I vincitori del Premio Tesi
20a Edizione - Tesi del 2024
Eleonora Amadori
tesi triennale
Università di Padova
Dipartimento di matematica
Titolo della tesi
“Drone Wireless Charging Profiling and Fingerpriting”
Relatore
Alessandro Brighente
Abstract
This thesis describes the work done during my internship period, carried out within the University of Padua in the SPRITZ Research Group, an acronym that stands for Security and Privacy Research Group, of the Department of Mathematics, under the guidance of professor Alessandro Brighente. The work was divided into three parts: the study of the literature on Unmanned Aerial Vehicles security with Threat Models and Scenarios, Wireless Charging Protocols (Qi) and their areas of use, then taking over a Codebase of a temporarily stopped project, and finally the implementation of codes dedicated to introduce a model with the intention of fingerprinting, profiling, to be used with ad hoc Machine Learning algorithms: this study assesses the feasibility of profiling and fingerprinting drone firmware and executed operations by analyzing the current flow in various charging states. The findings reveal a distinct correlation between different software on board the drone and current behavior, which can be easily distinguished using various machine learning algorithms, the results demonstrate the possibility to accurately identify both the firmware and communication protocol of a drone. This research, and the ones prior, serve as a foundation for exploring the security and privacy of wireless power transfer in drone technology, with implications for both novel attack vectors and defense strategies.
Luca Minnei
tesi magistrale
Università degli studi di Cagliari
Titolo della tesi
“Tackling Concept Drift with Semi-supervised Malware Detection”
Relatore
Battista Biggio
Abstract
Android malware detectors are now widely implemented using machine learning algorithms. They are trained on large datasets of benign (goodware) and malicious (malware) applications collected at a specific point in time to create a realistic representation of real-world scenarios. The domain is not stationary as recent work has shown. This is caused by the rapid evolution of applications over time, including the adoption of new technologies, updates to the Android OS, the deprecation of API calls, and the evasive behavior of malware. These changes cause the detectors to show degrading performance over time, making the models unreliable for detection. While recent work pinpoints the presence of such drift, little has been done to isolate its causes and understand the underlying reasons. In this thesis, we conducted a deep analysis of the features that shows which features cause the data drift, i.e., new features to appear and old ones that become unreliable. The experimental evaluation highlights that particular feature groups cause the data drift, however, we also show that removing these highly variable features from the feature set doesn’t achieve better classification performance. To enhance classification over time, we implemented methods that combine semi-supervised learning (SSL) and active learning. In the initial phase, the active learning method chooses a small, random pool of labeled samples, that are going to be used to improve the label propagation of the SSL algorithm. In the subsequent phase, the SSL algorithm predicts the new labels to use during the re-training phase. Unfortunately, the experiments indicated that the active learning method did not significantly improve the SSL algorithms considered in this thesis when using a reasonable number of features. The results of this thesis showed that the custom SSL algorithm, which uses asymmetric thresholds, exhibited improved classification performance with a small number of samples. However, the Scikit-learn textit{SelfTrainingClassifier}~cite{SSL_scikit} outperformed the custom method under different feature representations. Despite these differences, the consistent finding across all scenarios is that maintaining the correct labeling of malware samples and prioritizing them in the re-training phase significantly enhances classification performance. This is likely because the malware class tends to drift more significantly over time, making it necessary to maintain accurate labeling to sustain performance.
Christian Scano
tesi magistrale
Università degli studi di Cagliari
Titolo della tesi
“ModSec-AdvLearn: Improving ModSecurity with Adversarial Learning”
Relatore
Battista Biggio
Abstract
ModSecurity is widely recognized as the standard open-source Web Application Firewall (WAF), maintained by the Open Web Application Security Project (OWASP) Foundation. It detects malicious requests by matching them against the Core Rule Set (CRS), identifying well-known attack patterns. Each rule in the CRS is manually assigned a weight, based on the severity of the corresponding attack, and a request is detected as malicious if the sum of the weights of the firing rules exceeds a given threshold. In this work, we show that this simple strategy is largely ineffective for detecting SQL injection (SQLi) attacks, as it tends to block many legitimate requests and is vulnerable to adversarial SQLi attacks, i.e., attacks intentionally manipulated to evade detection. To overcome these issues, we design a robust Machine Learning (ML) model, named ModSec-AdvLearn, which uses the CRS rules as input features, and it is trained to detect adversarial SQLi attacks. Our experiments show that ModSec-AdvLearn achieves a better trade-off between detection and false positive rates. Specifically, it improves the detection rate of the vanilla version of ModSecurity by 20%, thus opening the way towards strengthening classical rule-based solutions with machine learning-based approaches and bridging the gap between these two worlds. Moreover, our approach can improve its adversarial robustness against adversarial SQLi attacks by 35%, thereby marking a significant stride toward building more robust and trustworthy WAFs.
Samuele Del Vescovo
tesi magistrale
Università degli Studi di Bari Aldo Moro
Dipartimento di Informatica
Titolo della tesi
“Adversarial Attacks on IDS and Multidomain Impact Analysis for Threat Intelligence in Military Automotive Scenarios”
Relatore
Barletta Vita Santa / Caivano Danilo
Abstract
Negli ultimi anni, il settore Automotive sta attraversando un periodo di forte sviluppo ed innovazione legato alla progressiva connessione degli autoveicoli non solo tra di loro ma anche a sistemi contestualizzati in "Smart City". Diretta conseguenza di ciò è l’aumento della superficie di attacco degli autoveicoli che potrebbe favorire l’aumento di attacchi ad essi fornendo un potenziale accesso ad una rete strategica per organizzazioni governative e militari per il "Sistema Paese", violando il perimetro di sicurezza nazionale. Le conseguenze di ciò possono riflettersi sulla sicurezza psico sica dei passeggeri e pedoni, nei casi peggiori. L’obiettivo primario di questo lavoro consiste nel verificare l’applicabilità di attacchi basati su Adversarial Machine Learning (Black-Box) nel contesto Automotive (CAN Bus Frame Detection). La vittima di tale attacco è un IDS (ipotizzato risiedente nel veicolo stesso) avente la funzione di classificare il traffico CAN. Tale sistema si fonda su algoritmi di classificazione "multiclasse" basati su apprendimento automatico supervisionato. Le tipologie di attacco in esame consistono in diversi attacchi di evasione e di inferenza sull’appartenenza (attacco alla privacy). Inoltre, al fine di comprendere la portata delle conseguenze negative derivanti dall’esecuzione di tale attacchi, viene proposta un’analisi dell’impatto "Multidominio" che coinvolge non solo il dominio "Cibernetico" ma anche quello "Terrestre" in scenari di guerra cibernetica (Cyber War) e spionaggio cibernetico (Cyber Espionage) costituenti, a tutti gli effetti, parti integranti di "Operazioni Multidominio" potenzialmente volte a climi di terrorismo. Ciò in totale aderenza alla natura "Multidominio" delle operazioni civili/militari moderne evidenziata dal "Documento Programmatico Pluriennale della Difesa per il Triennio 2022-2024" e dal documento "The Italian Defence Approach to Multi-Domain Operations". L’organizzazione "vittima" è l’intera Nazione. Il tutto è contestualizzato in una gestione della minaccia utile comprendere le conseguenze di tali azioni. Pertanto, l’obiettivo più struggente di questo lavoro è incentivare un uso consapevole non solo degli algoritmi di intelligenza artificiale ma anche delle tecniche di attacco a quest’ultimi mettendo in luce impatti negativi derivanti da usi non consapevoli di essi.
Nicholas Miazzo
tesi magistrale
Università di Padova
Titolo della tesi
“Leveraging Graph of Thoughts and Large Language Models for Advanced Vulnerability Detection”
Relatore
Eleonora Losiouk
Abstract
Vulnerability Detection aims to automate the analysis of software systems to discover security flaws and defects, called vulnerabilities. In recent years, many studies have explored using LLMs in this task, leveraging their knowledge and reasoning skills acquired through training on large text and source code datasets. Despite the potential highlighted by these works, LLMs often struggle to correctly explain the root causes of vulnerabilities, raising questions about their effectiveness. This project aims to improve Large Language Models’ classification and explainability capabilities by adopting a novel reasoning methodology from the literature known as the Graph of Thoughts. Although this methodology has shown promising results in logical and mathematical tasks, it has never been applied to vulnerability detection. Testing and evaluating this new vulnerability detection technique has demonstrated its potential to improve LLMs’ classification and reasoning capabilities.
La premiazione dei vincitori
Avvenuta in data: 9 settembre 2025
I premiati delle ultime 10 edizioni
Il Premio Tesi è realizzato in collaborazione e con il sostegno di:
