SlideShare a Scribd company logo

System Security @ NECSTLab

NECST Lab @ Politecnico di Milano
NECST Lab @ Politecnico di Milano

Research in current and future cybersecurity threats at the NECSTLab is heavily centered on experimentally analyzing real systems, with a focus on a data-driven approach. In this context, in our lab we are pursuing four lines of research: large scale and automated malware analysis, detection of financial frauds through machine learning, mobile security and mobile malware analysis, as well as cyber-physical security, where we focus on automotive network and on the security of the so-called Industry 4.0 paradigm. In this talk, we will give a bird’s eye view on the system security research at the NECSTLab, presenting the rationale of our research as well as introducing representative projects in our four lines of research and the main results we achieved.

Engineering
1 of 49
Download to read offline
NGC 2018Systems Security @ NECSTLab Marcello Pogliani System Security @ NECSTLab Marcello Pogliani marcello.pogliani@polimi.it Microsoft, Mountain View May 31st , 2018
NGC 2018Systems Security @ NECSTLab Marcello Pogliani The System Security Group @ NECSTLab 1 Associate Professor (Stefano Zanero) ~ 3 Postdoctoral Researchers ~ 3 PhD Students 15+ Master’s Students
NGC 2018Systems Security @ NECSTLab Marcello Pogliani What (else) we do, besides research Hacking Activities (aka CTF) ● Tower of Hanoi ~> http://toh.necst.it/ ● mHACKeroni ~> http://mhackeroni.it ○ 2nd @ DEF CON Quals 2018!
NGC 2018Systems Security @ NECSTLab Marcello Pogliani System Security Emphasis on real systems Focus on data and machine learning Tools (or concepts) to aid the analyst or the user
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Research Lines Malware and Threat Analysis Frauds Analysis and Detection Mobile Security Security of Cyber-physical systems
Malware and Threat Analysis
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Prometheus extract robusts signatures from WebInject-based trojans Malware and Threat Analysis MaTa Analysis Defense/Protection Specific Threats ShieldFS defense against ransomware Arancino resilient defending Intel Pin against anti-instrumentation attacks Jackdaw simpler automatic extraction and tagging of common malware behavior
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Sample Project ShieldFS MaTa
NGC 2018Systems Security @ NECSTLab Marcello Pogliani 2016-17 the "years of extortion" MaTa
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Ransomware vs. Benign Apps Storage Driver File System IRPLogger I/O Manager Kernel mode User mode Benign Ransomware? ? ? Disk drive MaTa
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Ransomware vs. Benign Apps (1) #Folder-listing (2) #Files-Read (3) #Files-Written (4) #Files-Renamed (5) File type coverage (6) Write Entropy MaTa
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Detection Models Disk drive Process #1 Process #n Process-centric Models System-centric Model MaTa
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Protection: File Recovery Workflow Monitor & COW on first write Unknown ShieldFS DetectorMalicious Restore original copies Benign Clean old copies Start MaTa
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Detection & Recovery Capabilities ● 1483 unseen samples ○ Locky, TeslaCrypt, CryptoLocker, Critroni, TorrentLocker, CryptoWall, Troldesh, CryptoDefense, PayCrypt, DirtyDecrypt, ZeroLocker, Cerber, WannaCry ● Files protected: always 100% ○ Even in case of missed detection ● Detection rate: 1436/1483, 96.9% MaTa
NGC 2018Systems Security @ NECSTLab Marcello Pogliani What’s Next Limitations of Software-based Detectors Kernel Hardware Detector OS App MaTa
NGC 2018Systems Security @ NECSTLab Marcello Pogliani ● Passive undetectable analysis ● Live memory forensics Live Memory Forensics PCIe USB Target/Protected Machine (Win 8.1) Physical Memory Reader Malware Detector USB3380 MaTa
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Live Memory Forensics Semantic Gap ● Filling the semantic gap ○ Parse OS data structure 4cf8eafbfa631312 10e669b3e98b67f6 82097ae3fe87145c 8c2fd30bf67781d7 b7bade6b459548f0 2828d603887a888a 04551826d4b467dc bd2aa3a9904e087a 615e9b3d4ab9f7a8 f7e89d698b23a268 Semantic Reconstruction Raw memory Data Structures MaTa
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Preliminary Results Dataset: 2050 samples: ● Arancino dataset ~> 500 samples ● Quincy dataset ~> 73 samples ● VirusTotal ~> 1477 samples MaTa
Fraud Analysis and Detection
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Machine learning for security Historical transaction data ~> model user behavior Detect frauds as anomalies Fraud Analysis and Detection FraudSec
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Sample Project Banksealer FraudSec
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Internet Banking Fraud Detection Challenges Difficult to analyze and detect ● Rare and dispersed ~> highly imbalanced dataset ● User behavior dynamic and varying over time Available information and data is scarce Existing approach are limited ● Black-box ● Based on synthetic data FraudSec
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Dataset Analysis Skewed and unbalanced distribution Number of transactions per user Undertraining Amount FraudSec
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Legit Transaction vs Frauds Frauds rare and hidden in the user’s behavior Frauds Transactions FraudSec
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Dataset Analysis Amount Distribution Legitimate Fraud FraudSec
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Banksealer: Approach Local Profile (for each user) Global Profile Temporal Profile (for each user) Threefold Approach: Different Granularities FraudSec
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Banksealer: Approach Local Profile (for each user) Global Profile Temporal Profile (for each user) FraudSec Local Profile characterizes each user’s individual spending pattern to evaluate the anomaly of each new transaction
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Banksealer: Approach Global Profile Temporal Profile (for each user) Local Profile (for each user) FraudSec Global Profile characterizes “classes” of spending patterns and mitigate the undertraining problem
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Banksealer: Approach Temporal Profile (for each user) Local Profile (for each user) Global Profile FraudSec Temporal Profile deals with frauds that exploit the repetition of legitimate-looking transactions over time
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Banksealer: Approach FraudSec
NGC 2018Systems Security @ NECSTLab Marcello Pogliani FraudSec
Mobile Security
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Heldroid Mobile ransomware analysis Andrototal Service to analyze suspicious apps w/ multiple mobile AVs Mobile Security Mobile Malware Analysis Platform Security Grab ‘n Run Secure dynamic code loading OpenST Linux/ARM syscall tracer MoSec
Cyber-Physical Systems
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Example project: DoS attack that exploits weaknesses in the CANbus link layer. Cyber-Physical Systems Security Automotive Industrial Controls & Robots Example project: a security analysis of modern industrial robot controllers CyPhy
NGC 2018Systems Security @ NECSTLab Marcello Pogliani (Industrial) CPS Research What risks and vulnerabilities? What real-world threats? How to detect attacks and improve security? CyPhy
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Sample Project Robosec CyPhy
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Motivation: Industry 4.0 Trends Interconnecte d Flexibly programmable Remotely exposed CyPhy
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Robosec in a nutshell Model for a remote attacker (Industry 4.0 context) Attack Surface Analysis Discovered generic attack “templates” Implemented all this with a case study (ABB IRC5) CyPhy
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Threat Scenarios 1) Production Plant Halting 2) Production Outcome Alteration 3) Physical Damage 4) Unauthorized Access 5) Ransom requests to disclose micro defects CyPhy
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Example attack: Control Loop Alteration ! CyPhy
NGC 2018Systems Security @ NECSTLab Marcello Pogliani
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Attack POCs 1) Accuracy Violation: PID parameters detuning (Attack 1) 2) Safety Violation: User-Perceived Robot State Alteration (Attack 4) 3) Integrity Violation: Control-loop alteration (Attack 1) CyPhy
NGC 2018Systems Security @ NECSTLab Marcello Pogliani What’s Next Analysis generalize to multiple controllers attack surface: not only network (physical, programming languages) Defense Attack countermeasures (e.g., HRI) Programming languages CyPhy
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Thanks! Marcello Pogliani marcello.pogliani@polimi.it @mapogli
NGC 2018Systems Security @ NECSTLab Marcello Pogliani Malware Analysis: Results A. Continella, A. Guagnelli, G. Zingaro, G. De Pasquale, A. Barenghi, S. Zanero, F. Maggi ShieldFS: a self-healing, ransomware-aware filesystem ACSAC 2017, https://conand.me/publications/continella-shieldfs-2016.pdf - http://shieldfs.necst.it M. Polino, A. Scorti, F. Maggi, S. Zanero Jackdaw: Towards Automatic Reverse Engineering of Large Datasets of Binaries DIMVA 2015, https://jinblack.it/static/files/jackdaw.pdf M. Polino, A. Continella, S. Mariani, S. D’Alessio, L. Fontana, F. Gritti, S. Zanero Measuring and Defeating Anti-Instrumentation-Equipped Malware DIMVA 2017, https://jinblack.it/static/files/arancino.pdf - code + dataset: http://arancino.necst.it MaTa
NGC 2018Systems Security @ NECSTLab Marcello Pogliani M. Carminati, R. Caron, I. Epifani, F. Maggi, S. Zanero BankSealer: An Online Banking Fraud Analysis and Decision Support System IFIP SEC 2014, http://www.syssec-project.eu/m/page-media/3/carminati_sec14_bankSealer.pdf M. Carminati, M. Polino, A. Continella, A. Lanzi, F. Maggi, S. Zanero Security Evaluation of a Banking Fraud Analysis System ACM Transactions on Privacy and Security (TOPS), 2018 https://conand.me/publications/carminati-bankingfraud-2018.pdf Banksealer: Results FraudSec M. Carminati, A. Baggio, F. Maggi, U. Spagnolini, S. Zanero FraudBuster: Temporal Analysis and Detection of Advanced Financial Frauds DIMVA 2018 (June 2018)
NGC 2018Systems Security @ NECSTLab Marcello Pogliani A. Palanca, E. Evenchick, F. Maggi, S. Zanero A stealth, selective, link-layer denial-of-service attack against automotive networks DIMVA 2017, https://link.springer.com/chapter/10.1007/978-3-319-60876-1_9 Cyber-Physical Systems: Results D. Quarta, M. Pogliani, M. Polino, F. Maggi, A. M. Zanchettin, S. Zanero An Experimental Security Analysis of an Industrial Robot Controller IEEE Security & Privacy 2017, http://robosec.org/downloads/paper-robosec-sp-2017.pdf http://robosec.org

Recommended

Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Vaticle
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceJacklynTsai
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE - ATT&CKcon
 
A Comparison Study of Open Source Penetration Testing Tools
A Comparison Study of Open Source Penetration Testing ToolsA Comparison Study of Open Source Penetration Testing Tools
A Comparison Study of Open Source Penetration Testing Toolsijtsrd
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE - ATT&CKcon
 
SPR@I Year in Review
SPR@I Year in ReviewSPR@I Year in Review
SPR@I Year in ReviewAdam Bates
 
Visibility on the network a tactical cti-based approach
Visibility on the network a tactical cti-based approachVisibility on the network a tactical cti-based approach
Visibility on the network a tactical cti-based approachAlfredo Hickman
 

Recommended

Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Vaticle
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceJacklynTsai
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE - ATT&CKcon
 
A Comparison Study of Open Source Penetration Testing Tools
A Comparison Study of Open Source Penetration Testing ToolsA Comparison Study of Open Source Penetration Testing Tools
A Comparison Study of Open Source Penetration Testing Toolsijtsrd
 
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...
MITRE ATT&CKcon 2018: Sofacy 2018 and the Adversary Playbook, Robert Falcone,...MITRE - ATT&CKcon
 
SPR@I Year in Review
SPR@I Year in ReviewSPR@I Year in Review
SPR@I Year in ReviewAdam Bates
 
Visibility on the network a tactical cti-based approach
Visibility on the network a tactical cti-based approachVisibility on the network a tactical cti-based approach
Visibility on the network a tactical cti-based approachAlfredo Hickman
 
Toward Hardware-based Malware Detection through Memory Forensics
Toward Hardware-based Malware Detection through Memory ForensicsToward Hardware-based Malware Detection through Memory Forensics
Toward Hardware-based Malware Detection through Memory ForensicsNECST Lab @ Politecnico di Milano
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligencePriyanka Aash
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiStonesoft
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE - ATT&CKcon
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
steganography using visual cryptography_report
steganography using visual cryptography_reportsteganography using visual cryptography_report
steganography using visual cryptography_reportSaurabh Nambiar
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE - ATT&CKcon
 
Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Ricardo Gutiérrez
 
IRJET-Design and Fabrication of Automatic Plastic Cup Thermoforming Machine
IRJET-Design and Fabrication of Automatic Plastic Cup Thermoforming MachineIRJET-Design and Fabrication of Automatic Plastic Cup Thermoforming Machine
IRJET-Design and Fabrication of Automatic Plastic Cup Thermoforming MachineIRJET Journal
 
Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Arpit Singh
 
To use the concept of Data Mining and machine learning concept for Cyber secu...
To use the concept of Data Mining and machine learning concept for Cyber secu...To use the concept of Data Mining and machine learning concept for Cyber secu...
To use the concept of Data Mining and machine learning concept for Cyber secu...Nishant Mehta
 
Evading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitEvading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitn|u - The Open Security Community
 
Linkedin
LinkedinLinkedin
LinkedinKhaled Serag
 
MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...
MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...
MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...MITRE - ATT&CKcon
 
ANALYSIS OF THE SECURITY OF BB84 BY MODEL CHECKING
ANALYSIS OF THE SECURITY OF BB84 BY MODEL CHECKINGANALYSIS OF THE SECURITY OF BB84 BY MODEL CHECKING
ANALYSIS OF THE SECURITY OF BB84 BY MODEL CHECKINGIJNSA Journal
 
Multimedia
MultimediaMultimedia
Multimediaambitlick
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!Priyanka Aash
 
Reducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformationReducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformationSergey Soldatov
 
Baythreat Cryptolocker Presentation
Baythreat Cryptolocker PresentationBaythreat Cryptolocker Presentation
Baythreat Cryptolocker PresentationOpenDNS
 
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...NECST Lab @ Politecnico di Milano
 
Analyzing and Defending from Modern Internet Threats
Analyzing and Defending from Modern Internet ThreatsAnalyzing and Defending from Modern Internet Threats
Analyzing and Defending from Modern Internet ThreatsNECST Lab @ Politecnico di Milano
 

More Related Content

What's hot

Toward Hardware-based Malware Detection through Memory Forensics
Toward Hardware-based Malware Detection through Memory ForensicsToward Hardware-based Malware Detection through Memory Forensics
Toward Hardware-based Malware Detection through Memory ForensicsNECST Lab @ Politecnico di Milano
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligencePriyanka Aash
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiStonesoft
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE - ATT&CKcon
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
steganography using visual cryptography_report
steganography using visual cryptography_reportsteganography using visual cryptography_report
steganography using visual cryptography_reportSaurabh Nambiar
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE - ATT&CKcon
 
IRJET-Design and Fabrication of Automatic Plastic Cup Thermoforming Machine
IRJET-Design and Fabrication of Automatic Plastic Cup Thermoforming MachineIRJET-Design and Fabrication of Automatic Plastic Cup Thermoforming Machine
IRJET-Design and Fabrication of Automatic Plastic Cup Thermoforming MachineIRJET Journal
 
Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Arpit Singh
 
To use the concept of Data Mining and machine learning concept for Cyber secu...
To use the concept of Data Mining and machine learning concept for Cyber secu...To use the concept of Data Mining and machine learning concept for Cyber secu...
To use the concept of Data Mining and machine learning concept for Cyber secu...Nishant Mehta
 
Evading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitEvading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitn|u - The Open Security Community
 
MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...
MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...
MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...MITRE - ATT&CKcon
 
ANALYSIS OF THE SECURITY OF BB84 BY MODEL CHECKING
ANALYSIS OF THE SECURITY OF BB84 BY MODEL CHECKINGANALYSIS OF THE SECURITY OF BB84 BY MODEL CHECKING
ANALYSIS OF THE SECURITY OF BB84 BY MODEL CHECKINGIJNSA Journal
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!Priyanka Aash
 
Reducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformationReducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformationSergey Soldatov
 
Baythreat Cryptolocker Presentation
Baythreat Cryptolocker PresentationBaythreat Cryptolocker Presentation
Baythreat Cryptolocker PresentationOpenDNS
 

What's hot (20)

Toward Hardware-based Malware Detection through Memory Forensics
Toward Hardware-based Malware Detection through Memory ForensicsToward Hardware-based Malware Detection through Memory Forensics
Toward Hardware-based Malware Detection through Memory Forensics
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewski
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
 
steganography using visual cryptography_report
steganography using visual cryptography_reportsteganography using visual cryptography_report
steganography using visual cryptography_report
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
 
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
 
Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Coursera Cybersecurity 2015
Coursera Cybersecurity 2015
 
IRJET-Design and Fabrication of Automatic Plastic Cup Thermoforming Machine
IRJET-Design and Fabrication of Automatic Plastic Cup Thermoforming MachineIRJET-Design and Fabrication of Automatic Plastic Cup Thermoforming Machine
IRJET-Design and Fabrication of Automatic Plastic Cup Thermoforming Machine
 
Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Coursera Cybersecurity 2015
Coursera Cybersecurity 2015
 
To use the concept of Data Mining and machine learning concept for Cyber secu...
To use the concept of Data Mining and machine learning concept for Cyber secu...To use the concept of Data Mining and machine learning concept for Cyber secu...
To use the concept of Data Mining and machine learning concept for Cyber secu...
 
Evading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitEvading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploit
 
Linkedin
LinkedinLinkedin
Linkedin
 
MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...
MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...
MITRE ATT&CKcon 2018: Decision Analysis Applications in Threat Analysis Frame...
 
ANALYSIS OF THE SECURITY OF BB84 BY MODEL CHECKING
ANALYSIS OF THE SECURITY OF BB84 BY MODEL CHECKINGANALYSIS OF THE SECURITY OF BB84 BY MODEL CHECKING
ANALYSIS OF THE SECURITY OF BB84 BY MODEL CHECKING
 
Multimedia
MultimediaMultimedia
Multimedia
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
 
Reducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformationReducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformation
 
Baythreat Cryptolocker Presentation
Baythreat Cryptolocker PresentationBaythreat Cryptolocker Presentation
Baythreat Cryptolocker Presentation
 

Similar to System Security @ NECSTLab

System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...NECST Lab @ Politecnico di Milano
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...IJECEIAES
 
Steganography using visual cryptography: Report
Steganography using visual cryptography: ReportSteganography using visual cryptography: Report
Steganography using visual cryptography: ReportAparna Nk
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecurityKim Hammar
 
A Steganography-based Covert Keylogger
A Steganography-based Covert KeyloggerA Steganography-based Covert Keylogger
A Steganography-based Covert KeyloggerCSCJournals
 
Confidential Log-In To Real User using Visual Cryptography and Upload Encrypt...
Confidential Log-In To Real User using Visual Cryptography and Upload Encrypt...Confidential Log-In To Real User using Visual Cryptography and Upload Encrypt...
Confidential Log-In To Real User using Visual Cryptography and Upload Encrypt...IRJET Journal
 
PyConPL 2017 - with python: security
PyConPL 2017 - with python: securityPyConPL 2017 - with python: security
PyConPL 2017 - with python: securityPiotr Dyba
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive softwareAlan Tatourian
 
Implementation of Steganographic Techniques and its Detection.
Implementation of Steganographic Techniques and its Detection.Implementation of Steganographic Techniques and its Detection.
Implementation of Steganographic Techniques and its Detection.IRJET Journal
 
Malware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemMalware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemCyphort
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyAdrian Guthrie
 
Secure Data Encryption and Authentication using Visual Cryptography in the TS...
Secure Data Encryption and Authentication using Visual Cryptography in the TS...Secure Data Encryption and Authentication using Visual Cryptography in the TS...
Secure Data Encryption and Authentication using Visual Cryptography in the TS...AM Publications,India
 
Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...
Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...
Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...Amélie Gyrard
 
Working with cryptographic key information
Working with cryptographic key informationWorking with cryptographic key information
Working with cryptographic key informationIJECEIAES
 
Malware analysis on android using supervised machine learning techniques
Malware analysis on android using supervised machine learning techniquesMalware analysis on android using supervised machine learning techniques
Malware analysis on android using supervised machine learning techniquesMd. Shohel Rana
 

Similar to System Security @ NECSTLab (20)

System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
 
Analyzing and Defending from Modern Internet Threats
Analyzing and Defending from Modern Internet ThreatsAnalyzing and Defending from Modern Internet Threats
Analyzing and Defending from Modern Internet Threats
 
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...
 
Steganography using visual cryptography: Report
Steganography using visual cryptography: ReportSteganography using visual cryptography: Report
Steganography using visual cryptography: Report
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber Security
 
A Steganography-based Covert Keylogger
A Steganography-based Covert KeyloggerA Steganography-based Covert Keylogger
A Steganography-based Covert Keylogger
 
Confidential Log-In To Real User using Visual Cryptography and Upload Encrypt...
Confidential Log-In To Real User using Visual Cryptography and Upload Encrypt...Confidential Log-In To Real User using Visual Cryptography and Upload Encrypt...
Confidential Log-In To Real User using Visual Cryptography and Upload Encrypt...
 
PyConPL 2017 - with python: security
PyConPL 2017 - with python: securityPyConPL 2017 - with python: security
PyConPL 2017 - with python: security
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive software
 
Implementation of Steganographic Techniques and its Detection.
Implementation of Steganographic Techniques and its Detection.Implementation of Steganographic Techniques and its Detection.
Implementation of Steganographic Techniques and its Detection.
 
Malware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemMalware Most Wanted: Security Ecosystem
Malware Most Wanted: Security Ecosystem
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
 
Secure Data Encryption and Authentication using Visual Cryptography in the TS...
Secure Data Encryption and Authentication using Visual Cryptography in the TS...Secure Data Encryption and Authentication using Visual Cryptography in the TS...
Secure Data Encryption and Authentication using Visual Cryptography in the TS...
 
Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...
Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...
Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...
 
A05510105
A05510105A05510105
A05510105
 
Working with cryptographic key information
Working with cryptographic key informationWorking with cryptographic key information
Working with cryptographic key information
 
Malware analysis on android using supervised machine learning techniques
Malware analysis on android using supervised machine learning techniquesMalware analysis on android using supervised machine learning techniques
Malware analysis on android using supervised machine learning techniques
 
ZONeSEC in ERNCIP
ZONeSEC in ERNCIPZONeSEC in ERNCIP
ZONeSEC in ERNCIP
 
Quantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic ModulesQuantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic Modules
 

More from NECST Lab @ Politecnico di Milano

Embedding based knowledge graph link prediction for drug repurposing
Embedding based knowledge graph link prediction for drug repurposingEmbedding based knowledge graph link prediction for drug repurposing
Embedding based knowledge graph link prediction for drug repurposingNECST Lab @ Politecnico di Milano
 
PLASTER - PYNQ-based abandoned object detection using a map-reduce approach o...
PLASTER - PYNQ-based abandoned object detection using a map-reduce approach o...PLASTER - PYNQ-based abandoned object detection using a map-reduce approach o...
PLASTER - PYNQ-based abandoned object detection using a map-reduce approach o...NECST Lab @ Politecnico di Milano
 
EMPhASIS - An EMbedded Public Attention Stress Identification System
EMPhASIS - An EMbedded Public Attention Stress Identification System EMPhASIS - An EMbedded Public Attention Stress Identification System
EMPhASIS - An EMbedded Public Attention Stress Identification SystemNECST Lab @ Politecnico di Milano
 
Maeve - Fast genome analysis leveraging exact string matching
Maeve - Fast genome analysis leveraging exact string matchingMaeve - Fast genome analysis leveraging exact string matching
Maeve - Fast genome analysis leveraging exact string matchingNECST Lab @ Politecnico di Milano
 

More from NECST Lab @ Politecnico di Milano (20)

Mesticheria Team - WiiReflex
Mesticheria Team - WiiReflexMesticheria Team - WiiReflex
Mesticheria Team - WiiReflex
 
Punto e virgola Team - Stressometro
Punto e virgola Team - StressometroPunto e virgola Team - Stressometro
Punto e virgola Team - Stressometro
 
BitIt Team - Stay.straight
BitIt Team - Stay.straight BitIt Team - Stay.straight
BitIt Team - Stay.straight
 
BabYodini Team - Talking Gloves
BabYodini Team - Talking GlovesBabYodini Team - Talking Gloves
BabYodini Team - Talking Gloves
 
printf("Nome Squadra"); Team - NeoTon
printf("Nome Squadra"); Team - NeoTonprintf("Nome Squadra"); Team - NeoTon
printf("Nome Squadra"); Team - NeoTon
 
BlackBoard Team - Motion Tracking Platform
BlackBoard Team - Motion Tracking PlatformBlackBoard Team - Motion Tracking Platform
BlackBoard Team - Motion Tracking Platform
 
#include<brain.h> Team - HomeBeatHome
#include<brain.h> Team - HomeBeatHome#include<brain.h> Team - HomeBeatHome
#include<brain.h> Team - HomeBeatHome
 
Flipflops Team - Wave U
Flipflops Team - Wave UFlipflops Team - Wave U
Flipflops Team - Wave U
 
Bug(atta) Team - Little Brother
Bug(atta) Team - Little BrotherBug(atta) Team - Little Brother
Bug(atta) Team - Little Brother
 
#NECSTCamp: come partecipare
#NECSTCamp: come partecipare#NECSTCamp: come partecipare
#NECSTCamp: come partecipare
 
NECSTCamp101@2020.10.1
NECSTCamp101@2020.10.1NECSTCamp101@2020.10.1
NECSTCamp101@2020.10.1
 
NECSTLab101 2020.2021
NECSTLab101 2020.2021NECSTLab101 2020.2021
NECSTLab101 2020.2021
 
TreeHouse, nourish your community
TreeHouse, nourish your communityTreeHouse, nourish your community
TreeHouse, nourish your community
 
TiReX: Tiled Regular eXpressionsmatching architecture
TiReX: Tiled Regular eXpressionsmatching architectureTiReX: Tiled Regular eXpressionsmatching architecture
TiReX: Tiled Regular eXpressionsmatching architecture
 
Embedding based knowledge graph link prediction for drug repurposing
Embedding based knowledge graph link prediction for drug repurposingEmbedding based knowledge graph link prediction for drug repurposing
Embedding based knowledge graph link prediction for drug repurposing
 
PLASTER - PYNQ-based abandoned object detection using a map-reduce approach o...
PLASTER - PYNQ-based abandoned object detection using a map-reduce approach o...PLASTER - PYNQ-based abandoned object detection using a map-reduce approach o...
PLASTER - PYNQ-based abandoned object detection using a map-reduce approach o...
 
EMPhASIS - An EMbedded Public Attention Stress Identification System
EMPhASIS - An EMbedded Public Attention Stress Identification System EMPhASIS - An EMbedded Public Attention Stress Identification System
EMPhASIS - An EMbedded Public Attention Stress Identification System
 
Luns - Automatic lungs segmentation through neural network
Luns - Automatic lungs segmentation through neural networkLuns - Automatic lungs segmentation through neural network
Luns - Automatic lungs segmentation through neural network
 
BlastFunction: How to combine Serverless and FPGAs
BlastFunction: How to combine Serverless and FPGAsBlastFunction: How to combine Serverless and FPGAs
BlastFunction: How to combine Serverless and FPGAs
 
Maeve - Fast genome analysis leveraging exact string matching
Maeve - Fast genome analysis leveraging exact string matchingMaeve - Fast genome analysis leveraging exact string matching
Maeve - Fast genome analysis leveraging exact string matching
 

Recently uploaded

Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 

Recently uploaded (20)

Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 

System Security @ NECSTLab

  • 1. NGC 2018Systems Security @ NECSTLab Marcello Pogliani System Security @ NECSTLab Marcello Pogliani marcello.pogliani@polimi.it Microsoft, Mountain View May 31st , 2018
  • 2. NGC 2018Systems Security @ NECSTLab Marcello Pogliani The System Security Group @ NECSTLab 1 Associate Professor (Stefano Zanero) ~ 3 Postdoctoral Researchers ~ 3 PhD Students 15+ Master’s Students
  • 3. NGC 2018Systems Security @ NECSTLab Marcello Pogliani What (else) we do, besides research Hacking Activities (aka CTF) ● Tower of Hanoi ~> http://toh.necst.it/ ● mHACKeroni ~> http://mhackeroni.it ○ 2nd @ DEF CON Quals 2018!
  • 4. NGC 2018Systems Security @ NECSTLab Marcello Pogliani System Security Emphasis on real systems Focus on data and machine learning Tools (or concepts) to aid the analyst or the user
  • 5. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Research Lines Malware and Threat Analysis Frauds Analysis and Detection Mobile Security Security of Cyber-physical systems
  • 7. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Prometheus extract robusts signatures from WebInject-based trojans Malware and Threat Analysis MaTa Analysis Defense/Protection Specific Threats ShieldFS defense against ransomware Arancino resilient defending Intel Pin against anti-instrumentation attacks Jackdaw simpler automatic extraction and tagging of common malware behavior
  • 8. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Sample Project ShieldFS MaTa
  • 9. NGC 2018Systems Security @ NECSTLab Marcello Pogliani 2016-17 the "years of extortion" MaTa
  • 10. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Ransomware vs. Benign Apps Storage Driver File System IRPLogger I/O Manager Kernel mode User mode Benign Ransomware? ? ? Disk drive MaTa
  • 11. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Ransomware vs. Benign Apps (1) #Folder-listing (2) #Files-Read (3) #Files-Written (4) #Files-Renamed (5) File type coverage (6) Write Entropy MaTa
  • 12. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Detection Models Disk drive Process #1 Process #n Process-centric Models System-centric Model MaTa
  • 13. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Protection: File Recovery Workflow Monitor & COW on first write Unknown ShieldFS DetectorMalicious Restore original copies Benign Clean old copies Start MaTa
  • 14. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Detection & Recovery Capabilities ● 1483 unseen samples ○ Locky, TeslaCrypt, CryptoLocker, Critroni, TorrentLocker, CryptoWall, Troldesh, CryptoDefense, PayCrypt, DirtyDecrypt, ZeroLocker, Cerber, WannaCry ● Files protected: always 100% ○ Even in case of missed detection ● Detection rate: 1436/1483, 96.9% MaTa
  • 15. NGC 2018Systems Security @ NECSTLab Marcello Pogliani What’s Next Limitations of Software-based Detectors Kernel Hardware Detector OS App MaTa
  • 16. NGC 2018Systems Security @ NECSTLab Marcello Pogliani ● Passive undetectable analysis ● Live memory forensics Live Memory Forensics PCIe USB Target/Protected Machine (Win 8.1) Physical Memory Reader Malware Detector USB3380 MaTa
  • 17. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Live Memory Forensics Semantic Gap ● Filling the semantic gap ○ Parse OS data structure 4cf8eafbfa631312 10e669b3e98b67f6 82097ae3fe87145c 8c2fd30bf67781d7 b7bade6b459548f0 2828d603887a888a 04551826d4b467dc bd2aa3a9904e087a 615e9b3d4ab9f7a8 f7e89d698b23a268 Semantic Reconstruction Raw memory Data Structures MaTa
  • 18. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Preliminary Results Dataset: 2050 samples: ● Arancino dataset ~> 500 samples ● Quincy dataset ~> 73 samples ● VirusTotal ~> 1477 samples MaTa
  • 19. Fraud Analysis and Detection
  • 20. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Machine learning for security Historical transaction data ~> model user behavior Detect frauds as anomalies Fraud Analysis and Detection FraudSec
  • 21. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Sample Project Banksealer FraudSec
  • 22. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Internet Banking Fraud Detection Challenges Difficult to analyze and detect ● Rare and dispersed ~> highly imbalanced dataset ● User behavior dynamic and varying over time Available information and data is scarce Existing approach are limited ● Black-box ● Based on synthetic data FraudSec
  • 23. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Dataset Analysis Skewed and unbalanced distribution Number of transactions per user Undertraining Amount FraudSec
  • 24. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Legit Transaction vs Frauds Frauds rare and hidden in the user’s behavior Frauds Transactions FraudSec
  • 25. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Dataset Analysis Amount Distribution Legitimate Fraud FraudSec
  • 26. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Banksealer: Approach Local Profile (for each user) Global Profile Temporal Profile (for each user) Threefold Approach: Different Granularities FraudSec
  • 27. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Banksealer: Approach Local Profile (for each user) Global Profile Temporal Profile (for each user) FraudSec Local Profile characterizes each user’s individual spending pattern to evaluate the anomaly of each new transaction
  • 28. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Banksealer: Approach Global Profile Temporal Profile (for each user) Local Profile (for each user) FraudSec Global Profile characterizes “classes” of spending patterns and mitigate the undertraining problem
  • 29. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Banksealer: Approach Temporal Profile (for each user) Local Profile (for each user) Global Profile FraudSec Temporal Profile deals with frauds that exploit the repetition of legitimate-looking transactions over time
  • 30. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Banksealer: Approach FraudSec
  • 31. NGC 2018Systems Security @ NECSTLab Marcello Pogliani FraudSec
  • 33. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Heldroid Mobile ransomware analysis Andrototal Service to analyze suspicious apps w/ multiple mobile AVs Mobile Security Mobile Malware Analysis Platform Security Grab ‘n Run Secure dynamic code loading OpenST Linux/ARM syscall tracer MoSec
  • 35. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Example project: DoS attack that exploits weaknesses in the CANbus link layer. Cyber-Physical Systems Security Automotive Industrial Controls & Robots Example project: a security analysis of modern industrial robot controllers CyPhy
  • 36. NGC 2018Systems Security @ NECSTLab Marcello Pogliani (Industrial) CPS Research What risks and vulnerabilities? What real-world threats? How to detect attacks and improve security? CyPhy
  • 37. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Sample Project Robosec CyPhy
  • 38. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Motivation: Industry 4.0 Trends Interconnecte d Flexibly programmable Remotely exposed CyPhy
  • 39. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Robosec in a nutshell Model for a remote attacker (Industry 4.0 context) Attack Surface Analysis Discovered generic attack “templates” Implemented all this with a case study (ABB IRC5) CyPhy
  • 40. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Threat Scenarios 1) Production Plant Halting 2) Production Outcome Alteration 3) Physical Damage 4) Unauthorized Access 5) Ransom requests to disclose micro defects CyPhy
  • 41. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Example attack: Control Loop Alteration ! CyPhy
  • 42. NGC 2018Systems Security @ NECSTLab Marcello Pogliani
  • 43. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Attack POCs 1) Accuracy Violation: PID parameters detuning (Attack 1) 2) Safety Violation: User-Perceived Robot State Alteration (Attack 4) 3) Integrity Violation: Control-loop alteration (Attack 1) CyPhy
  • 44.
  • 45. NGC 2018Systems Security @ NECSTLab Marcello Pogliani What’s Next Analysis generalize to multiple controllers attack surface: not only network (physical, programming languages) Defense Attack countermeasures (e.g., HRI) Programming languages CyPhy
  • 46. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Thanks! Marcello Pogliani marcello.pogliani@polimi.it @mapogli
  • 47. NGC 2018Systems Security @ NECSTLab Marcello Pogliani Malware Analysis: Results A. Continella, A. Guagnelli, G. Zingaro, G. De Pasquale, A. Barenghi, S. Zanero, F. Maggi ShieldFS: a self-healing, ransomware-aware filesystem ACSAC 2017, https://conand.me/publications/continella-shieldfs-2016.pdf - http://shieldfs.necst.it M. Polino, A. Scorti, F. Maggi, S. Zanero Jackdaw: Towards Automatic Reverse Engineering of Large Datasets of Binaries DIMVA 2015, https://jinblack.it/static/files/jackdaw.pdf M. Polino, A. Continella, S. Mariani, S. D’Alessio, L. Fontana, F. Gritti, S. Zanero Measuring and Defeating Anti-Instrumentation-Equipped Malware DIMVA 2017, https://jinblack.it/static/files/arancino.pdf - code + dataset: http://arancino.necst.it MaTa
  • 48. NGC 2018Systems Security @ NECSTLab Marcello Pogliani M. Carminati, R. Caron, I. Epifani, F. Maggi, S. Zanero BankSealer: An Online Banking Fraud Analysis and Decision Support System IFIP SEC 2014, http://www.syssec-project.eu/m/page-media/3/carminati_sec14_bankSealer.pdf M. Carminati, M. Polino, A. Continella, A. Lanzi, F. Maggi, S. Zanero Security Evaluation of a Banking Fraud Analysis System ACM Transactions on Privacy and Security (TOPS), 2018 https://conand.me/publications/carminati-bankingfraud-2018.pdf Banksealer: Results FraudSec M. Carminati, A. Baggio, F. Maggi, U. Spagnolini, S. Zanero FraudBuster: Temporal Analysis and Detection of Advanced Financial Frauds DIMVA 2018 (June 2018)
  • 49. NGC 2018Systems Security @ NECSTLab Marcello Pogliani A. Palanca, E. Evenchick, F. Maggi, S. Zanero A stealth, selective, link-layer denial-of-service attack against automotive networks DIMVA 2017, https://link.springer.com/chapter/10.1007/978-3-319-60876-1_9 Cyber-Physical Systems: Results D. Quarta, M. Pogliani, M. Polino, F. Maggi, A. M. Zanchettin, S. Zanero An Experimental Security Analysis of an Industrial Robot Controller IEEE Security & Privacy 2017, http://robosec.org/downloads/paper-robosec-sp-2017.pdf http://robosec.org