Antonella Santone

Talos: No more Ransomware Victims with Formal Methods

Ransomware is a very effective form of malware that is recently spreading out on an impressive number of workstations and smartphones. This malware blocks the access to the infected machine or to the files located in the infected machine. The attackers will restore the machine and files only after the payment of a certain amount of money, usually given in the form of bitcoins. Commercial solutions are still ineffective to recognize the last variants of ransomware, and the problem has been poorly investigated in literature. In this paper we discuss a methodology based on formal methods for detecting ransomware malware on Android devices. We have implemented our method in a tool named Talos. We evaluate the method, and the obtained results show that Talos is very effective in recognizing ransomware (accuracy of 0.99) even when it is obfuscated (accuracy still remains at 0.99).

Cluster Analysis for Driver Aggressiveness Identification.

In the last years, several safety automotive concepts have been proposed, for instance the cruise control and the automatic brakes systems. The proposed systems are able to take the control of the vehicle when a dangerous situation is detected. Less effort was produced in driver aggressiveness in order to mitigate the dangerous situation. In this paper we propose an approach in order to identify the driver aggressiveness exploring the usage of unsupervised machine learning techniques. A real world case study is performed to evaluate the effectiveness of the proposed method.

Who's Driving My Car? A Machine Learning based Approach to Driver Identification.

Despite the development of new technologies, in order to prevent the stealing of cars, the number of car thefts is sharply increasing. With the advent of electronics, new ways to steal cars were found. To avoid auto-theft attacks, in this paper we propose a machine leaning based method to silently e continuously profile the driver by analyzing built-in vehicle sensors. We evaluate the efficiency of the proposed method in driver identification using 10 different drivers. Results are promising, as a matter of fact we obtain a high precision and a recall evaluating a dataset containing data extracted from real vehicle.

Real-Time Driver Behaviour Characterization Through Rule-Based Machine Learning

Modern car-embedded technologies enabled car thieves to perform new ways to steal cars. In order to avoid auto-theft attacks, in this paper we propose a machine learning based method to silently and continuously profile the driver by analyzing built-in vehicle sensors. The proposed method exploits rule-based machine learning with the aim to discriminate between the car owner and impostors. Furthermore, we discuss how the rules generated by the rule-based algorithm can be adopted in order to discriminate between different driving styles.

Evaluating model checking for cyber threats code obfuscation identification

Abstract Code obfuscation is a set of transformations that make code programs harder to understand. The goal of code obfuscation is to make reverse engineering of programs infeasible, while maintaining the logic on the program. Originally, it has been used to protect intellectual property. However, recently code obfuscation has been also used by malware writers in order to make cyber threats easily able to evade antimalware scanners. As a matter of fact, metamorphic and polymorphic viruses exhibit the ability to obfuscate their code as they propagate. In this paper we propose a model checking-based approach which is able to identify the most widespread obfuscating techniques, without making any assumptions about the nature of the obfuscations used. We evaluate the proposed method on a real-world dataset obtaining an accuracy equal to 0.9 in the identification of obfuscation techniques.

Special issue on formal methods for security engineering

This special issue presents papers from the First Workshop on FORmal methods for Security Engineering (ForSE), which was held on February 2017 in Porto, in conjunction with ICISSP, the 3th International Conference on Information Systems Security and Privacy. Due to the constant increase in computing capabilities, every aspect of society has been redefined by software systems. However, the lack of proper security testing has made them vulnerable to a rising number of cyber attacks. Formal methods represent an excellent tool to model such systems mathematically and verify their security properties to improve their resilience against malicious code. Still, there is a large space for collaboration between the formal methods and security communities to address such essential security problems. The ForSE workshop aims at closing this gap and foster the development of verifiable secure and malware resistant systems. The ForSE workshop has received 16 paper submissions coming from 9 different countries around the world (Austria, Bahrain, France, Germany, Italy, Lebanon, Netherlands, South Africa, USA).