S
Stefano Zanero
Researcher at Polytechnic University of Milan
Publications - 134
Citations - 3640
Stefano Zanero is an academic researcher from Polytechnic University of Milan. The author has contributed to research in topics: Computer science & Malware. The author has an hindex of 30, co-authored 119 publications receiving 2980 citations.
Papers
More filters
Proceedings ArticleDOI
Unsupervised learning techniques for an intrusion detection system
TL;DR: A two-tier architecture is introduced: the first tier is an unsupervised clustering algorithm which reduces the network packets payload to a tractable size and the second tier is a traditional anomaly detection algorithm, whose efficiency is improved by the availability of data on the packet payload content.
Book ChapterDOI
Phoenix: DGA-Based Botnet Tracking and Intelligence ∗
TL;DR: This work proposes Phoenix, a mechanism that, in addition to telling DGA- and non-DGA-generated domains apart using a combination of string and IP-based features, characterizes the DGAs behind them, and, most importantly, finds groups of DGAs that are representative of the respective botnets.
Proceedings ArticleDOI
ShieldFS: a self-healing, ransomware-aware filesystem
Andrea Continella,Alessandro Guagnelli,Giovanni Zingaro,Giulio De Pasquale,Alessandro Barenghi,Stefano Zanero,Federico Maggi +6 more
TL;DR: ShieldFS, an add-on driver that makes the Windows native filesystem immune to ransomware attacks, is proposed and evaluated in real-world working conditions on real, personal machines, against samples from state of the art ransomware families.
Book ChapterDOI
HelDroid: Dissecting and Detecting Mobile Ransomware
TL;DR: HelDroid is presented, a fast, efficient and fully automated approach that recognizes known and unknown scareware and ransomware samples from goodware, based on detecting the "building blocks" that are typically needed to implement a mobile ransomware application.
Journal ArticleDOI
Detecting Intrusions through System Call Sequence and Argument Analysis
TL;DR: An unsupervised host-based intrusion detection system based on system call arguments and sequences that has a good signal-to-noise ratio, and is also able to correctly contextualize alarms, giving the user more information to understand whether a true or false positive happened.