Davide Balzarotti

157 papers A* 50A 37B 8C 2Misc 4Journal 35Unranked 18

Year	Rank	Type	Title / Venue / Authors
2025	A	`conf`	A Comprehensive Quantification of Inconsistencies in Memory Dumps. RAID Andrea Oliveri, Davide Balzarotti
2025	J	`jnl`	A Comprehensive Quantification of Inconsistencies in Memory Dumps. CoRR Andrea Oliveri, Davide Balzarotti
2025	J	`jnl`	A study on the evolution of kernel data types used in memory forensics and their dependency on compilation options. Digit. Investig. Andrea Oliveri, Nikola Nemes, Branislav Andjelic, Davide Balzarotti
2025	—	`conf`	Family Ties: A Close Look at the Influence of Static Features on the Precision of Malware Family Clustering. eCrime Antonino Vitale, Kevin van Liebergen, Juan Caballero, Savino Dambra, Platon Kotzias, Simone Aonzo, Davide Balzarotti
2025	J	`jnl`	ModSec-AdvLearn: Countering Adversarial SQL Injections With Robust Machine Learning. IEEE Trans. Inf. Forensics Secur. Giuseppe Floris, Christian Scano, Biagio Montaruli, Luca Demetrio, Andrea Valenza, Luca Compagna, Davide Ariu, Luca Piras, Davide Balzarotti, Battista Biggio
2025	A	`conf`	One Detector Fits All: Robust and Adaptive Detection of Malicious Packages from PyPI to Enterprises. ACSAC Biagio Montaruli, Luca Compagna, Serena Elisa Ponta, Davide Balzarotti
2025	J	`jnl`	One Detector Fits All: Robust and Adaptive Detection of Malicious Packages from PyPI to Enterprises. CoRR Biagio Montaruli, Luca Compagna, Serena Elisa Ponta, Davide Balzarotti
2025	J	`jnl`	SourceBroken: A large-scale analysis on the (un)reliability of SourceRank in the PyPI ecosystem. CoRR Biagio Montaruli, Serena Elisa Ponta, Luca Compagna, Davide Balzarotti
2025	J	`jnl`	The Dark Side of Native Code on Android. ACM Trans. Priv. Secur. Antonio Ruggia, Andrea Possemato, Savino Dambra, Alessio Merlo, Simone Aonzo, Davide Balzarotti
2025	—	`conf`	The Polymorphism Maze: Understanding Diversities and Similarities in Malware Families. ESORICS (3) Antonino Vitale, Simone Aonzo, Savino Dambra, Nanda Rani, Lorenzo Ippolito, Platon Kotzias, Juan Caballero, Davide Balzarotti
2025	A	`conf`	{{alert('CSTI')}}: Large-Scale Detection of Client-Side Template Injection. RAID Lorenzo Pisu, Davide Balzarotti, Davide Maiorca, Giorgio Giacinto
2024	A*	`ed.`	33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024 USENIX Security Symposium Davide Balzarotti, Wenyuan Xu
2024	—	`conf`	Malware Research: History, Milestones, and Open Questions. CODASPY Davide Balzarotti
2024	J	`jnl`	ModSec-Learn: Boosting ModSecurity with Machine Learning. CoRR Christian Scano, Giuseppe Floris, Biagio Montaruli, Luca Demetrio, Andrea Valenza, Luca Compagna, Davide Ariu, Luca Piras, Davide Balzarotti, Battista Biggio
2024	A*	`conf`	On Understanding and Forecasting Fuzzers Performance with Static Analysis. CCS Dongjia Zhang, Andrea Fioraldi, Davide Balzarotti
2024	J	`jnl`	On the inadequacy of open-source application logs for digital forensics. Forensic Sci. Int. Digit. Investig. Afiqah Azahari, Davide Balzarotti
2024	A*	`conf`	Predictive Context-sensitive Fuzzing. NDSS Pietro Borrello, Andrea Fioraldi, Daniele Cono D'Elia, Davide Balzarotti, Leonardo Querzoni, Cristiano Giuffrida
2024	A	`conf`	Unmasking the Veiled: A Comprehensive Analysis of Android Evasive Malware. AsiaCCS Antonio Ruggia, Dario Nisi, Savino Dambra, Alessio Merlo, Davide Balzarotti, Simone Aonzo
2023	J	`jnl`	A Comparison of Systemic and Systematic Risks of Malware Encounters in Consumer and Enterprise Environments. ACM Trans. Priv. Secur. Savino Dambra, Leyla Bilge, Davide Balzarotti
2023	J	`jnl`	Adversarial ModSecurity: Countering Adversarial SQL Injections with Robust Machine Learning. CoRR Biagio Montaruli, Luca Demetrio, Andrea Valenza, Luca Compagna, Davide Ariu, Luca Piras, Davide Balzarotti, Battista Biggio
2023	A*	`conf`	An OS-agnostic Approach to Memory Forensics. NDSS Andrea Oliveri, Matteo Dell'Amico, Davide Balzarotti
2023	—	`conf`	CrabSandwich: Fuzzing Rust with Rust (Registered Report). FUZZING Addison Crump, Dongjia Zhang, Syeda Mahnur Asif, Dominik Christian Maier, Andrea Fioraldi, Thorsten Holz, Davide Balzarotti
2023	A*	`conf`	Decoding the Secrets of Machine Learning in Malware Classification: A Deep Dive into Datasets, Feature Extraction, and Model Performance. CCS Savino Dambra, Yufei Han, Simone Aonzo, Platon Kotzias, Antonino Vitale, Juan Caballero, Davide Balzarotti, Leyla Bilge
2023	J	`jnl`	Decoding the Secrets of Machine Learning in Malware Classification: A Deep Dive into Datasets, Feature Extraction, and Model Performance. CoRR Savino Dambra, Yufei Han, Simone Aonzo, Platon Kotzias, Antonino Vitale, Juan Caballero, Davide Balzarotti, Leyla Bilge
2023	J	`jnl`	Dissecting American Fuzzy Lop - A FuzzBench Evaluation - RCR Report. ACM Trans. Softw. Eng. Methodol. Andrea Fioraldi, Alessandro Mantovani, Dominik Christian Maier, Davide Balzarotti
2023	J	`jnl`	Dissecting American Fuzzy Lop: A FuzzBench Evaluation. ACM Trans. Softw. Eng. Methodol. Andrea Fioraldi, Alessandro Mantovani, Dominik Christian Maier, Davide Balzarotti
2023	A*	`conf`	Humans vs. Machines in Malware Classification. USENIX Security Symposium Simone Aonzo, Yufei Han, Alessandro Mantovani, Davide Balzarotti
2023	—	`conf`	Raze to the Ground: Query-Efficient Adversarial HTML Attacks on Machine-Learning Phishing Webpage Detectors. AISec@CCS Biagio Montaruli, Luca Demetrio, Maura Pintor, Luca Compagna, Davide Balzarotti, Battista Biggio
2023	J	`jnl`	Raze to the Ground: Query-Efficient Adversarial HTML Attacks on Machine-Learning Phishing Webpage Detectors. CoRR Biagio Montaruli, Luca Demetrio, Maura Pintor, Luca Compagna, Davide Balzarotti, Battista Biggio
2023	A*	`conf`	Rods with Laser Beams: Understanding Browser Fingerprinting on Phishing Pages. USENIX Security Symposium Iskander Sánchez-Rola, Leyla Bilge, Davide Balzarotti, Armin Buescher, Petros Efstathopoulos
2023	A*	`conf`	WHIP: Improving Static Vulnerability Detection in Web Application by Forcing tools to Collaborate. USENIX Security Symposium Feras Al Kassar, Luca Compagna, Davide Balzarotti
2022	A*	`conf`	Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs. USENIX Security Symposium Jayakrishna Vadayath, Moritz Eckert, Kyle Zeng, Nicolaas Weideman, Gokulkrishna Praveen Menon, Yanick Fratantonio, Davide Balzarotti, Adam Doupé, Tiffany Bao, Ruoyu Wang, Christophe Hauser, Yan Shoshitaishvili
2022	J	`jnl`	AutoProfile: Towards Automated Profile Generation for Memory Analysis. ACM Trans. Priv. Secur. Fabio Pagani, Davide Balzarotti
2022	A	`conf`	Fuzzing with Data Dependency Information. EuroS&P Alessandro Mantovani, Andrea Fioraldi, Davide Balzarotti
2022	A*	`conf`	How Machine Learning Is Solving the Binary Function Similarity Problem. USENIX Security Symposium Andrea Marcelli, Mariano Graziano, Xabier Ugarte-Pedrero, Yanick Fratantonio, Mohamad Mansouri, Davide Balzarotti
2022	J	`jnl`	In the Land of MMUs: Multiarchitecture OS-Agnostic Virtual Memory Forensics. ACM Trans. Priv. Secur. Andrea Oliveri, Davide Balzarotti
2022	A*	`conf`	Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships. SP Iskander Sánchez-Rola, Matteo Dell'Amico, Davide Balzarotti, Pierre-Antoine Vervier, Leyla Bilge
2022	A*	`conf`	LibAFL: A Framework to Build Modular and Reusable Fuzzers. CCS Andrea Fioraldi, Dominik Christian Maier, Dongjia Zhang, Davide Balzarotti
2022	A*	`conf`	RE-Mind: a First Look Inside the Mind of a Reverse Engineer. USENIX Security Symposium Alessandro Mantovani, Simone Aonzo, Yanick Fratantonio, Davide Balzarotti
2022	A*	`conf`	Testability Tarpits: the Impact of Code Patterns on the Security Testing of Web Applications. NDSS Feras Al Kassar, Giulia Clerici, Luca Compagna, Davide Balzarotti, Fabian Yamaguchi
2022	A	`conf`	The Convergence of Source Code and Binary Vulnerability Discovery - A Case Study. AsiaCCS Alessandro Mantovani, Luca Compagna, Yan Shoshitaishvili, Davide Balzarotti
2022	A*	`conf`	When Sally Met Trackers: Web Tracking From the Users' Perspective. USENIX Security Symposium Savino Dambra, Iskander Sánchez-Rola, Leyla Bilge, Davide Balzarotti
2021	J	`jnl`	Certificate Transparency in Google Chrome: Past, Present, and Future. IEEE Secur. Priv. Emily Stark, Joe DeBlasio, Devon O'Brien, Davide Balzarotti, William Enck, Samuel King, Angelos Stavrou
2021	A*	`conf`	Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes. NDSS Alexander Küchler, Alessandro Mantovani, Yufei Han, Leyla Bilge, Davide Balzarotti
2021	J	`jnl`	Longitudinal Study of the Prevalence of Malware Evasive Techniques. CoRR Lorenzo Maffia, Dario Nisi, Platon Kotzias, Giovanni Lagorio, Simone Aonzo, Davide Balzarotti
2021	A	`conf`	Lost in the Loader: The Many Faces of the Windows PE File Format. RAID Dario Nisi, Mariano Graziano, Yanick Fratantonio, Davide Balzarotti
2021	J	`jnl`	Pre-processing memory dumps to improve similarity score of Windows modules. Comput. Secur. Miguel Martín-Pérez, Ricardo J. Rodríguez, Davide Balzarotti
2021	A	`conf`	SoK: Enabling Security Analyses of Embedded Systems via Rehosting. AsiaCCS Andrew Fasano, Tiemoko Ballo, Marius Muench, Tim Leek, Alexander Bulekov, Brendan Dolan-Gavitt, Manuel Egele, Aurélien Francillon, Long Lu, Nick Gregory, Davide Balzarotti, William Robertson
2021	—	`conf`	Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZone. Checkmate@CCS Davide Quarta, Michele Ianni, Aravind Machiry, Yanick Fratantonio, Eric Gustafson, Davide Balzarotti, Martina Lindorfer, Giovanni Vigna, Christopher Kruegel
2021	A*	`conf`	The Use of Likely Invariants as Feedback for Fuzzers. USENIX Security Symposium Andrea Fioraldi, Daniele Cono D'Elia, Davide Balzarotti
2021	J	`jnl`	The evidence beyond the wall: Memory forensics in SGX environments. Digit. Investig. Flavio Toffalini, Andrea Oliveri, Mariano Graziano, Jianying Zhou, Davide Balzarotti
2021	A*	`conf`	Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization. SP Andrea Possemato, Simone Aonzo, Davide Balzarotti, Yanick Fratantonio
2021	A*	`conf`	When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real World. USENIX Security Symposium Erin Avllazagaj, Ziyun Zhu, Leyla Bilge, Davide Balzarotti, Tudor Dumitras
2020	J	`jnl`	Cookies from the Past: Timing Server-side Request Processing Code for History Sniffing. DTRAP Iskander Sánchez-Rola, Davide Balzarotti, Igor Santos
2020	A*	`conf`	Dirty Clicks: A Study of the Usability and Security Implications of Click-related Behaviors on the Web. WWW Iskander Sánchez-Rola, Davide Balzarotti, Christopher Kruegel, Giovanni Vigna, Igor Santos
2020	A*	`conf`	Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem. NDSS Alessandro Mantovani, Simone Aonzo, Xabier Ugarte-Pedrero, Alessio Merlo, Davide Balzarotti
2020	A*	`conf`	SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap. SP Savino Dambra, Leyla Bilge, Davide Balzarotti
2020	A	`conf`	The Tangled Genealogy of IoT Malware. ACSAC Emanuele Cozzi, Pierre-Antoine Vervier, Matteo Dell'Amico, Yun Shen, Leyla Bilge, Davide Balzarotti
2020	A*	`conf`	When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features. NDSS Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna, Christopher Kruegel
2019	J	`jnl`	A Close Look at a Daily Dataset of Malware Samples. ACM Trans. Priv. Secur. Xabier Ugarte-Pedrero, Mariano Graziano, Davide Balzarotti
2019	A*	`conf`	Back to the Whiteboard: a Principled Approach for the Assessment and Design of Memory Forensic Techniques. USENIX Security Symposium Fabio Pagani, Davide Balzarotti
2019	A	`conf`	BakingTimer: privacy analysis of server-side request processing time. ACSAC Iskander Sánchez-Rola, Davide Balzarotti, Igor Santos
2019	A	`conf`	Can I Opt Out Yet?: GDPR and the Global Illusion of Cookie Control. AsiaCCS Iskander Sánchez-Rola, Matteo Dell'Amico, Platon Kotzias, Davide Balzarotti, Leyla Bilge, Pierre-Antoine Vervier, Igor Santos
2019	J	`jnl`	Introducing the Temporal Dimension to Memory Forensics. ACM Trans. Priv. Secur. Fabio Pagani, Oleksii Fedorov, Davide Balzarotti
2019	A	`conf`	Toward the Analysis of Embedded Firmware through Automated Re-hosting. RAID Eric Gustafson, Marius Muench, Chad Spensky, Nilo Redini, Aravind Machiry, Yanick Fratantonio, Davide Balzarotti, Aurélien Francillon, Yung Ryn Choe, Christopher Kruegel, Giovanni Vigna
2018	—	`conf`	Beyond Precision and Recall: Understanding Uses (and Misuses) of Similarity Hashes in Binary Analysis. CODASPY Fabio Pagani, Matteo Dell'Amico, Davide Balzarotti
2018	A*	`conf`	Clock Around the Clock: Time-Based Device Fingerprinting. CCS Iskander Sánchez-Rola, Igor Santos, Davide Balzarotti
2018	J	`jnl`	Deception Techniques in Computer Security: A Research Perspective. ACM Comput. Surv. Xiao Han, Nizar Kheir, Davide Balzarotti
2018	A*	`conf`	Understanding Linux Malware. IEEE Symposium on Security and Privacy Emanuele Cozzi, Mariano Graziano, Yanick Fratantonio, Davide Balzarotti
2018	A*	`conf`	What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices. NDSS Marius Muench, Jan Stijohann, Frank Kargl, Aurélien Francillon, Davide Balzarotti
2017	A*	`conf`	A Lustrum of Malware Network Communication: Evolution and Insights. IEEE Symposium on Security and Privacy Chaz Lever, Platon Kotzias, Davide Balzarotti, Juan Caballero, Manos Antonakakis
2017	Misc	`conf`	Attacks landscape in the dark side of the web. SAC Onur Catakoglu, Marco Balduzzi, Davide Balzarotti
2017	—	`conf`	Evaluation of Deception-Based Web Attacks Detection. MTD@CCS Xiao Han, Nizar Kheir, Davide Balzarotti
2017	A*	`conf`	Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies. USENIX Security Symposium Iskander Sánchez-Rola, Igor Santos, Davide Balzarotti
2017	A*	`conf`	The Onions Have Eyes: A Comprehensive Structure and Privacy Analysis of Tor Hidden Services. WWW Iskander Sánchez-Rola, Davide Balzarotti, Igor Santos
2016	A*	`conf`	Automatic Extraction of Indicators of Compromise for Web Applications. WWW Onur Catakoglu, Marco Balduzzi, Davide Balzarotti
2016	B	`conf`	Google Dorks: Analysis, Creation, and New Defenses. DIMVA Flavio Toffalini, Maurizio Abbà, Damiano Carra, Davide Balzarotti
2016	A	`conf`	Measuring the Role of Greylisting and Nolisting in Fighting Spam. DSN Fabio Pagani, Matteo De Astis, Mariano Graziano, Andrea Lanzi, Davide Balzarotti
2016	A*	`conf`	Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks. USENIX Security Symposium Stefano Cristalli, Mattia Pagnozzi, Mariano Graziano, Andrea Lanzi, Davide Balzarotti
2016	A*	`conf`	PhishEye: Live Monitoring of Sandboxed Phishing Kits. CCS Xiao Han, Nizar Kheir, Davide Balzarotti
2016	A	`ed.`	Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016, Los Angeles, CA, USA, December 5-9, 2016 ACSAC Stephen Schwab, William K. Robertson, Davide Balzarotti
2016	B	`conf`	RAMBO: Run-Time Packer Analysis with Multiple Branch Observation. DIMVA Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos, Pablo García Bringas
2016	A	`conf`	ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks. AsiaCCS Mariano Graziano, Davide Balzarotti, Alain Zidouemba
2016	B	`conf`	Subverting Operating System Properties Through Evolutionary DKOM Attacks. DIMVA Mariano Graziano, Lorenzo Flore, Andrea Lanzi, Davide Balzarotti
2016	A	`conf`	Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory. RAID Marius Muench, Fabio Pagani, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna, Davide Balzarotti
2016	A	`conf`	Uses and Abuses of Server-Side Requests. RAID Giancarlo Pellegrino, Onur Catakoglu, Davide Balzarotti, Christian Rossow
2015	B	`conf`	Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks. DIMVA Amin Kharraz, William K. Robertson, Davide Balzarotti, Leyla Bilge, Engin Kirda
2015	J	`jnl`	Hypervisor-based malware protection with AccessMiner. Comput. Secur. Aristide Fattori, Andrea Lanzi, Davide Balzarotti, Engin Kirda
2015	A*	`conf`	In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services. USENIX Security Symposium Giancarlo Pellegrino, Davide Balzarotti, Stefan Winter, Neeraj Suri
2015	A*	`conf`	Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence. USENIX Security Symposium Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, Davide Balzarotti
2015	A	`conf`	PIE: Parser Identification in Embedded Systems. ACSAC Lucian Cojocar, Jonas Zaddach, Roel Verdult, Herbert Bos, Aurélien Francillon, Davide Balzarotti
2015	A*	`conf`	SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers. IEEE Symposium on Security and Privacy Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos, Pablo García Bringas
2015	B	`conf`	The Role of Cloud Services in Malicious Software: Trends and Insights. DIMVA Xiao Han, Nizar Kheir, Davide Balzarotti
2015	J	`jnl`	The impact of GPU-assisted malware on memory forensics: A case study. Digit. Investig. Davide Balzarotti, Roberto Di Pietro, Antonio Villani
2014	A*	`conf`	A Large-Scale Analysis of the Security of Embedded Firmwares. USENIX Security Symposium Andrei Costin, Jonas Zaddach, Aurélien Francillon, Davide Balzarotti
2014	A*	`conf`	AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares. NDSS Jonas Zaddach, Luca Bruno, Aurélien Francillon, Davide Balzarotti
2014	J	`jnl`	Exposure: A Passive DNS Analysis Service to Detect and Report Malicious Domains. ACM Trans. Inf. Syst. Secur. Leyla Bilge, Sevil Sen, Davide Balzarotti, Engin Kirda, Christopher Kruegel
2014	J	`jnl`	Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations. EURASIP J. Inf. Secur. Jelena Isacenkova, Olivier Thonnard, Andrei Costin, Aurélien Francillon, Davide Balzarotti
2014	A	`conf`	On the effectiveness of risk prediction based on users browsing behavior. AsiaCCS Davide Canali, Leyla Bilge, Davide Balzarotti
2014	A	`conf`	On the feasibility of software attacks on commodity virtual machine monitors via direct device assignment. AsiaCCS Gábor Pék, Andrea Lanzi, Abhinav Srivastava, Davide Balzarotti, Aurélien Francillon, Christoph Neumann
2014	A	`conf`	Optical Delusions: A Study of Malicious QR Codes in the Wild. DSN Amin Kharraz, Engin Kirda, William K. Robertson, Davide Balzarotti, Aurélien Francillon
2014	—	`ed.`	Proceedings of the Seventh European Workshop on System Security, EuroSec 2014, April 13, 2014, Amsterdam, The Netherlands EUROSEC Davide Balzarotti, Juan Caballero
2014	J	`jnl`	Resource monitoring for the detection of parasite P2P botnets. Comput. Networks Rafael A. Rodríguez-Gómez, Gabriel Maciá-Fernández, Pedro García-Teodoro, Moritz Steiner, Davide Balzarotti
2014	A	`conf`	Shades of gray: a closer look at emails in the gray area. AsiaCCS Jelena Isacenkova, Davide Balzarotti
2014	—	`conf`	Through the Looking-Glass, and What Eve Found There. WOOT Luca Bruno, Mariano Graziano, Davide Balzarotti, Aurélien Francillon
2014	A*	`conf`	Toward Black-Box Detection of Logic Flaws in Web Applications. NDSS Giancarlo Pellegrino, Davide Balzarotti
2013	A*	`conf`	Behind the Scenes of Online Attacks: an Analysis of Exploitation Behaviors on the Web. NDSS Davide Canali, Davide Balzarotti
2013	J	`jnl`	Cybersecurity in the Smart Grid. ERCIM News Magnus Almgren, Davide Balzarotti, Marina Papatriantafilou, Valentin Tudor
2013	A	`conf`	Hypervisor Memory Forensics. RAID Mariano Graziano, Andrea Lanzi, Davide Balzarotti
2013	A	`conf`	Implementation and implications of a stealth hard-drive backdoor. ACSAC Jonas Zaddach, Anil Kurmus, Davide Balzarotti, Erik-Oliver Blass, Aurélien Francillon, Travis Goodspeed, Moitrayee Gupta, Ioannis Koltsidas
2013	—	`conf`	Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations. IEEE Symposium on Security and Privacy Workshops Jelena Isacenkova, Olivier Thonnard, Andrei Costin, Davide Balzarotti, Aurélien Francillon
2013	C	`conf`	The role of phone numbers in understanding cyber-crime schemes. PST Andrei Costin, Jelena Isacenkova, Marco Balduzzi, Aurélien Francillon, Davide Balzarotti
2013	A*	`conf`	The role of web hosting providers in detecting compromised websites. WWW Davide Canali, Davide Balzarotti, Aurélien Francillon
2012	A	`conf`	A quantitative study of accuracy in system call-based malware detection. ISSTA Davide Canali, Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, Engin Kirda
2012	Misc	`conf`	A security analysis of amazon's elastic compute cloud service. SAC Marco Balduzzi, Jonas Zaddach, Davide Balzarotti, Engin Kirda, Sergio Loureiro
2012	Misc	`conf`	An empirical analysis of input validation mechanisms in web applications and languages. SAC Theodoor Scholte, William K. Robertson, Davide Balzarotti, Engin Kirda
2012	A	`conf`	Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis. ACSAC Leyla Bilge, Davide Balzarotti, William K. Robertson, Engin Kirda, Christopher Kruegel
2012	—	`conf`	From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap. TAP@TOOLS Alessandro Armando, Giancarlo Pellegrino, Roberto Carbone, Alessio Merlo, Davide Balzarotti
2012	J	`jnl`	Have things changed now? An empirical study on input validation vulnerabilities in web applications. Comput. Secur. Theodoor Scholte, Davide Balzarotti, Engin Kirda
2012	A*	`conf`	Insights into User Behavior in Dealing with Internet Attacks. NDSS Kaan Onarlioglu, Utku Ozan Yilmaz, Engin Kirda, Davide Balzarotti
2012	B	`conf`	Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis. COMPSAC Theodoor Scholte, William K. Robertson, Davide Balzarotti, Engin Kirda
2012	A	`ed.`	Research in Attacks, Intrusions, and Defenses - 15th International Symposium, RAID 2012, Amsterdam, The Netherlands, September 12-14, 2012. Proceedings RAID Davide Balzarotti, Salvatore J. Stolfo, Marco Cova
2012	A	`conf`	Towards network containment in malware analysis systems. ACSAC Mariano Graziano, Corrado Leita, Davide Balzarotti
2011	A*	`conf`	Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications. NDSS Marco Balduzzi, Carmen Torrano Gimenez, Davide Balzarotti, Engin Kirda
2011	—	`conf`	Exposing the Lack of Privacy in File Hosting Services. LEET Nick Nikiforakis, Marco Balduzzi, Steven Van Acker, Wouter Joosen, Davide Balzarotti
2011	A	`conf`	Measurement and evaluation of a real world deployment of a challenge-response spam filter. Internet Measurement Conference Jelena Isacenkova, Davide Balzarotti
2011	B	`conf`	Operating System Interface Obfuscation and the Revealing of Hidden Operations. DIMVA Abhinav Srivastava, Andrea Lanzi, Jonathon T. Giffin, Davide Balzarotti
2011	—	`conf`	Quo Vadis? A Study of the Evolution of Input Validation Vulnerabilities in Web Applications. Financial Cryptography Theodoor Scholte, Davide Balzarotti, Engin Kirda
2011	A	`ed.`	Recent Advances in Intrusion Detection - 14th International Symposium, RAID 2011, Menlo Park, CA, USA, September 20-21, 2011. Proceedings RAID Robin Sommer, Davide Balzarotti, Gregor Maier
2011	B	`conf`	Reverse Social Engineering Attacks in Online Social Networks. DIMVA Danesh Irani, Marco Balduzzi, Davide Balzarotti, Engin Kirda, Calton Pu
2011	—	`conf`	Thwarting real-time dynamic unpacking. EUROSEC Leyla Bilge, Andrea Lanzi, Davide Balzarotti
2010	A	`conf`	A solution for the automated detection of clickjacking attacks. AsiaCCS Marco Balduzzi, Manuel Egele, Engin Kirda, Davide Balzarotti, Christopher Kruegel
2010	A	`conf`	Abusing Social Networks for Automated User Profiling. RAID Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide Balzarotti, Christopher Kruegel
2010	A*	`conf`	AccessMiner: using system-centric models for malware protection. CCS Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, Engin Kirda
2010	J	`jnl`	An Experience in Testing the Security of Real-World Electronic Voting Systems. IEEE Trans. Software Eng. Davide Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger, Richard A. Kemmerer, William K. Robertson, Fredrik Valeur, Giovanni Vigna
2010	A*	`conf`	Efficient Detection of Split Personalities in Malware. NDSS Davide Balzarotti, Marco Cova, Christoph Karlberger, Engin Kirda, Christopher Kruegel, Giovanni Vigna
2010	A	`conf`	G-Free: defeating return-oriented programming through gadget-less binaries. ACSAC Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, Engin Kirda
2010	—	`conf`	Honeybot, Your Man in the Middle for Automated Social Engineering. LEET Tobias Lauinger, Veikko Pankakoski, Davide Balzarotti, Engin Kirda
2009	—	`conf`	A View on Current Malware Behaviors. LEET Ulrich Bayer, Imam Habibi, Davide Balzarotti, Engin Kirda
2009	A*	`conf`	All your contacts are belong to us: automated identity theft attacks on social networks. WWW Leyla Bilge, Thorsten Strufe, Davide Balzarotti, Engin Kirda
2009	A	`ed.`	Recent Advances in Intrusion Detection, 12th International Symposium, RAID 2009, Saint-Malo, France, September 23-25, 2009. Proceedings RAID Engin Kirda, Somesh Jha, Davide Balzarotti
2009	J	`jnl`	Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries. J. Comput. Secur. Giovanni Vigna, Fredrik Valeur, Davide Balzarotti, William K. Robertson, Christopher Kruegel, Engin Kirda
2008	A	`conf`	Are your votes ISSTA Davide Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger, Richard A. Kemmerer, William K. Robertson, Fredrik Valeur, Giovanni Vigna
2008	A*	`conf`	ClearShot: Eavesdropping on Keyboard Input from Video. SP Davide Balzarotti, Marco Cova, Giovanni Vigna
2008	A*	`conf`	Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications. SP Davide Balzarotti, Marco Cova, Viktoria Felmetsger, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, Giovanni Vigna
2007	—	`conf`	Catch Me, If You Can: Evading Network Signatures with Web-based Polymorphic Worms. WOOT Matthew Van Gundy, Davide Balzarotti, Giovanni Vigna
2007	A	`conf`	Improving Signature Testing through Dynamic Data Flow Analysis. ACSAC Christopher Kruegel, Davide Balzarotti, William K. Robertson, Giovanni Vigna
2007	A*	`conf`	Multi-module vulnerability analysis of web-based applications. CCS Davide Balzarotti, Marco Cova, Viktoria Felmetsger, Giovanni Vigna
2007	A	`conf`	Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications. RAID Marco Cova, Davide Balzarotti, Viktoria Felmetsger, Giovanni Vigna
2007	J	`jnl`	The LighTS tuple space framework and its customization for context-aware applications. Web Intell. Agent Syst. Davide Balzarotti, Paolo Costa, Gian Pietro Picco
2006	—	`ch.`	Assessing the risk of using vulnerable components. Quality of Protection Davide Balzarotti, Mattia Monga, Sabrina Sicari
2006	J	`jnl`	Supporting Cooperative Software Processes in a Decentralized and Nomadic World. IEEE Trans. Syst. Man Cybern. Part A Davide Balzarotti, Carlo Ghezzi, Mattia Monga
2006	—	`—`	Testing network intrusion detection systems. Davide Balzarotti
2005	Misc	`conf`	LighTS: a lightweight, customizable tuple space supporting context-aware applications. SAC Gian Pietro Picco, Davide Balzarotti, Paolo Costa
2004	A*	`conf`	Testing network-based intrusion detection signatures using mutant exploits. CCS Giovanni Vigna, William K. Robertson, Davide Balzarotti
2002	—	`conf`	Freeing Cooperation from Servers Tyranny. NETWORKING Workshops Davide Balzarotti, Carlo Ghezzi, Mattia Monga
2002	C	`conf`	Supporting configuration management for virtual workgroups ini a peer-to-peer setting. SEKE Davide Balzarotti, Carlo Ghezzi, Mattia Monga