BitCrumbs

Towards a Reliable and Automated Analysis of Compromised Systems

The vast majority of research in computer security is dedicated to the design of detection, protection, and prevention solutions. While these techniques play a critical role to increase the security and privacy of our digital infrastructure, it is enough to look at the news to understand that it is not a matter of "if" a computer system will be compromised, but only a matter of "when". It is a well known fact that there is no 100% secure system, and that there is no practical way to prevent attackers with enough resources from breaking into sensitive targets. Therefore, it is extremely important to develop automated techniques to timely and precisely analyze computer security incidents and compromised systems. Unfortunately, the area of incident response received very little research attention, and it is still largely considered an art more than a science because of its lack of a proper theoretical and scientific background. The objective of BITCRUMBS is to rethink the Incident Response (IR) field from its foundations by proposing a more scientific and comprehensive approach to the analysis of compromised systems. BITCRUMBS will achieve this goal in three steps:

1. by introducing a new systematic approach to precisely measure the effectiveness and accuracy of IR techniques and their resilience to evasion and forgery;
2. by designing and implementing new automated techniques to cope with advanced threats and the analysis of IoT devices;
3. by proposing a novel forensics-by-design development methodology and a set of guidelines for the design of future systems and software.

Bitcrumbs is a project funded by a European Research Council (ERC) consolidator grant.

The project started in mid-2018 and will run until 2023.

Publications

The Tangled Genealogy of IoT Malware

Emanuele Cozzi, Pierre-Antoine Vervier, Matteo Dell'Amico, Yun Shen, Leyla Bilge, Davide Balzarotti

Annual Computer Security Applications Conference (ACSAC) 2020

PDF Bibtex

Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem

Alessandro Mantovani, Simone Aonzo, Xabier Ugarte-Pedrero, Alessio Merlo, Davide Balzarotti

Network and Distributed System Security (NDSS) Symposium , 2020

PDF Bibtex

Artifacts: Dataset, Code

When malware is packin' heat; limits of machine learning classifiers based on static analysis features

Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna, Christopher Kruegel

Network and Distributed System Security (NDSS) Symposium, 2020

PDF Bibtex

Artifacts: Dataset

SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap

Savino Dambra, Leyla Bilge, Davide Balzarotti

IEEE Symposium on Security & Privacy, San Francisco, CA 2020

PDF Bibtex

Back to the Whiteboard: a Principled Approach for the Assessment and Design of Memory Forensic Techniques

Fabio Pagani, Davide Balzarotti

28th USENIX Security Symposium (USENIX Security 19) , Santa Clara, CA (acceptance rate: 15.7%)

PDF Slides Bibtex

Artifacts: Code

A Close Look at a Daily Dataset of Malware Samples

Xabier Ugarte-Pedrero, Mariano Graziano, Davide Balzarotti

ACM Transactions on Privacy and Security (TOPS)

PDF Bibtex

Artifacts: not available as the experiments were performed by CISCO employees by using internal data and tools

Introducing the Temporal Dimension to Memory Forensics

Pagani, Fabio, Fedorov, Oleksii, Balzarotti, Davide

ACM Transactions on Privacy and Security (TOPS)

PDF Bibtex

Artifacts: Code, Memory Images

Understanding Linux Malware

Emanuele Cozzi, Mariano Graziano, Yanick Fratantonio, Davide Balzarotti

IEEE Symposium on Security & Privacy , San Francisco, CA (acceptance rate: 11.5%)

PDF Slides Bibtex

Artifacts: Free Service, List of Samples