1,721,576 research outputs found
Censorship-Resilient Communications Throughout Information Scattering (Transcript of Discussion)
No full text
Development of Phishing Detection Modules: Study, Analysis, and Implementation
No full textreservedQuesto documento descrive l'attività svolta da Leonardo Lago durante il suo stage interno presso l'Università degli Studi di Padova, della durata di circa trecentoventi ore iniziato il 6 Maggio 2024 e conclusosi il 28 Giugno 2024. L'attività è stata supervisionata dal Prof. Conti Mauro come promotore, con la collaborazione del Prof. Pajola Luca della start-up Spritz Matter, spin-off dell'Università di Padova. Il Prof. Bresolin Davide è stato il tutor interno per il Consiglio del Corso di Studio durante il periodo di tirocinio.
Questa tesi si occupa di ricercare e implementare delle soluzioni al problema degli attacchi informatici di phishing. In particolare è stato svolta uno studio dello stato dell'arte sulle soluzioni ricercate e valutate nella letteratura che ha dato modo di comprendere le possibili soluzioni da adottare. In seguito sono stati realizzati due diversi moduli di rilevazione degli attacchi phishing incentrati sulla classificazione rispettivamente di URL e documenti malevoli.This document describes the activities carried out by Leonardo Lago during his internal internship at the University of Padua, which lasted approximately three hundred and twenty hours, starting on May 6, 2024, and ending on June 28, 2024. The activity was supervised by Prof. Conti Mauro as the promoter, in collaboration with Prof. Pajola Luca from the start-up Spritz Matter, a spin-off of the University of Padua. Prof. Bresolin Davide served as the internal tutor for the Council of the Study Program during the internship period.
This thesis focuses on researching and implementing solutions to the problem of phishing cyber-attacks. In particular, a study of the state-of-the-art solutions explored and evaluated in the literature was conducted, which provided an understanding of the possible solutions to adopt. Subsequently, two different modules for detecting phishing attacks were developed, focusing on the classification of malicious URLs and documents, respectively
Sense-And-Trace: A Privacy Preserving Distributed Geolocation Tracking System (Transcript of Discussion)
No full textLeveraging Social Networks for Mergers and Acquisitions Forecasting
Full text linkMergers and acquisitions are pivotal strategies employed by companies to maintain competitiveness, leading to enhanced production efficiency, scale, and market dominance. Due to their significant financial implications, predicting these operations has become a profitable area of study for both scholars and industry professionals. The accurate forecasting of mergers and acquisitions activities is a complex task, demanding advanced statistical tools and generating substantial returns for stakeholders and investors. Existing research in this field has proposed various methods encompassing econometric models, machine learning algorithms, and sentiment analysis. However, the effectiveness and accuracy of these approaches vary considerably, posing challenges for the development of robust and scalable models. In this paper, we present a novel approach to forecast mergers and acquisitions activities by utilizing social network analysis. By examining temporal changes in social network graphs of the involved entities, potential transactions can be identified prior to public announcements, granting a significant advantage in the forecasting process. To validate our approach, we conduct a case study on three recent acquisitions made by Microsoft, leveraging the social network platform Twitter. Our methodology involves distinguishing employees from random users and subsequently analyzing the evolution of mutual connections over time. The results demonstrate a strong link between engaged firms, with the connections between Microsoft employees and acquired companies ranging from five to twenty times higher than those of baseline companies in the two years preceding the official announcement. These findings underscore the potential of social network analysis in accurately forecasting mergers and acquisitions activities and open avenues for the development of innovative methodologies
Going in Style: Audio Backdoors Through Stylistic Transformations
No full textThis work explores stylistic triggers for backdoor attacks in the audio domain: dynamic transformations of malicious samples through guitar effects. We first formalize stylistic triggers – currently missing in the literature. Second, we explore how to develop stylistic triggers in the audio domain by proposing JingleBack. Our experiments confirm the effectiveness of the attack, achieving a 96% attack success rate. Our code is available in https://github.com/skoffas/going-in-style.Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.Cyber Securit
Leaving No Blind Spots: Toward Automotive Cybersecurity
No full textThe increasing connectivity and autonomy of modern vehicles have drastically expanded their attack surface, introducing interdependent cybersecurity risks. However, existing security mechanisms often focus on isolated threats, failing to address their interplay within complex vehicle ecosystems. As vehicles become increasingly dependent on AI-driven control, electric powertrains, and networked architectures, ensuring resilience across multiple attack vectors requires a holistic security approach. This work proposes a unified three-layer security framework that integrates (i) physical-layer protection through battery authentication and side-channel resilience, (ii) AI-layer robustness against adversarial attacks on perception and intrusion detection, and (iii) communication-layer security for in-vehicle network protection. By leveraging cross-domain security principles, including cyber-physical security analysis, adversarial ML defenses, and in-vehicle network protection, this framework provides a cohesive and scalable methodology for securing next-generation automotive systems
User authentication method for access to a mobile user terminal and corresponding mobile user terminal
No full textLeaky Batteries: A Novel Set of Side-Channel Attacks on Electric Vehicles
No full textAdvancements in battery technology have accelerated the adoption of Electric Vehicles (EVs) due to their environmental benefits. However, their growing sophistication introduces security and privacy challenges. Often seen as mere operational data, battery consumption patterns can unintentionally reveal critical information exploitable for malicious purposes. These risks go beyond privacy, impacting vehicle security and regulatory compliance. Despite these concerns, current research has largely overlooked the broader implications of battery consumption data exposure. As EVs integrate further into smart transportation networks, addressing these gaps is crucial to ensure their safety, reliability, and resilience. In this work, we introduce a novel class of side-channel attacks that exploit EV battery data to extract sensitive user information. Leveraging only battery consumption patterns, we demonstrate a methodology to accurately identify the EV driver and their driving style, determine the number of occupants, and infer the vehicle’s start and end locations when user habits are known. We utilize several machine learning models and feature extraction techniques to analyze EV power consumption patterns, validating our approach on simulated and real-world datasets collected from actual drivers. Our attacks achieve an average success rate of 95.4% across all attack objectives. Our findings highlight the privacy risks associated with EV battery data, emphasizing the need for stronger protections to safeguard user privacy and vehicle security
CANEDERLI: On The Impact of Adversarial Training and Transferability on CAN Intrusion Detection Systems
Full text linkThe growing integration of vehicles with external networks has led to a surge
in attacks targeting their Controller Area Network (CAN) internal bus. As a
countermeasure, various Intrusion Detection Systems (IDSs) have been suggested
in the literature to prevent and mitigate these threats. With the increasing
volume of data facilitated by the integration of Vehicle-to-Vehicle (V2V) and
Vehicle-to-Infrastructure (V2I) communication networks, most of these systems
rely on data-driven approaches such as Machine Learning (ML) and Deep Learning
(DL) models. However, these systems are susceptible to adversarial evasion
attacks. While many researchers have explored this vulnerability, their studies
often involve unrealistic assumptions, lack consideration for a realistic
threat model, and fail to provide effective solutions.
In this paper, we present CANEDERLI (CAN Evasion Detection ResiLIence), a
novel framework for securing CAN-based IDSs. Our system considers a realistic
threat model and addresses the impact of adversarial attacks on DL-based
detection systems. Our findings highlight strong transferability properties
among diverse attack methodologies by considering multiple state-of-the-art
attacks and model architectures. We analyze the impact of adversarial training
in addressing this threat and propose an adaptive online adversarial training
technique outclassing traditional fine-tuning methodologies with F1 scores up
to 0.941. By making our framework publicly available, we aid practitioners and
researchers in assessing the resilience of IDSs to a varied adversarial
landscape.Comment: Accepted at WiseML 202
- …
