Publications | Andrea Continella

ReplicaWatcher: Training-less Anomaly Detection in Containerized Microservices
Asbat El Khairi , Marco Caselli , Andreas Peter , Andrea Continella
Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2024.

PDF Code

Understanding and Measuring Inter-Process Code Injection in Windows Malware
Jerre Starink , Marieke Huisman , Andreas Peter , Andrea Continella
Proceedings of the International Conference on Security and Privacy in Communication Networks (SecureComm), 2023.

PDF Code

Shimware: Toward Practical Security Retrofitting for Monolithic Firmware Images
Eric Gustafson , Paul Grosen , Nilo Redini , Saagar Jha , Andrea Continella , Ruoyu Wang , Kevin Fu , Sara Rampazzi , Christopher Kruegel , Giovanni Vigna
In Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2023.

PDF Code

Mobile apps and children's privacy: a traffic analysis of data sharing practices among children's mobile iOS apps
Jessica Pimienta , Jacco Brandt , Timme Bethe , Ralph Holz , Andrea Continella , Lindsay Jibb , Quinn Grundy
Archives of Disease in Childhood, 2023.

PDF Project

Divak: Non-invasive Characterization of Out-Of-Bounds Write Vulnerabilities
Linus Hafkemeyer, Jerre Starink, Andrea Continella
Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), 2023.

PDF Code

AoT - Attack on Things: A security analysis of IoT firmware updates
Muhammad Ibrahim , Andrea Continella , Antonio Bianchi
Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P), 2023.

PDF

HoneyKube: Designing and Deploying a Microservices-based Web Honeypot
Chakshu Gupta , Thijs van Ede , Andrea Continella
Proceedings of the SecWeb Workshop (SecWeb), 2023.

PDF Code

COLUMBUS: Android App Testing Through Systematic Callback Exploration
Priyanka Bose , Dipanjan Das , Saastha Vasan , Sebastiano Mariani , Ilya Grishchenko , Andrea Continella , Antonio Bianchi , Christopher Kruegel , Giovanni Vigna
Proceedings of the International Conference on Software Engineering (ICSE), 2023.

PDF Code

Operationalizing Cybersecurity Research Ethics Review: From Principles and Guidelines to Practice
Dennis Reidsma , Jeroen van der Ham , Andrea Continella
Proceedings of the International Workshop on Ethics in Computer Security (EthiCS), 2023.

PDF

Stepping out of the MUD: Contextual threat information for IoT devices with manufacturer-provided behaviour profiles
Luca Morgese Zangrandi , Thijs van Ede , Tim Booij , Savio Sciancalepore , Luca Allodi , Andrea Continella
Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2022.

PDF Code

Detecting Anomalous Misconfigurations in AWS Identity and Access Management Policies
Thijs van Ede , Niek Khasuntsev , Bas Steen , Andrea Continella
Proceedings of the ACM Cloud Computing Security Workshop (CCSW), 2022.

PDF Code

Contextualizing System Calls in Containers for Anomaly-Based Intrusion Detection
Asbat El Khairi , Marco Caselli , Christian Knierim , Andreas Peter , Andrea Continella
Proceedings of the ACM Cloud Computing Security Workshop (CCSW), 2022.

PDF Code

Federated Lab (FedLab): An Open-source Distributed Platform for Internet of Things (IoT) Research and Experimentation
Max Meijer , Giacomo Tommaso Petrucci , Matthijs Schotsman , Luca Morgese , Thijs van Ede , Andrea Continella , Ganduulga Gankhuyag , Luca Allodi , Savio Sciancalepore
IEEE World Forum on IoT (WF-IoT), 2022.

PDF Code

DeepCASE: Semi-Supervised Contextual Analysis of Security Events
Thijs van Ede , Hojjat Aghakhani , Noah Spahn , Riccardo Bortolameotti , Marco Cova , Andrea Continella , Maarten van Steen , Andreas Peter , Christopher Kruegel , Giovanni Vigna
In Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2022.

PDF Code

A Systematical and Longitudinal Study of Evasive Behaviors in Windows Malware
Nicola Galloro , Mario Polino , Michele Carminati , Andrea Continella , Stefano Zanero
Computers & Security, 2022.

PDF

Reversing and Fuzzing the Google Titan M Chip
Damiano Melotti , Maxime Rossi-Bellom , Andrea Continella
In Proceedings of the Reversing and Offensive-oriented Trends Symposium (ROOTS), 2021.

PDF Code

SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning
Nicola Ruaro , Lukas Dresel , Kyle Zeng , Tiffany Bao , Mario Polino , Andrea Continella , Stefano Zanero , Christopher Kruegel , Giovanni Vigna
In Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2021.

PDF Code

Toward a Secure Crowdsourced Location Tracking System
Chinmay Garg , Aravind Machiry , Andrea Continella , Christopher Kruegel , Giovanni Vigna
In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2021.

PDF Code

Bran: Reduce Vulnerability Search Space in Large Open Source Repositories by Learning Bug Symptoms
Dongyu Meng , Michele Guerriero , Aravind Machiry , Hojjat Aghakhani , Priyanka Bose , Andrea Continella , Christopher Kruegel , Giovanni Vigna
In Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIACCS), 2021.

PDF Code

DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices
Nilo Redini , Andrea Continella , Dipanjan Das , Giulio De Pasquale , Noah Spahn , Aravind Machiry , Antonio Bianchi , Christopher Kruegel , Giovanni Vigna
In Proceedings of the IEEE Symposium on Security & Privacy (S&P), 2021.

PDF Code

SYMBION: Interleaving Symbolic with Concrete Execution
Fabio Gritti , Lorenzo Fontana , Eric Gustafson , Fabio Pagani , Andrea Continella , Christopher Kruegel , Giovanni Vigna
Proceedings of the IEEE Conference on Communications and Network Security (CNS), 2020.

PDF Code

A Retrospective Analysis of User Exposure to (Illicit) Cryptocurrency Mining on the Web
Ralph Holz , Diego Perino , Matteo Varvello , Johanna Amann , Andrea Continella , Nate Evans , Ilias Leontiadis , Christopher Natoli , Quirin Scheitle
Proceedings of the Network Traffic Measurement and Analysis Conference (TMA), 2020.

PDF

KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware
Nilo Redini , Aravind Machiry , Ruoyu Wang , Chad Spensky , Andrea Continella , Yan Shoshitaishvili , Christopher Kruegel , Giovanni Vigna
In Proceedings of the IEEE Symposium on Security & Privacy (S&P), 2020.

PDF Code Teaser

Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale
Nilo Redini , Aravind Machiry , Ruoyu Wang , Chad Spensky , Andrea Continella , Yan Shoshitaishvili , Christopher Kruegel , Giovanni Vigna
Black Hat Asia, 2020.

PDF Slides

HeadPrint: Detecting Anomalous Communications through Header-based Application Fingerprinting
Riccardo Bortolameotti , Thijs van Ede , Andrea Continella , Thomas Hupperich , Maarten Everts , Reza Rafati , Willem Jonker , Pieter Hartel , Andreas Peter
Proceedings of the ACM Symposium on Applied Computing (SAC), 2020.

PDF

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic
Thijs van Ede , Riccardo Bortolameotti , Andrea Continella , Jingjing Ren , Daniel J. Dubois , Martina Lindorfer , David Choffnes , Maarten van Steen , Andreas Peter
Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2020.

PDF Code

Victim-Aware Adaptive Covert Channels
Riccardo Bortolameotti , Thijs van Ede , Andrea Continella , Maarten Everts , Willem Jonker , Pieter Hartel , Andreas Peter
Proceedings of the International Conference on Security and Privacy in Communication Networks (SecureComm), 2019.

PDF

Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis
Quinn Grundy , Kellia Chiu , Fabian Held , Andrea Continella , Lisa Bero , Ralph Holz
BMJ, 2019.

PDF Project

LeakDoctor: Toward Automatically Diagnosing Privacy Leaks in Mobile Applications
Xiaolei Wang , Andrea Continella , Yuexiang Yang , Yongzhong He , Sencun Zhu
Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2019.

There's a Hole in that Bucket! A Large-scale Analysis of Misconfigured S3 Buckets
Andrea Continella , Mario Polino , Marcello Pogliani , Stefano Zanero
Proceedings of the ACM Annual Computer Security Applications Conference (ACSAC), 2018.

PDF Code Project Slides

SysTaint: Assisting Reversing of Malicious Network Communications
Gabriele Viglianisi , Michele Carminati , Mario Polino , Andrea Continella , Stefano Zanero
Proceedings of the Software Security, Protection, and Reverse Engineering Workshop (SSPREW), 2018.

PDF Code

Toward Systematically Exploring Antivirus Engines (short paper)
Davide Quarta , Federico Salvioni , Andrea Continella , Stefano Zanero
Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), 2018.

PDF Code

Protection system and method for protecting a computer system against ransomware attacks
Andrea Continella , Stefano Zanero , Federico Maggi , Alessandro Guagnelli , Giovanni Zingaro , Alessandro Barenghi , Giulio De Pasquale
Patent US20180157834A1, 2018.

PDF Project

Security Evaluation of a Banking Fraud Analysis System
Michele Carminati , Mario Polino , Andrea Continella , Andrea Lanzi , Federico Maggi , Stefano Zanero
ACM Transactions on Privacy and Security (TOPS), 2018.

PDF

Defending from financially-motivated software abuses
Andrea Continella
PhD Thesis, 2018.

PDF

GroupDroid: Automatically Grouping Mobile Malware by Extracting Code Similarities
Niccolo’ Marastoni , Andrea Continella , Davide Quarta , Stefano Zanero , Mila Dalla Preda
Proceedings of the Software Security, Protection, and Reverse Engineering Workshop (SSPREW), 2017.

PDF

Hiding Pin's Artifacts to Defeat Evasive Malware
Mario Polino , Andrea Continella , Sebastiano Mariani , Stefano D’Alessio , Lorenzo Fontana , Fabio Gritti , Stefano Zanero
Black Hat Europe, 2017.

Slides

ShieldFS: The Last Word In Ransomware Resilient Filesystems
Andrea Continella , Alessandro Guagnelli , Giovanni Zingaro , Giulio De Pasquale , Alessandro Barenghi , Stefano Zanero , Federico Maggi
Black Hat USA, 2017.

PDF Slides Video

Measuring and Defeating Anti-Instrumentation-Equipped Malware
Mario Polino , Andrea Continella , Sebastiano Mariani , Stefano D’Alessio , Lorenzo Fontana , Fabio Gritti , Stefano Zanero
Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), 2017.

PDF Code

Poster: Detecting webinjects through live memory inspection
Mariani Nicola , Continella Andrea , Pogliani Marcello , Carminati Michele , Maggi Federico , Zanero Stefano
IEEE Symposium on Security and Privacy (S&P), 2017.

PDF

Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
Andrea Continella , Yanick Fratantonio , Martina Lindorfer , Alessandro Puccetti , Ali Zand , Christopher Kruegel , Giovanni Vigna
Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2017.

PDF Code Slides

Prometheus: Analyzing WebInject-based information stealers
Andrea Continella , Michele Carminati , Mario Polino , Andrea Lanzi , Stefano Zanero , Federico Maggi
Journal of Computer Security, 2017.

PDF

ShieldFS: A Self-healing, Ransomware-aware Filesystem
Andrea Continella , Alessandro Guagnelli , Giovanni Zingaro , Giulio De Pasquale , Alessandro Barenghi , Stefano Zanero , Federico Maggi
Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2016.

PDF Project Slides

GASOLINE: a Cytoscape app for multiple local alignment of PPI networks
Giovanni Micale , Andrea Continella , Alfredo Ferro , Rosalba Giugno , Alfredo Pulvirenti
F1000Research, 2014.

PDF