Elisa Bertino
YOU?
Author Swipe
View article: TIMESAFE: Timing Interruption Monitoring and Security Assessment for Fronthaul Environments.
TIMESAFE: Timing Interruption Monitoring and Security Assessment for Fronthaul Environments. Open
5G and beyond cellular systems embrace the disaggregation of Radio Access Network (RAN) components, exemplified by the evolution of the fronthaul (FH) connection between cellular baseband and radio unit equipment. Crucially, synchronizatio…
View article: Automated Vulnerability Validation and Verification: A Large Language Model Approach
Automated Vulnerability Validation and Verification: A Large Language Model Approach Open
Software vulnerabilities remain a critical security challenge, providing entry points for attackers into enterprise networks. Despite advances in security practices, the lack of high-quality datasets capturing diverse exploit behavior limi…
View article: VWAttacker: A Systematic Security Testing Framework for Voice over WiFi User Equipments
VWAttacker: A Systematic Security Testing Framework for Voice over WiFi User Equipments Open
We present VWAttacker, the first systematic testing framework for analyzing the security of Voice over WiFi (VoWiFi) User Equipment (UE) implementations. VWAttacker includes a complete VoWiFi network testbed that communicates with Commerci…
View article: LLMalMorph: On The Feasibility of Generating Variant Malware using Large-Language-Models
LLMalMorph: On The Feasibility of Generating Variant Malware using Large-Language-Models Open
Large Language Models (LLMs) have transformed software development and automated code generation. Motivated by these advancements, this paper explores the feasibility of LLMs in modifying malware source code to generate variants. We introd…
View article: Standing Firm in 5G: A Single-Round, Dropout-Resilient Secure Aggregation for Federated Learning
Standing Firm in 5G: A Single-Round, Dropout-Resilient Secure Aggregation for Federated Learning Open
Federated learning (FL) is well-suited to 5G networks, where many mobile devices generate sensitive edge data. Secure aggregation protocols enhance privacy in FL by ensuring that individual user updates reveal no information about the unde…
View article: The Zero-trust Paradigm: Concepts, Architectures and Applications
The Zero-trust Paradigm: Concepts, Architectures and Applications Open
The notion of Zero Trust Architecture (ZTA) has been introduced as a fine-grained defense approach. It assumes that no entities outside and inside the protected system can be trusted and, therefore, requires articulated and high-coverage d…
View article: LLM Agents Should Employ Security Principles
LLM Agents Should Employ Security Principles Open
Large Language Model (LLM) agents show considerable promise for automating complex tasks using contextual reasoning; however, interactions involving multiple agents and the system's susceptibility to prompt injection and other forms of con…
View article: Efficient Full-Stack Private Federated Deep Learning with Post-Quantum Security
Efficient Full-Stack Private Federated Deep Learning with Post-Quantum Security Open
Federated learning (FL) enables collaborative model training while preserving user data privacy by keeping data local. Despite these advantages, FL remains vulnerable to privacy attacks on user updates and model parameters during training …
View article: Dimensional Robustness Certification for Deep Neural Networks in Network Intrusion Detection Systems
Dimensional Robustness Certification for Deep Neural Networks in Network Intrusion Detection Systems Open
Network intrusion detection systems based on deep learning are gaining significant traction in cyber security due to their high prediction accuracy and strong adaptability to evolving cyber threats. However, a serious drawback is their vul…
View article: How Feasible is Augmenting Fake Nodes with Learnable Features as a Counter-strategy against Link Stealing Attacks?
How Feasible is Augmenting Fake Nodes with Learnable Features as a Counter-strategy against Link Stealing Attacks? Open
Graph Neural Networks (GNNs) are widely used and deployed for graph-based prediction tasks. However, as good as GNNs are for learning graph data, they also come with the risk of privacy leakage. For instance, an attacker can run carefully …
View article: TIMESAFE: Timing Interruption Monitoring and Security Assessment for Fronthaul Environments
TIMESAFE: Timing Interruption Monitoring and Security Assessment for Fronthaul Environments Open
5G and beyond cellular systems embrace the disaggregation of Radio Access Network (RAN) components, exemplified by the evolution of the fronthaul (FH) connection between cellular baseband and radio unit equipment. Crucially, synchronizatio…
View article: ZT-SDN: An ML-powered Zero-Trust Architecture for Software-Defined Networks
ZT-SDN: An ML-powered Zero-Trust Architecture for Software-Defined Networks Open
Zero Trust (ZT) is a security paradigm aiming to curtail an attacker's lateral movements within a network by implementing least-privilege and per-request access control policies. However, its widespread adoption is hindered by the difficul…
View article: Location Privacy-Preserving Mobile Crowd Sensing with Anonymous Reputation
Location Privacy-Preserving Mobile Crowd Sensing with Anonymous Reputation Open
In this paper, we give a location privacy-preserving solution for the mobile crowd sensing (MCS) system. The solution makes use of the blind signature technique for anonymous authentication and allows a mobile user to participate in the MC…
View article: Real-time Rectifying Flight Control Misconfiguration Using Intelligent Agent
Real-time Rectifying Flight Control Misconfiguration Using Intelligent Agent Open
Configurations are supported by most flight control systems, allowing users to control a flying drone adapted to complexities such as environmental changes or mission alterations. Such an advanced functionality also introduces a significan…
View article: Adversarial Domain Adaptation for Metal Cutting Sound Detection: Leveraging Abundant Lab Data for Scarce Industry Data
Adversarial Domain Adaptation for Metal Cutting Sound Detection: Leveraging Abundant Lab Data for Scarce Industry Data Open
Cutting state monitoring in the milling process is crucial for improving manufacturing efficiency and tool life. Cutting sound detection using machine learning (ML) models, inspired by experienced machinists, can be employed as a cost-effe…
View article: Uncovering Attacks and Defenses in Secure Aggregation for Federated Deep Learning
Uncovering Attacks and Defenses in Secure Aggregation for Federated Deep Learning Open
Federated learning enables the collaborative learning of a global model on diverse data, preserving data locality and eliminating the need to transfer user data to a central server. However, data privacy remains vulnerable, as attacks can …
View article: CellularLint: A Systematic Approach to Identify Inconsistent Behavior in Cellular Network Specifications
CellularLint: A Systematic Approach to Identify Inconsistent Behavior in Cellular Network Specifications Open
In recent years, there has been a growing focus on scrutinizing the security of cellular networks, often attributing security vulnerabilities to issues in the underlying protocol design descriptions. These protocol design specifications, t…
View article: Revisiting Concept Drift in Windows Malware Detection: Adaptation to Real Drifted Malware with Minimal Samples
Revisiting Concept Drift in Windows Malware Detection: Adaptation to Real Drifted Malware with Minimal Samples Open
In applying deep learning for malware classification, it is crucial to account for the prevalence of malware evolution, which can cause trained classifiers to fail on drifted malware. Existing solutions to address concept drift use active …
View article: SoK: Leveraging Transformers for Malware Analysis
SoK: Leveraging Transformers for Malware Analysis Open
The introduction of transformers has been an important breakthrough for AI research and application as transformers are the foundation behind Generative AI. A promising application domain for transformers is cybersecurity, in particular th…
View article: ARIoTEDef: Adversarially Robust IoT Early Defense System Based on Self-Evolution against Multi-step Attacks
ARIoTEDef: Adversarially Robust IoT Early Defense System Based on Self-Evolution against Multi-step Attacks Open
Internet of Things (IoT) cyber threats, exemplified by jackware and crypto mining, underscore the vulnerability of IoT devices. Due to the multi-step nature of many attacks, early detection is vital for a swift response and preventing malw…
View article: Transfer Learning for Security: Challenges and Future Directions
Transfer Learning for Security: Challenges and Future Directions Open
Many machine learning and data mining algorithms rely on the assumption that the training and testing data share the same feature space and distribution. However, this assumption may not always hold. For instance, there are situations wher…
View article: Gotta Detect 'Em All: Fake Base Station and Multi-Step Attack Detection in Cellular Networks
Gotta Detect 'Em All: Fake Base Station and Multi-Step Attack Detection in Cellular Networks Open
Fake base stations (FBSes) pose a significant security threat by impersonating legitimate base stations (BSes). Though efforts have been made to defeat this threat, up to this day, the presence of FBSes and the multi-step attacks (MSAs) st…
View article: Sharing cyber threat intelligence: Does it really help?
Sharing cyber threat intelligence: Does it really help? Open
The sharing of Cyber Threat Intelligence (CTI) across organizations is gaining traction, as it can automate threat analysis and improve security awareness.However, limited empirical studies exist on the prevalent types of cybersecurity thr…
View article: Graphene: Infrastructure Security Posture Analysis with AI-generated Attack Graphs
Graphene: Infrastructure Security Posture Analysis with AI-generated Attack Graphs Open
The rampant occurrence of cybersecurity breaches imposes substantial limitations on the progress of network infrastructures, leading to compromised data, financial losses, potential harm to individuals, and disruptions in essential service…