Attack-detection mechanisms should be able to reliably detect, predict, and understandably explain both known and novel threats, while also being able to cope with evasion techniques (like obfuscation, polymorphism, or stealth low-volume attacks). They should not just be able to detect any critical incident, but also raise alarms when it matters only; the more false alarms are raised, the higher the risk that users will ignore warnings or even disable the detection permanently. Moreover, to provide a strong line of defense, attack detection methods should be complemented by suitable defensive technologies, ideally selected autonomously by the system under attack, to counter whatever threat it encounters. In this research area we pursue this ideal, currently amongst others by focusing on the detection and analysis of modern malware, on the prevention and attribution of DDoS attacks, and on the identification and mitigation of novel system vulnerabilities.
European Symposium on Research in Computer Security (ESORICS)
Business Cat: Effects of Quality of Service Features on Side Channels in AMD SEV-SNP
Usenix Security Symposium (USENIX-Security)
SoK: History Doesn't Repeat Itself, but Android Design-Level Vulnerabilities Rhyme in OpenHarmony
Usenix Security Symposium (USENIX-Security)
Spectre on RISC-V Silicon: Attacks and Defenses on Commercial Out-of-Order Processors
IEEE European Symposium on Security and Privacy (EuroS&P)
SoK: A Systematic Review of Integration and Reproducibility of Fuzzing Research into AFL++
IEEE European Symposium on Security and Privacy (EuroS&P)
THEMIS: Context-Aware Grey-box Fuzzing for WordPress Plugins
