Arancino: A tasty framework to measure Evasive Malware

Arancino: A tasty framework to measure Evasive Malware

Blog
Malware authors have been developing techniques with the purpose of hiding their creations from Analysis  platforms. Hence, we performed a measurement of which of those are used to detect and break analysis systems based on Dynamic Binary Instrumentation (DBI) Tools. By Mario Polino Postdoc researcher @Politecnico di Milano After decades of research and development, the problem of Malware still persists. Certainly, the approach and the motivation behind malware creation and spread are changed. Nowadays there are several platforms and advanced systems that can perform accurate analysis on software and, in particular, on malware samples. For this reason, malware authors have been developing techniques to hide their creations from such platforms. E.g., They conduct some tests to check if the malware sample is running under a virtual machine or if the list,…
Read More
CONDOR: Convolutional Neural Networks Dataflow Optimization Using Reconfigurable Hardware

CONDOR: Convolutional Neural Networks Dataflow Optimization Using Reconfigurable Hardware

Blog
Condor is an end-to-end framework to implement Convolutional Neural Networks on FPGA, that does not require the user to have experience in FPGA programming. The framework is able to interpret models from the well-known deep learning engine Caffe. By Giuseppe Natale PhD student @Politecnico di Milano The recent years have seen a rapid diffusion of deep learning algorithms as Convolutional Neural Networks (CNNs) and, as a consequence, an intensification of industrial and academic research focused on optimizing their implementation. Different computing architectures have been explored and, among all of them, Field Programmable Gate Arrays (FPGAs) seem to be a very attractive choice, since they can deliver sustained performances with high power efficiency, as CNNs can be directly mapped onto hardware and still offer flexibility thanks to their programmability. Nevertheless, the…
Read More
I’m not malicious, detection of evasive Android malware

I’m not malicious, detection of evasive Android malware

Blog
The increasing popularity of the smartphones attracted lots “bad actors” that wants to spread malicious software into the ecosystem for profit. To avoid being detected and maximize profit, malware uses evasive techniques. We propose an approach to combat evasive malware. By Chengyu Zheng PhD student @Politecnico di Milano How to avoid being detected With over 500 million devices and an estimated 84% market share, Android-based devices are the main target for cyber-criminals. In addition to the alarming amount of malware families and samples, evasive techniques used by malwares are becoming more and more sophisticated. With the high amount of new applications being released every month, “app store” maintainer are struggling to find a reliable solutions to analyze apps in order to recognize and isolate malicious ones. Techniques used to analyze…
Read More
FROST: a common backend to accelerate Domain Specific Languages on FPGA

FROST: a common backend to accelerate Domain Specific Languages on FPGA

Blog
Domain Specific Languages are gaining more and more interest thanks to the significant level of performance they can reach on different architectures. FROST is a common backend able to accelerate on FPGA applications developed in different DSLs.   By Emanuele Del Sozzo Ph.D. student @ Politecnico di Milano Due to the reaching of the end of Dennard scaling and Moore’s law, we are experiencing a growing interest towards Heterogeneous System Architectures (HSAs) as a promising solution to boost performance and, at the same time, reduce power consumption. The combination of different hardware accelerators, like GPUs, FPGAs, and ASICs, along with CPUs, allows to choose the most suitable architecture for a specific task, and, for this reason, many high-performance systems are currently taking advantage of heterogeneity. [caption id="attachment_506" align="aligncenter" width="300"] Example…
Read More
Breaking… the laws of robotics: attacking industrial robots

Breaking… the laws of robotics: attacking industrial robots

Blog
Industrial robots are everywhere: what happens if they get compromised? Is this hard? Are they attractive for attackers? How can we improve their security? To answer these questions, last year we studied the security landscape of an industrial robot and we analysed (and compromised) a widespread robot.   By Marcello Pogliani PhD student at the NECSTLab, working on Systems Security Industrial robots are drastically evolving: on one side, “caged” giant robots are being complemented by smaller, “collaborative” models designed to share the workspace with human workers; on the other side, they are more “intelligent”, for example, by means of an improved interconnection for tasks such as remote maintenance, and integration with information systems. This means that robots, once “air-gapped”, are now exposed to hostile avenues. What happens (Skynet aside) if…
Read More
Accelerating Machine Learning: the hard case of generic models

Accelerating Machine Learning: the hard case of generic models

Blog
Following the spreading of applications powered by Machine Learning models, the issues arised on how to engineer their development and deployment. This is particularly problematic when the applications should run under stringent performance requirements and in a complex environment like a cloud infrastructure with diverse hardware resources (CPUs, FPGAs, etc.). We performed initial work on this issue and proposed an approach that achieved a 3x speedup over the common case, suggesting practices that pave the way for developing more systematic guidelines and tools.   By Alberto Scolari PhD Student @ Politecnico di Milano, working on reconfigurable computing systems at NECSTLab   Operational-izing ML: system issues Machine Learning (ML) models are spreading inside companies, as a basis for their business. Nonetheless, applying ML to your business requires theoretical and technical efforts. As willing-to-be system architects,…
Read More
Internet banking fraud analysis and detection

Internet banking fraud analysis and detection

Blog
The significant growth of online banking frauds, fueled by the underground economy of malware, raised the need for effective defense systems. As a consequence, in last the years, banks have upgraded their security measures to protect online transactions from frauds.     We propose a novel approach, Banksealer, that models user’s behavior through his or her interaction with the online banking services from different perspectives but with the common goal of recognizing fraudulent activities.   By Michele Carminati Postdoctoral Researcher @ Politecnico di Milano, working on System Security at NECSTLab.   Over the years, Internet banking has grown in popularity. Unfortunately, this has led to an increase of frauds perpetrated through cyber-attacks, resulting in worldwide substantial financial losses. According to Kaspersky Lab, financial malware is evolving through the collaboration between malware creators and…
Read More
Smart wearables: how to stop worrying about the data and love self-tracking

Smart wearables: how to stop worrying about the data and love self-tracking

Blog
310 millions wearable devices sold this year, 2 billion people will be using apps to monitor their bodies, by 2019. Everything can be tracked and measured: heart rate, hours of sleep, food calories, exercise, weight... Yet, the majority of users still struggle to make sense of data and abandon them. We propose novel approaches that get back on the Self in “quantified self” and transform self-tracking in actionable empower.   By Luca Cerina Research Assistant @ Politecnico di Milano, working on wearable devices and biomed applications at NECSTLab. The unmet promise In the recent years, the market for self-tracking apps and wearable devices skyrocketed, with industries and media sharing promises of Health and Wellness waiting just a click away from us, preaching the advent of data-sharing products that will solve…
Read More
The CAOS framework: democratize the acceleration of compute intensive applications on FPGA

The CAOS framework: democratize the acceleration of compute intensive applications on FPGA

Blog
The increasing demand for computing power in fields as Biology, Machine Learning and Physics is pushing the adoption of reconfigurable hardware as FPGA in order to keep up with the required performance level at a sustainable power consumption. CAOS is a framework to help the application designer in identifying acceleration opportunities and guides through the implementation of the final FPGA-based system.   By Marco Rabozzi  PhD Student @ Politecnico di Milano, working on reconfigurable computing systems at NECSTLab As of today, the progress in many fields of the science is somewhat connected to the amount of available computing power that we have. For instance, higher amount of computing power translates into the capability of simulate a larger amount of neurons and synopsis within a brain, simulate the behavior of more complex physical…
Read More
Do you WannaCry? Protecting from Modern Ransomware Attacks

Do you WannaCry? Protecting from Modern Ransomware Attacks

Blog
Infamous ransomware families, malicious programs that encrypt victims’ files preventing legitimate access until a ransom is paid, had a drastic impact in the past years. We proposed a novel approach, ShieldFS, that is able to detect malicious behaviors and revert the effects of ransomware attacks, which means no files lost for the end users!   By Andrea Continella PhD Student @ Politecnico di Milano, soon joining the SecLab @ University of California, Santa Barbara as a Postdoc researcher. In the last year, ransomware has been one the most dangerous Internet threat. Preventive and reactive security measures can only partially mitigate the damage caused by modern ransomware attacks. The remarkable amount of illicit profit and the cybercriminals' increasing interest in ransomware schemes demonstrate that current defense solutions are failing, and a large number…
Read More