Thesis

Students' proposed topics about network security or cybersecurity are welcome.

Please accept my apologies if I am unable to provide a quick answer to thesis requests. It can take a while to conceive an adequate proposal.

Some example of available thesis

Automation of Cyber ranges

Cyber ranges are a relevant component of cybersecurity expert education. Providing automation tools is beneficial for the setup and effectiveness of gaming sessions. The design and implementation of automation tools in this field are in high demand. Automation can be beneficial to any team involved in gaming sessions, i.e., red team, blue team, white team, or yellow team.

MQTT and lightweight protocol security

Security and dependability of devices are paramount for the IoT ecosystem. Message Queuing Telemetry Transport protocol (MQTT) is the de facto standard and the most common alternative for those limited devices that cannot leverage HTTP. However, the MQTT protocol was designed with no security concern since initially designed for private networks of the oil and gas industry. Since MQTT is widely used for real applications, it is under the lens of the security community, also considering the widespread attacks targeting IoT devices.

Brand Monitoring and Social Reputation Online

Dati in input item provenienti da diverse tipologie di social network, messagging platform, forum, blog e articoli stampa, l'esigenza è quella di clusterizzare i testi simili e classificare i dati secondo la logica dell’impatto che la notizia può avere sul cliente.

L'output che ci si aspetta è una clusterizzazione che tenga conto di aspetti linguistici del testo non strutturato (es. similarità del testo), ma anche di aspetti legati alle informazioni strutturate disponibili, quali ad esempio l’utilizzo di retweet, ricondivisioni, like, etc. Il lavoro deve essere funzionale alle esigenze di un analista di Threat Intelligence che deve monitorare il “parlato” riguardo ad uno specifico cliente o topic.

Attualmente gestiamo migliaia di item giornalieri provenienti da differenti fonti, soprattutto da Social (Twitter). All’interno di questi item il cliente viene menzionato in relazione a differenti topic. L’esigenza è quella di clusterizzare i suddetti item ed identificare e classificare i differenti topic.

Identificato il cluster, è necessario quindi identificare una label o un insieme di keyword che siano utili all’analista a capire velocemente l’argomento. Inoltre deve essere associato al cluster un sentiment (positivo, negativo o neutro).

Reti neurali ad apprendimento supervisionato potrebbero essere utili alla causa, ma da esplorare meglio.

Seguendo sempre l’esempio del conflitto ucraino, in questi giorni in cui la massa degli item relativi al topic è importante, risulta di difficile individuazione un dato non appartenente al cluster aumentando così i tempi di lavorazione da parte dell’analista.

IPv6 security

Since the origins of the Internet, various vulnerabilities exploiting the IP fragmentation process have plagued IPv4 protocol, many of them leading to a wide range of attacks. One of the main sources of problems have been the overlapping fragments, namely fragments that when reassembled, result in unexpected –possibly malicious– packets. To overcome the problem related to fragmentation, in IPv6 a specific extension header has been introduced and a RFC 5722 developed, proposing that overlapping fragments are simply and directly dropped when encountered. Since then, several studies have proposed some methodologies to check if IPv6 websites are still accepting overlapping fragments and, than, still vulnerable to the attacks that originate from them. However, some of the above methodologies have been also proved to be incomplete or misleading.

Internship with Italian enterprises (DigitalPlatforms S.p.A.., Linkem and others)

System hardening (Android, Windows or Linux)

Topics in collaboration with our cybersecurity group

Information-Centric Networking Access Control
Software-Defined Networking Fingerprinting
Watermarking neural networks
Internet of Things attestation
Automated Intelligent Cyber Defense Agents
Fake document generation
Steganographic Generative Adversarial Networks
Characterization of the resilience of neural networks to adversarial examples
Automatic generation of diverse ML models
Functional-preserving transformation

Internship with NEC Laboratories Europe (GmbH in Heidelberg, Germany and Madrid, Spain)

The security group at NEC Laboratories Europe works in many topics in the area of security and privacy, and offers paid internship to graduating master students. If interested, contact me for discussing details and possible thesis-topics.

Automated evaluation of reports for cyber-range exercises

Cyber-range exercises like Locked Shields are very effective formative assessments for learning and making in practice cybersecurity skills. However, some of the activities performed in the evaluation of the exercises are still manually done by members of the white team, with tedious, repetitive and error-prone tasks. Is it possible to improve the level of automation of the white team activities?

TTP-Based Hunting

A growing body of evidence from industry, MITRE, and government experimentation confirms that collecting and filtering data based on knowledge of adversary tactics, techniques, and procedures (TTPs) is an effective method for detecting malicious activity. This approach is effective because the technology on which adversaries operate (e.g., Microsoft Windows) constrains the number and types of techniques they can use to accomplish their goals post-compromise. There are a relatively small number of these techniques, and they occur on systems owned by the victim organization. All adversaries must either employ these known techniques or expend vast resources to develop novel techniques regardless of their capabilities or strategic mission objectives.

Deepfake detection

Deep generative models are becoming more and more powerful and easily accessible to broad audiences. In the same time, the increasing utilization of social networks drives people to share and make public personal media as photos and videos. The combination of these two factors has introduced new and concrete threats aimed to attack the intellectual property of users contents and personal identities. One of the main example of this type of threat is the so called Deepfake technology where the victims images are used to create photo-realistic and possible inappropriate fake multimedia contents. We plan to develop a novel detection technique aimed to distinguish genuine from fake media.