We employ a DNA-inspired technique to investigate the fundamental laws that drive the occurrence of similarities among Twitter users. Each action a user performs is associated with a character, similarly to the A, C, T, G bases of biological DNA. The chronological sequence of actions of a user leads to the creation of a string of characters, its digital DNA, which encodes the user’s behavioral timeline. Given a digital DNA string, well-known string mining and biological DNA analysis techniques have been applied to study the characteristics of online user behaviors, for tasks such as anomalous behavior detection.

During the election challenger Romney experienced a sudden campaign, the Twitter account of jump in the number of followers, which, later, have been proved to be made of many "fake". The fake followers on Twitter correspond to accounts that exhibit "non-human" characteristics, with the purpose to increase the number of followers of a different account.

In collaboration with the Wafi group of IIT, we are working on a detection engine for Twitter followers able to discriminate between anomalous accounts like the fake followers, but also bots and spammers. More info on the MIB web page.

The evolution of the Computer Science is changing our lives: as opposite to the application of powerful server wired together to provide many applications to scientist and Internet surfers, the miniaturization of computers in tiny devices with reduced capability is opening the new era of the ubiquitous computing, the Internet-of-things (IoT). In this new scenario, Wireless Sensor Networks and RFID systems play a central role, opening unimaginable possibilities, but also big security challenges. Our research activity is mainly focused on providing efficient solutions specifically suited for such resource constrained devices for their security requirements, like confidentiality (cryptographic key management), integrity (clone and intrusion detection, RFID counterfeiting) and availability (redundancy and replication).

Android smartphone, developed by Google, has become a vital part of the daily routine. Today, there are numerous available applications in the official and alternative marketplaces. Although there are many security mechanisms to scan and filter these marketplaces for malicious applications, malware still reach the device of the end-user. In this project, we introduce the SafeDroid v2.0 framework. SafeDroid v2.0 is a flexible, robust, iterable and versatile solution for statically analyzing Android applications. The main goal of our framework is the automated production of fully sufficient prediction and classification models in terms of maximum accuracy scores and minimum negative errors. More info on the official web page.

Routing information are exchanged by Autonomous System routers using the Border Gateway Protocol (BGP), the de-facto standard protocol for inter-domain routing. However, the lack of security mechanisms expose BGP to a wide range of threats that are constantly undermining security of the Internet. Most prominent attacks include prefix hijacking and announcement of false routes to maliciously attract or divert traffic. Most of the security proposals advanced for BGP rely on digital signatures to authorize Autonomous Systems to propagate route announcements. We proposed an enhanced version of BGP that leverages Identity Based Cryptography to secure BGP, introducing only a constant overhead to verify authenticity of routes and without the requirement of a Public Key Infrastructure.

Accessing the information spread in the Web nowadays cannot be imagined without the use of Web services like Facebook, Bing, Google Web Search or Yahoo! Search. Being on the first page of a query results means to have a great advantage against competing websites. Major search engines are implementing a personalization of the results, where different users searching for the same terms may observe different results. Eli Pariser demonstrated how personalization in Facebook and Google could change the perception of the world and called this phenomenon the Filter Bubbles. In collaboration with the IIT-CNR of Pisa and the IMT Lucca, we are interested on understanding the amount of personalization of Web services at which extent it can impact on the unaware users.

User tracking on Internet is considered an easy task when there is the availability of traffic payloads and timing. A much more challenging scenario is the one that considers profiling users without the traffic payload, without opening encrypted traffic and, in addition, when the user is behind NAT. With the help of Hidden Markov Models it is possible to build trained classifiers able to fingerprint and track user in such a harsh setting. We are investigating how to enhance our classifiers, improving its detection ability and evaluating its correlation with the amount of training traffic.

Detection and mitigation of (D)DoS attacks is still an open challenge, because of their artlessness and simplicity: the attacking entities can be botnets of unaware compromised hosts, but also volunteers attackers that want to express their disagreement against private companies or public entities (the so called hacktivism). We are applying information theory based metrics to detect network anomalies. We are studying several possible metrics on a real dataset of netflow records, exploiting a real time framework able to process thousands of records per seconds. We are able to provide evidences of DDoS and DoS attacks and we are actually studying which metrics are more effective for detection purposes.

Twitter has shown to be a precious platform for reliable communications in emergency (like the earthquake of Haiti 2011) and for mass coordination (like the Twitter Revolution). This use of Twitter in cooperative, possibly critical, setting calls for a more precise awareness of the dynamics regulating message spreading. To this aim, collaborating with the IMT Lucca we are proposing a formal approach to model interactions among Twitter accounts. It allows users to clearly and precisely determine the effects of actions performed by Twitter accounts, such as post, retweet, reply to or delete tweets. In fact, despite the apparent easiness and simplicity of Twitter interactions, the achievement of a full user experience-awareness on Twitter should not be given for granted: the effects of (a sequence of) Twitter interactions could be, indeed, subtle.

Fraglets represent an execution model for communication protocols that resembles the chemical reactions in living organisms. The strong connection between their way of transforming and reacting and formal rewriting systems makes a fraglet program amenable to automatic verification. The model can be enriched and executed to specify security protocols and properties (leading to the definition of cryptofraglets). Practical examples can be provided: for example cryptofraglets can be adopted to specify and concretely analyze secure protocols, like the ones adopted in RFID systems or Wireless Sensor Networks.

A myriad of health-related websites exists on the Internet: finding reliable information is an issue that quests for solution. For example, a recent report by IMS Health showed that 50% of surveyed physicians who use the Internet have consulted Wikipedia for medical information. However, Wikipedia medicine articles has not received much attention by Academia and it presents open distinctive challenges. Our research activity proposes the maturity degree as a measure of content level, stability, and structural properties, based on the well known decision protocol Analytic Hierarchy Process (AHP). We also investigate the reliability of online product reviews of online marketplaces.