Davide Balzarotti

Orcid: 0000-0001-5957-6213

According to our database1, Davide Balzarotti authored at least 130 papers between 2002 and 2023.

Collaborative distances:

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Dataset
Other 

Links

On csauthors.net:

Bibliography

2023
A Comparison of Systemic and Systematic Risks of Malware Encounters in Consumer and Enterprise Environments.
ACM Trans. Priv. Secur., May, 2023

Dissecting American Fuzzy Lop - A FuzzBench Evaluation - RCR Report.
ACM Trans. Softw. Eng. Methodol., April, 2023

Dissecting American Fuzzy Lop: A FuzzBench Evaluation.
ACM Trans. Softw. Eng. Methodol., April, 2023

Adversarial ModSecurity: Countering Adversarial SQL Injections with Robust Machine Learning.
CoRR, 2023

Rods with Laser Beams: Understanding Browser Fingerprinting on Phishing Pages.
Proceedings of the 32nd USENIX Security Symposium, 2023

WHIP: Improving Static Vulnerability Detection in Web Application by Forcing tools to Collaborate.
Proceedings of the 32nd USENIX Security Symposium, 2023

Humans vs. Machines in Malware Classification.
Proceedings of the 32nd USENIX Security Symposium, 2023

An OS-agnostic Approach to Memory Forensics.
Proceedings of the 30th Annual Network and Distributed System Security Symposium, 2023

CrabSandwich: Fuzzing Rust with Rust (Registered Report).
Proceedings of the 2nd International Fuzzing Workshop, 2023

Raze to the Ground: Query-Efficient Adversarial HTML Attacks on Machine-Learning Phishing Webpage Detectors.
Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security, 2023

Decoding the Secrets of Machine Learning in Malware Classification: A Deep Dive into Datasets, Feature Extraction, and Model Performance.
Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

2022
AutoProfile: Towards Automated Profile Generation for Memory Analysis.
ACM Trans. Priv. Secur., 2022

In the Land of MMUs: Multiarchitecture OS-Agnostic Virtual Memory Forensics.
ACM Trans. Priv. Secur., 2022

Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs.
Proceedings of the 31st USENIX Security Symposium, 2022

How Machine Learning Is Solving the Binary Function Similarity Problem.
Proceedings of the 31st USENIX Security Symposium, 2022

RE-Mind: a First Look Inside the Mind of a Reverse Engineer.
Proceedings of the 31st USENIX Security Symposium, 2022

When Sally Met Trackers: Web Tracking From the Users' Perspective.
Proceedings of the 31st USENIX Security Symposium, 2022

Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships.
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

Testability Tarpits: the Impact of Code Patterns on the Security Testing of Web Applications.
Proceedings of the 29th Annual Network and Distributed System Security Symposium, 2022

Fuzzing with Data Dependency Information.
Proceedings of the 7th IEEE European Symposium on Security and Privacy, 2022

LibAFL: A Framework to Build Modular and Reusable Fuzzers.
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022

The Convergence of Source Code and Binary Vulnerability Discovery - A Case Study.
Proceedings of the ASIA CCS '22: ACM Asia Conference on Computer and Communications Security, Nagasaki, Japan, 30 May 2022, 2022

2021
Certificate Transparency in Google Chrome: Past, Present, and Future.
IEEE Secur. Priv., 2021

The evidence beyond the wall: Memory forensics in SGX environments.
Digit. Investig., 2021

Longitudinal Study of the Prevalence of Malware Evasive Techniques.
CoRR, 2021

Pre-processing memory dumps to improve similarity score of Windows modules.
Comput. Secur., 2021

The Use of Likely Invariants as Feedback for Fuzzers.
Proceedings of the 30th USENIX Security Symposium, 2021

When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real World.
Proceedings of the 30th USENIX Security Symposium, 2021

Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization.
Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021

Lost in the Loader: The Many Faces of the Windows PE File Format.
Proceedings of the RAID '21: 24th International Symposium on Research in Attacks, 2021

Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes.
Proceedings of the 28th Annual Network and Distributed System Security Symposium, 2021

Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZone.
Proceedings of the Checkmate@CCS 2021, 2021

SoK: Enabling Security Analyses of Embedded Systems via Rehosting.
Proceedings of the ASIA CCS '21: ACM Asia Conference on Computer and Communications Security, 2021

2020
Dirty Clicks: A Study of the Usability and Security Implications of Click-related Behaviors on the Web.
Proceedings of the WWW '20: The Web Conference 2020, Taipei, Taiwan, April 20-24, 2020, 2020

SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap.
Proceedings of the 2020 IEEE Symposium on Security and Privacy, 2020

Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem.
Proceedings of the 27th Annual Network and Distributed System Security Symposium, 2020

When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features.
Proceedings of the 27th Annual Network and Distributed System Security Symposium, 2020

The Tangled Genealogy of IoT Malware.
Proceedings of the ACSAC '20: Annual Computer Security Applications Conference, 2020

2019
A Close Look at a Daily Dataset of Malware Samples.
ACM Trans. Priv. Secur., 2019

Introducing the Temporal Dimension to Memory Forensics.
ACM Trans. Priv. Secur., 2019

Back to the Whiteboard: a Principled Approach for the Assessment and Design of Memory Forensic Techniques.
Proceedings of the 28th USENIX Security Symposium, 2019

Toward the Analysis of Embedded Firmware through Automated Re-hosting.
Proceedings of the 22nd International Symposium on Research in Attacks, 2019

Can I Opt Out Yet?: GDPR and the Global Illusion of Cookie Control.
Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, 2019

BakingTimer: privacy analysis of server-side request processing time.
Proceedings of the 35th Annual Computer Security Applications Conference, 2019

2018
Deception Techniques in Computer Security: A Research Perspective.
ACM Comput. Surv., 2018

Understanding Linux Malware.
Proceedings of the 2018 IEEE Symposium on Security and Privacy, 2018

What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices.
Proceedings of the 25th Annual Network and Distributed System Security Symposium, 2018

Beyond Precision and Recall: Understanding Uses (and Misuses) of Similarity Hashes in Binary Analysis.
Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, 2018

Clock Around the Clock: Time-Based Device Fingerprinting.
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018

2017
The Onions Have Eyes: A Comprehensive Structure and Privacy Analysis of Tor Hidden Services.
Proceedings of the 26th International Conference on World Wide Web, 2017

Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies.
Proceedings of the 26th USENIX Security Symposium, 2017

A Lustrum of Malware Network Communication: Evolution and Insights.
Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017

Attacks landscape in the dark side of the web.
Proceedings of the Symposium on Applied Computing, 2017

Evaluation of Deception-Based Web Attacks Detection.
Proceedings of the 2017 Workshop on Moving Target Defense, 2017

2016
Automatic Extraction of Indicators of Compromise for Web Applications.
Proceedings of the 25th International Conference on World Wide Web, 2016

Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks.
Proceedings of the 25th USENIX Security Symposium, 2016

Uses and Abuses of Server-Side Requests.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2016

Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2016

Measuring the Role of Greylisting and Nolisting in Fighting Spam.
Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2016

RAMBO: Run-Time Packer Analysis with Multiple Branch Observation.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2016

Google Dorks: Analysis, Creation, and New Defenses.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2016

Subverting Operating System Properties Through Evolutionary DKOM Attacks.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2016

PhishEye: Live Monitoring of Sandboxed Phishing Kits.
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks.
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016

2015
The impact of GPU-assisted malware on memory forensics: A case study.
Digit. Investig., 2015

Hypervisor-based malware protection with AccessMiner.
Comput. Secur., 2015

In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services.
Proceedings of the 24th USENIX Security Symposium, 2015

Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence.
Proceedings of the 24th USENIX Security Symposium, 2015

SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers.
Proceedings of the 2015 IEEE Symposium on Security and Privacy, 2015

Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2015

The Role of Cloud Services in Malicious Software: Trends and Insights.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2015

PIE: Parser Identification in Embedded Systems.
Proceedings of the 31st Annual Computer Security Applications Conference, 2015

2014
Exposure: A Passive DNS Analysis Service to Detect and Report Malicious Domains.
ACM Trans. Inf. Syst. Secur., 2014

Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations.
EURASIP J. Inf. Secur., 2014

Resource monitoring for the detection of parasite P2P botnets.
Comput. Networks, 2014

Through the Looking-Glass, and What Eve Found There.
Proceedings of the 8th USENIX Workshop on Offensive Technologies, 2014

A Large-Scale Analysis of the Security of Embedded Firmwares.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares.
Proceedings of the 21st Annual Network and Distributed System Security Symposium, 2014

Toward Black-Box Detection of Logic Flaws in Web Applications.
Proceedings of the 21st Annual Network and Distributed System Security Symposium, 2014

Optical Delusions: A Study of Malicious QR Codes in the Wild.
Proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2014

On the feasibility of software attacks on commodity virtual machine monitors via direct device assignment.
Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, 2014

Shades of gray: a closer look at emails in the gray area.
Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, 2014

On the effectiveness of risk prediction based on users browsing behavior.
Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, 2014

2013
Cybersecurity in the Smart Grid.
ERCIM News, 2013

The role of web hosting providers in detecting compromised websites.
Proceedings of the 22nd International World Wide Web Conference, 2013

Hypervisor Memory Forensics.
Proceedings of the Research in Attacks, Intrusions, and Defenses, 2013

The role of phone numbers in understanding cyber-crime schemes.
Proceedings of the Eleventh Annual International Conference on Privacy, Security and Trust, 2013

Behind the Scenes of Online Attacks: an Analysis of Exploitation Behaviors on the Web.
Proceedings of the 20th Annual Network and Distributed System Security Symposium, 2013

Implementation and implications of a stealth hard-drive backdoor.
Proceedings of the Annual Computer Security Applications Conference, 2013

2012
Have things changed now? An empirical study on input validation vulnerabilities in web applications.
Comput. Secur., 2012

From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap.
Proceedings of the Tests and Proofs - 6th International Conference, 2012

An empirical analysis of input validation mechanisms in web applications and languages.
Proceedings of the ACM Symposium on Applied Computing, 2012

A security analysis of amazon's elastic compute cloud service.
Proceedings of the ACM Symposium on Applied Computing, 2012

Insights into User Behavior in Dealing with Internet Attacks.
Proceedings of the 19th Annual Network and Distributed System Security Symposium, 2012

A quantitative study of accuracy in system call-based malware detection.
Proceedings of the International Symposium on Software Testing and Analysis, 2012

Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis.
Proceedings of the 36th Annual IEEE Computer Software and Applications Conference, 2012

Towards network containment in malware analysis systems.
Proceedings of the 28th Annual Computer Security Applications Conference, 2012

Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis.
Proceedings of the 28th Annual Computer Security Applications Conference, 2012

2011
Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications.
Proceedings of the Network and Distributed System Security Symposium, 2011

Exposing the Lack of Privacy in File Hosting Services.
Proceedings of the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2011

Measurement and evaluation of a real world deployment of a challenge-response spam filter.
Proceedings of the 11th ACM SIGCOMM Internet Measurement Conference, 2011

Quo Vadis? A Study of the Evolution of Input Validation Vulnerabilities in Web Applications.
Proceedings of the Financial Cryptography and Data Security, 2011

Thwarting real-time dynamic unpacking.
Proceedings of the Fourth European Workshop on System Security, 2011

Operating System Interface Obfuscation and the Revealing of Hidden Operations.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2011

Reverse Social Engineering Attacks in Online Social Networks.
Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2011

2010
An Experience in Testing the Security of Real-World Electronic Voting Systems.
IEEE Trans. Software Eng., 2010

Abusing Social Networks for Automated User Profiling.
Proceedings of the Recent Advances in Intrusion Detection, 13th International Symposium, 2010

Efficient Detection of Split Personalities in Malware.
Proceedings of the Network and Distributed System Security Symposium, 2010

Honeybot, Your Man in the Middle for Automated Social Engineering.
Proceedings of the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2010

AccessMiner: using system-centric models for malware protection.
Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010

A solution for the automated detection of clickjacking attacks.
Proceedings of the 5th ACM Symposium on Information, 2010

G-Free: defeating return-oriented programming through gadget-less binaries.
Proceedings of the Twenty-Sixth Annual Computer Security Applications Conference, 2010

2009
Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries.
J. Comput. Secur., 2009

All your contacts are belong to us: automated identity theft attacks on social networks.
Proceedings of the 18th International Conference on World Wide Web, 2009

A View on Current Malware Behaviors.
Proceedings of the 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2009

2008
ClearShot: Eavesdropping on Keyboard Input from Video.
Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP 2008), 2008

Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications.
Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP 2008), 2008

Are your votes <i>really</i> counted?: testing the security of real-world electronic voting systems.
Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis, 2008

2007
The LighTS tuple space framework and its customization for context-aware applications.
Web Intell. Agent Syst., 2007

Catch Me, If You Can: Evading Network Signatures with Web-based Polymorphic Worms.
Proceedings of the First USENIX Workshop on Offensive Technologies, 2007

Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications.
Proceedings of the Recent Advances in Intrusion Detection, 10th International Symposium, 2007

Multi-module vulnerability analysis of web-based applications.
Proceedings of the 2007 ACM Conference on Computer and Communications Security, 2007

Improving Signature Testing through Dynamic Data Flow Analysis.
Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007), 2007

2006
Assessing the risk of using vulnerable components.
Proceedings of the Quality of Protection - Security Measurements and Metrics, 2006

Testing network intrusion detection systems.
PhD thesis, 2006

Supporting Cooperative Software Processes in a Decentralized and Nomadic World.
IEEE Trans. Syst. Man Cybern. Part A, 2006

2005
LighTS: a lightweight, customizable tuple space supporting context-aware applications.
Proceedings of the 2005 ACM Symposium on Applied Computing (SAC), 2005

2004
Testing network-based intrusion detection signatures using mutant exploits.
Proceedings of the 11th ACM Conference on Computer and Communications Security, 2004

2002
Supporting configuration management for virtual workgroups ini a peer-to-peer setting.
Proceedings of the 14th international conference on Software engineering and knowledge engineering, 2002

Freeing Cooperation from Servers Tyranny.
Proceedings of the Web Engineering and Peer-to-Peer Computing, 2002


  Loading...