-08509-8_4 (July 2014) - Link: http://link.springer.com/chapter/10.1007/978-3-319-08509-8_4 [PDF]

Phoenix: DGA-Based Botnet Tracking and Intelligence
Stefano Schiavoni, Federico Maggi, Lorenzo Cavallaro, and Stefano Zanero.
In Sven Dietrich, ed. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Lecture notes in computer science. Springer International Publishing, 192–211. DOI: http://dx.doi.org/10.1007/978-3-319-08509-8_11 (July 2014) - Link: http://link.springer.com/chapter/10.1007/978-3-319-08509-8_11 [PDF]

BankSealer: An Online Banking Fraud Analysis and Decision Support System
Michele Carminati, Roberto Caron, Federico Maggi, Ilenia Epifani, and Stefano Zanero.
In Nora Cuppens-Boulahia, Frédéric Cuppens, Sushil Jajodia, Anas Abou El Kalam, & Thierry Sans, eds. ICT Systems Security and Privacy Protection. IFIP advances in information and communication technology. Springer Berlin Heidelberg, 380–394. DOI: http://dx.doi.org/10.1007/978-3-642-55415-5_32 (June 2, 2014) - Link: http://link.springer.com/chapter/10.1007/978-3-642-55415-5_32 [PDF]

Stranger Danger: Exploring the Ecosystem of Ad-Based URL Shortening Services
Nick Nikiforakis, Federico Maggi, Gianluca Stringhini, M. Zubair Rafique, Wouter Joosen, Christopher Kruegel, Frank Piessens, Giovanni Vigna, and Stefano Zanero.
In Proceedings of the 23rd International Conference on World Wide Web. WWW ’14. Seoul, Korea: International World Wide Web Conferences Steering Committee, 51–62. DOI: http://dx.doi.org/10.1145/2566486.2567983 (April 2014) - Link: http://dx.doi.org/10.1145/2566486.2567983 [PDF]

BitIodine: Extracting Intelligence from the Bitcoin Network
Michele Spagnuolo, Federico Maggi, and Stefano Zanero.
In Financial Cryptography and Data Security. Lecture notes in computer science (lncs). Barbados: Springer Berlin Heidelberg, 457–468. DOI: http://dx.doi.org/10.1007/978-3-662-45472-5_29 (March 3, 2014) [PDF]

A Comprehensive Black-Box Methodology for Testing the Forensic Characteristics of Solid-State Drives
Gabriele Bonetti, Marco Viglione, Alessandro Frossi, Federico Maggi, and Stefano Zanero.
In Proceedings of the 29th Annual Computer Security Applications Conference. ACSAC ’13. New York, NY, USA: ACM, 269–278. DOI: http://dx.doi.org/10.1145/2523649.2523660 (December 2013) - Link: http://doi.acm.org/10.1145/2523649.2523660 [PDF]

Two Years of Short URLs Internet Measurement: Security Threats and Countermeasures
Federico Maggi, Alessandro Frossi, Stefano Zanero, Gianluca Stringhini, Brett Stone-Gross, Christopher Kruegel, and Giovanni Vigna.
In Proceedings of the 22nd international conference on World Wide Web (WWW). Republic and Canton of Geneva, Switzerland: International World Wide Web Conferences Steering Committee, 861–872. (May 2013) [PDF]

Lines of Malicious Code: Insights Into the Malicious Software Industry
Martina Lindorfer, Alessandro Di Federico, Federico Maggi, Paolo Milani Comparetti, and Stefano Zanero.
In Proceedings of the Annual Computer Security Applications Conference (ACSAC). New York, NY, USA: ACM, 349–358. DOI: http://dx.doi.org/10.1145/2420950.2421001 (December 3, 2012) [PDF]

All Your Face Are Belong to Us: Breaking Facebook’s Social Authentication
Jason Polakis, Marco Lancini, Georgios Kontaxis, Federico Maggi, Sotiris Ioannidis, Angelos Keromytis, and Stefano Zanero.
In Proceedings of the Annual Computer Security Applications Conference (ACSAC). New York, NY, USA: ACM, 399–408. DOI: http://dx.doi.org/10.1145/2420950.2421008 (December 3, 2012) [PDF]

Integrated Detection of Anomalous Behavior of Computer Infrastructures
Federico Maggi and Stefano Zanero.
In Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS). IEEE, 866–871. DOI: http://dx.doi.org/10.1109/NOMS.2012.6212001 (April 16, 2012) [PDF]

Finding Non-Trivial Malware Naming Inconsistencies
Federico Maggi, Andrea Bellini, Guido Salvaneschi, and Stefano Zanero.
In Proceedings of the 7th International Conference on Information Systems Security (ICISS). Lecture notes in computer science. Springer-Verlag, 144–159. DOI: http://dx.doi.org/10.1007/978-3-642-25560-1_10 (December 15, 2011) [PDF]

A Fast Eavesdropping Attack Against Touchscreens
Federico Maggi, Alberto Volpatto, Simone Gasparini, Giacomo Boracchi, and Stefano Zanero.
In Proceedings of the 7th International Conference on Information Assurance and Security (IAS). 320–325. DOI: http://dx.doi.org/10.1109/ISIAS.2011.6122840 (December 5, 2011) [PDF]

POSTER: Fast, Automatic IPhone Shoulder Surfing
Federico Maggi, Alberto Volpatto, Simone Gasparini, Giacomo Boracchi, and Stefano Zanero.
In Proceedings of the 18th Conference on Computer and Communication Security (CCS). ACM. DOI: http://dx.doi.org/10.1145/2093476.2093498 (October 1, 2011) [PDF]

BURN: Baring Unknown Rogue Networks
Francesco Roveta, Luca Di Mario, Federico Maggi, Giorgio Caviglia, Stefano Zanero, and Paolo Ciuccarelli.
In Proceedings of the 8th International Symposium on Visualization for Cyber Security (VizSec). New York, NY, USA: ACM, 6:1–6:10. DOI: http://dx.doi.org/10.1145/2016904.2016910 (June 20, 2011) [PDF]

Is the Future Web More Insecure? Distractions and Solutions of New-Old Security Issues and Measures
Federico Maggi and Stefano Zanero.
In Proceedings of the Worldwide Cybersecurity Summit. EWI, 1–9. (June 1, 2011) [PDF]

Effective Multimodel Anomaly Detection Using Cooperative Negotiation
Alberto Volpatto, Federico Maggi, and Stefano Zanero.
In Proceedings of the Decision and Game Theory for Security (GameSec). Lecture notes in computer science. Springer Berlin/Heidelberg, 180–191. DOI: http://dx.doi.org/10.1007/978-3-642-17197-0_12 (November 22, 2010) [PDF]

Are the Con Artists Back? A Preliminary Analysis of Modern Phone Frauds
Federico Maggi.
In Proceedings of the International Conference on Computer and Information Technology (CIT). IEEE Computer Society, 824–831. DOI: http://dx.doi.org/10.1109/CIT.2010.156 (June 29, 2010) [PDF]

A Recognizer of Rational Trace Languages
Federico Maggi.
In Proceedings of the International Conference on Computer and Information Technology (CIT). IEEE Computer Society, 257–264. DOI: http://dx.doi.org/10.1109/CIT.2010.77 (June 2010) [PDF]

Effective Anomaly Detection with Scarce Training Data
William Robertson, Federico Maggi, Christopher Kruegel, and Giovanni Vigna.
In Proceedings of the Network and Distributed System Security Symposium (NDSS). The Internet Society. DOI: http://dx.doi.org/10.1.1.183.3323 (March 1, 2010) [PDF]

Integrated Detection of Attacks Against Browsers, Web Applications and Databases
Claudio Criscione, Federico Maggi, Guido Salvaneschi, and Stefano Zanero.
In Proceedings of the European Conference on Network Defense (EC2ND). IEEE Computer Society. DOI: http://dx.doi.org/10.1109/EC2ND.2009.13 (November 9, 2009) [PDF]

Protecting a Moving Target: Addressing Web Application Concept Drift
Federico Maggi, William Robertson, Christopher Kruegel, and Giovanni Vigna.
In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID). DOI: http://dx.doi.org/10.1007/978-3-642-04342-0_2 (September 23, 2009) [PDF]

Selecting and Improving System Call Models for Anomaly Detection
Alessandro Frossi, Federico Maggi, Gian Luigi Rizzo, and Stefano Zanero.
In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). DOI: http://dx.doi.org/10.1007/978-3-642-02918-9_13 (July 9, 2009) [PDF]

On the Use of Different Statistical Tests for Alert Correlation - Short Paper
Federico Maggi and Stefano Zanero.
In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID). 167–177. DOI: http://dx.doi.org/10.1007/978-3-540-74320-0_9 (September 5, 2007) [PDF]

Workshop Papers

Download workshops.bib

Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery
Tommi Unruh, Bhargava Shastry, Malte Skoruppa, Federico Maggi, Konrad Rieck, Jean-Pierre Seifert, and Fabian Yamaguchi.
In Proceedings of the 11th USENIX workshop on offensive technologies (WOOT 17). Vancouver, BC: USENIX Association. (August 2017) - Link: https://www.usenix.org/conference/woot17/workshop-program/presentation/unruh [PDF]

Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing
Bhargava Shastry, Federico Maggi, Fabian Yamaguchi, Konrad Rieck, and Jean-Pierre Seifert.
In 11th USENIX workshop on offensive technologies (WOOT 17). Vancouver, BC: USENIX Association. (August 2017) - Link: https://www.usenix.org/conference/woot17/workshop-program/presentation/shastry [PDF]

Security and Privacy Measurements on Social Networks: Experiences and Lessons Learned
Iasonas Polakis, Federico Maggi, Stefano Zanero, and Angelos D. Keromytis.
In 2014 third international workshop on building analysis datasets and gathering experience returns for security (badgers). Wroclaw, Poland, 18–29. DOI: http://dx.doi.org/10.1109/BADGERS.2014.9 (September 2014) [PDF]

AndroTotal: A Flexible, Scalable Toolbox and Service for Testing Mobile Malware Detectors
Federico Maggi, Andrea Valdi, and Stefano Zanero.
In Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices. SPSM ’13. New York, NY, USA: ACM, 49–54. DOI: http://dx.doi.org/10.1145/2516760.2516768 (October 2013) - Link: http://doi.acm.org/10.1145/2516760.2516768 [PDF]

System Security Research at Politecnico Di Milano
Federico Maggi and Stefano Zanero.
In Proceedings of the 1st SysSec Workshop (SysSec). IEEE Computer Society. DOI: http://dx.doi.org/10.1109/SysSec.2011.30 (July 6, 2011) [PDF]

A Social-Engineering-Centric Data Collection Initiative to Study Phishing
Federico Maggi, Alessandro Sisto, and Stefano Zanero.
In Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). New York, NY, USA: ACM, 107–108. DOI: http://dx.doi.org/10.1145/1978672.1978687 (April 10, 2011) [PDF]

Journal Papers

Download journals.bib

Scalable Testing of Mobile Antivirus Applications
Andrea Valdi, Eros Lever, Simone Benefico, Davide Quarta, Stefano Zanero, and Federico Maggi. Computer 48, 11. (November 2015) [PDF]

BankSealer: A Decision Support System for Online Banking Fraud Analysis and Investigation
Michele Carminati, Roberto Caron, Federico Maggi, Ilenia Epifani, and Stefano Zanero. Computers & Security. (April 2015) - Link: http://www.sciencedirect.com/science/article/pii/S0167404815000437 [PDF]

Adaptive and Flexible Smartphone Power Modeling
Alessandro Nacci, Francesco Trovò, Federico Maggi, Matteo Ferroni, Andrea Cazzola, Donatella Sciuto, and Marco Santambrogio. Mobile Networks and Applications. (October 1, 2013) [PDF]

A Security Layer for Smartphone-to-Vehicle Communication over Bluetooth
Andrea Dardanelli, Federico Maggi, Mara Tanelli, Stefano Zanero, Sergio M. Savaresi, Roman Kochanek, and Thorsten Holz. Embedded Systems Letters 5, 3. (June 21, 2013) [PDF]

Reducing False Positives in Anomaly Detectors Through Fuzzy Alert Aggregation
Federico Maggi, Matteo Matteucci, and Stefano Zanero. Information Fusion 10, 4. (October 1, 2009) [PDF]

Detecting Intrusions Through System Call Sequence and Argument Analysis
Federico Maggi, Matteo Matteucci, and Stefano Zanero. IEEE Transactions on Dependable and Secure Computing (TODS) 7, 4. (November 17, 2008) [PDF]

Seeing the Invisible: Forensic Uses of Anomaly Detection and Machine Learning
Federico Maggi, Stefano Zanero, and Vincenzo Iozzo. Operating Systems Review of the ACM Special Interest Group on Operating Systems (SIGOPS) 42, 3. (April 1, 2008) [PDF]

Technical Reports

Download reports.bib

European Cyber-Security Research and Innovation
Federico Maggi, Stefano Zanero, and Evangelos Markatos., (January 2015) - Link: http://ercim-news.ercim.eu/en100/r-i/european-cyber-security-research-and-innovation [PDF]

XSS Peeker: A Systematic Analysis of Cross-Site Scripting Vulnerability Scanners
Enrico Bazzoli, Claudio Criscione, Federico Maggi, and Stefano Zanero., arXiv. (October 15, 2014) - Link: http://arxiv.org/abs/1410.4207 [PDF]

PuppetDroid: A User-Centric UI Exerciser for Automatic Dynamic Analysis of Similar Android Applications
Andrea Gianazza, Federico Maggi, Aristide Fattori, Lorenzo Cavallaro, and Stefano Zanero., arXiv. (February 19, 2014) - Link: http://arxiv.org/abs/1402.4826 [PDF]

Tracking and Characterizing Botnets Using Automatically Generated Domains
Stefano Schiavoni, Federico Maggi, Lorenzo Cavallaro, and Stefano Zanero., arXiv. (November 21, 2013) - Link: http://arxiv.org/abs/1311.5612 [PDF]

Secure Integration of Mobile Devices for Automotive Services
Roman Kochanek, Andrea Dardanelli, Federico Maggi, Stefano Zanero, Mara Tanelli, Sergio Savaresi, and Thorsten Holz., Politecnico di Milano. (June 1, 2012) [PDF]

Rethinking Security in a Cloudy World
Federico Maggi and Stefano Zanero., Politecnico di Milano. (November 11, 2010) [PDF]

Don’t Touch a Word! A Practical Input Eavesdropping Attack Against Mobile Touchscreen Devices
Federico Maggi, Alberto Volpatto, Simone Gasparini, Giacomo Boracchi, and Stefano Zanero., Politecnico di Milano. (November 1, 2010) [PDF]

Specification and Evaluation of an Efficient Recognizer for Rational Trace Languages
Federico Maggi., Politecnico di Milano. (June 1, 2008) [PDF]

A Survey of Probabilistic Record Matching Models, Techniques and Tools
Federico Maggi., Politecnico di Milano. (April 1, 2008) [PDF]

Dissertations

Download dissertations.bib

Integrated Detection of Anomalous Behavior of Computer Infrastructures.
Federico Maggi. PhD thesis. Milano, Italy: Politecnico di Milano. ( 2010) - Link: https://github.com/phretor/cs-phd-dissertation-latex-template [PDF]