Andrea Lanzi

Andrea Lanzi

Me

About Me

I'm currently assistant professor at University of Milan , Computer Science Department, working at the LAser security Lab. I've been Senior Research at Eurecom Graduate School and Research Center at , located in Sophia Antipolis on the French riviera. I am interested in several aspects of Cyber Security. In particular, my main area of research deals with Host Intrusion Detection Systems (HIDS), Memory Errors, Reverse Engineering, malware and forensic analysis. In recent years I’ve mainly studied the application of emulation/virtualization and compiler techniques for malware analysis and detection. In addition I’ve been working on analyzing large-scale security datasets (e.g., Anubis malware collection) to investigate the behavior of current cyber threats.

My ex-Lab Home Page

Here's my google scholar profile.

Research Projects

Research Activities

    Assistant Professor Jan 2014, I am an assistant professor at the Computer Science Department, Security Lab LAser of Universita` degli studi di Milano, Milan, Italy EU
    Researcher Since Apr 2010, I am a Researcher in the Computer Security Lab of the Eurecom Institute, Sophia Antipolis, France EU
    Post Doctoral Fellow 2009 Since Apr 2010, I am a Post Doctoral Researcher in the Computer Security Lab of the Eurecom Institute, Sophia Antipolis , French EU, working with Prof. Engin Kirda.
    Employed as a Visiting Ph.D student at Georgia Tech 2008 Since February 2009 I’m employed as visiting PhD student at Georgia Tech University GATech (GA) USA, In the GTISC Lab lead by Prof. Wenke Lee.
    Visiting Ph.D student at Georgia Tech 2007 In 2008 I have been visiting PhD student at Georgia Tech University GATech (GA) USA, In the GTISC Lab lead by Prof. Wenke Lee.
    Ph.D. degree in computer science 2008 Ph.D. degree in Computer Science at Dipartimento di Informatica e Comunicazione (DICO) – Universita` degli Studi di Milano. Advisor Prof. Wenke Lee

Professional Activities

Member Program Committee of International Conferences

    22nd ACM Conference on Computer and Communications Security, ACM CCS 2015
    18th International Symposium On Research in Attacks, Intrusions and Defenses (RAID) 2015
    9th WOOT USENIX Workshop on Offensive Technologies, 2015
    12th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2015
    The 15th Annual DFRWS Conference Forensic Conference USA. 2015
    European Workshop on System Security (EUROSEC) 2015
    WISTP 2015, Workshop in Information Security Theory and Practice Series
    9th International Conference on Availability, Reliability and Security (ARES) 2014
    WISTP 2014, Workshop in Information Security Theory and Practice Series
    EUC 2014 The 12th IEEE International Conference on Embedded and Ubiquitous Computing
    The 2014 APWG Symposium on Electronic Crime Research
    The 14th Annual DFRWS Conference Forensic Conference USA. 2014
    European Workshop on System Security (EUROSEC) 2014
    WISTP 2013, Workshop in Information Security Theory and Practice Series
    16th International Symposium On Research in Attacks, Intrusions and Defenses (RAID) 2013
    10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2013
    European Workshop on System Security (EUROSEC) 2013
    15th International Symposium On Research in Attacks, Intrusions and Defenses (RAID) 2012
    9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2012
    7th International Conference on Availability, Reliability and Security (ARES) 2012
    European Workshop on System Security (EUROSEC) 2012
    European Workshop on System Security (EUROSEC) 2011
    European Workshop on System Security (EUROSEC) 2010
    EC2ND 2011 the Sixth European Conference on Computer Network Defense
    EC2ND 2010 the Sixth European Conference on Computer Network Defense
    SecSE 2010 Fourth International Workshop on Secure Software Engineering
    CIW 2010 The Fifth International Conference on Internet and Web Applications and Services.

Reviewing for Journals

    Computers & Security The International Source of Innovation for the Information Security and IT Audit Professional
    IEEE Transactions on Reliability
    IEEE Transactions on Information Forensics and Security
    ACM Transactions on Embedded Computing Systems (TECS)
    IEEE Transactions on Dependable and Secure Computing (TDSC)
    ACM Transactions on Internet Technology (TOIT)
    Journal of Information Security and Applications

Publications & Journals

    Cristalli Stefano, Mattia Pagnozzi, Mariano Graziano, Andrea Lanzi, Davide Balzarotti "Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks", Proceedings of the 25rd USENIX Security Symposium (USENIX Security), 2016 [To be appear]
    M Graziano, L Flore, A Lanzi, D Balzarotti "Subverting Operating System Properties Through Evolutionary DKOM Attacks.", Proceedings of 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, 2016 [ To be appear]
    F Pagani, M De Astis, M Graziano, A Lanzi, D Balzarotti "Measuring the Role of Greylisting and Nolisting in Fighting Spam", Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Network, 2016 [ To be appear]
    Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, Davide Balzarotti "Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence", Proceedings of the 24rd USENIX Security Symposium (USENIX Security), 2015 [ Download |  bibtex]
    Aristide Fattori, Andrea Lanzi, Davide Balzarotti, Engin Kirda "Hypervisor-based malware protection with AccessMiner", Journal of Computers & Security, 2015 [ Download |  bibtex]
    Babak Rahbarinia, Roberto Perdisci, Andrea Lanzi, Kang Li. "PeerRush: Mining for unwanted P2P traffic", Journal of Information Security and Applications, 2014 [ Download |  bibtex]
    Stefano Bianchi Mazzone, Mattia Pagnozzi, Aristide Fattori, Alessandro Reina, Andrea Lanzi, Danilo Bruschi "Improving Mac OS X Security Through Gray Box Fuzzing Technique", Eurosec 2014, Amsterdam[ Download |  bibtex]
    Gábor Pék, Andrea Lanzi, Abhinav Srivastava, Davide Balzarotti, Aurélien Francillon , Christoph Neumann"On the Feasibility of Software Attacks on Commodity Virtual Machine Monitors via Direct Device Assignment", AsiaCCS conference 2014, Japan [Download |  bibtex]
    Mariano Graziano, Andrea Lanzi and Davide Balzarotti."Hypervisor Memory Forensics" 16th Conference Research in Attacks, Intrusions and Defenses, RAID 2013, St. Lucia [ Download |  bibtex]
    Babak Rahbarinia, Roberto Perdisci, Andrea Lanzi, Kang Li. "PeerRush: Mining for Unwanted P2P Traffic". 10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, DIMVA 2013, Berlin, Germany, [BEST PAPER AWARD] [ Download |  bibtex]
    Davide Canali, Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, Engin Kirda "A Quantitative Study of Accuracy in System Call-Based Malware Detection - ISSTA 2012"
    [ Download |  bibtex]
    Abhinav Srivastava, Andrea Lanzi, Jonathon Giffin, Davide Balzarotti "Operating System Interface Obfuscation and the Revealing of Hidden Operations" 8th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) - Amsterdam, July 2011
    [ Download |  bibtex]
    Leyla Bilge, Andrea Lanzi, Davide Balzarotti "Thwarting Real-Time Dynamic Unpacking" European Workshop on System Security (EUROSEC) - Salzburg, April 2011
    [ Download |  bibtex]
    Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, Engin Kirda "G-free: Defeating Return-oriented Programming Through Gadget-less Binaries" In Proceedings of 26th Annual Computer Security Applications Conference (ACSAC 2010) Austin, Texas, USA
    [ Download |  bibtex]
    Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christoderescu, Engin Kirda "AccessMiner: Using System-Centric Models for Malware Protection", In Proceedings of 17th ACM Conference on Computer and Communications Security (CCS 2010) , CCS 2010 Chicago.
    [ Download |  bibtex]
    Monirul Sharif, Wenke Lee, Weidong Cui, Andrea Lanzi "Secure In-VM Monitoring Using Hardware Virtualization" In Proceedings of 16th ACM Conference on Computer and Communications Security (CCS 2009) , CCS 2009 Chicago
    [ Download |  bibtex]
    Monirul Sharif, Andrea Lanzi, Jonathon Giffin, and Wenke Lee "Automatic Reverse Engineering of Malware Emulators" In Proceedings of The 2009 IEEE Symposium on Security and Privacy (Oakland 09), Oakland, CA, May 2009. [BEST STUDENT PAPER AWARD]
    [ Download |  bibtex]
    Andrea Lanzi, Monirul Sharif and Wenke Lee "K-Tracer: A System for Extracting Kernel Malware Behavior" In the Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS'09), San Diego, CA, February 2009
    [ Download |  bibtex]
    Roberto Perdisci, Andrea Lanzi, Wenke Lee "McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables", In the Proceedings of Annual Computer Security Applications Conference, (ACSAC 2008). Anaheim California USA
    [ Download |  bibtex]
    Monirul Sharif, Andrea Lanzi, Jonathon Giffin and Wenke Lee "Impeding Malware Analysis Using Conditional Code Obfuscation", In the Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008
    [ Download |  bibtex]
    Abhinav Srivastava, Andrea Lanzi and Jonathon Giffin "System Call API Obfuscation (Extended Abstract)", In Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection (RAID 2008) , Cambridge, Massachusetts, USA 2008
    [ Download |  bibtex]
    Lorenzo Cavallaro, Andrea Lanzi, Luca Mayer, and Mattia Monga "LISABETH: Automated Content-Based Signatures Generator for Zero-day Polymorphic Worms", International Workshop on Software Engineering for Secure Systems (SESS'08) 2008, Berlin, EU
    [ Download |  bibtex]
    Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi "Static Analysis on x86 Executable for Preventing Automatic Mimicry Attacks", In the Proceedings of the International Conference IEEE, (DIMVA 2007) Lucerne Switzerland July 12-13 2007
    [ Download |  bibtex]
    Andrea Lanzi, Lorenzo Martignoni, Mattia Monga, Roberto Paleari "A Smart Fuzzer for x86 Executables", In the Proceedings of the 3rd International Workshop on Software Engineering for Secure Systems (SESS07) 2007, Minneapolis, USA.
    [ Download |  bibtex]
    Danilo Bruschi, Lorenzo Cavallaro, and Andrea Lanzi "An Efficient Technique for Preventing Mimicry and Impossible Paths Execution Attacks", In the Proceedings of the 3rd International Workshop on Information Assurance IEEE(WIA 2007), April 11-13, 2007, New Orleans, Louisiana, USA
    [ Download |  bibtex]
    Danilo Bruschi, Lorenzo Cavallaro, and Andrea Lanzi "Diversified Process Replicae for Defeating Memory Error Exploits", In the Proceedings of the 3rd International Workshop on Information Assurance IEEE (WIA 2007), April 11-13, 2007, New Orleans, Louisiana, USA.
    [ Download |  bibtex]
    D.Bruschi, L. Cavallaro, A. Lanzi, M.Monga "Replay Attack in the TCG Specification and a Solution", In the Proceedings of 21th Annual Computer Security Application Conference (ACSAC 2005) ACM, Tucson Arizona, USA 2005
    [ Download |  bibtex]
    D.Bruschi, Igor N. Fovino, A. Lanzi, "A protocol for Anonymous and Accurate E-Polling", In the Proceedings of the international conference Security for e-Government Services, (TCGOV 2005), Bozen, Italy 2005. LNCS Springer-Verlag, (LNAI 3416) pag.112-121
    [ Download]
    D.Bruschi, Igor N. Fovino, A. Lanzi , "A protocol for Anonymous and Accurate E-Polling", Publisher:"IDEA GROUP Inc." Title:"Book on Secure eGovernment Web Services"
    [ Download]
    Roberto Perdisci, Andrea Lanzi, Wenke Lee "Classification of Packed Executables for Accurate Computer Virus Detection.", Pattern Recognition Letters 2008
    [ Download]

Technical Reports

    M.Sharif, A. Lanzi, J. Giffin and W. Lee"Rotalume: A tool for automatically reverse engineering malware emulators.", Technical report, Georgia Tech University, USA 2008.
    [ Download]
    Abhinav Srivastava, Andrea Lanzi and Jonathon Giffin "Operating System Interface Obfuscation and the Revealing of Hidden Operations", Technical report, Georgia Tech University, USA 2008.
    [ Download]
    D.Bruschi, L.Cavallaro, A.Lanzi"Syscalls Obfuscation for Preventing Mimicry and Impossible Paths Execution Attacks", Technical report, Universita` degli studi di Milano, Italia 2006.
    [ Download]
    D.Bruschi, L.Cavallaro, A.Lanzi, M.Monga "Attacking a Trusted Computing Platform [Improving the Security of TCG Specification]", Technical report RT 05-05, Universita` degli studi di Milano, Italia 2005.
    [ Download]

Contact

You can reach me at:
andrea[DOT]lanzi[AT]unimi[DOT]it


Last Modified: Wed Apr 1 14:29:17 CEST 2009


International Secure Systems Lab www.iseclab.org