Available thesis

Topics in collaboration with our cybersecurity group

  • Information-Centric Networking Access Control

  • Software-Defined Networking Fingerprinting

  • Watermarking neural networks

  • Internet of Things attestation

  • Automated Intelligent Cyber Defense Agents

  • Fake document generation

  • Steganographic Generative Adversarial Networks

  • Characterization of the resilience of neural networks to adversarial examples

  • Automatic generation of diverse ML models

  • Functional-preserving transformation

MQTT and lightweight protocol security

Security and dependability of devices are paramount for the IoT ecosystem. Message Queuing Telemetry Transport protocol (MQTT) is the de facto standard and the most common alternative for those limited devices that cannot leverage HTTP. However, the MQTT protocol was designed with no security concern since initially designed for private networks of the oil and gas industry. Since MQTT is widely used for real applications, it is under the lens of the security community, also considering the widespread attacks targeting IoT devices.

Automated evaluation of reports for cyber-range exercises

Cyber-range exercises like Locked Shields are very effective formative assessments for learning and making in practice cybersecurity skills. However, some of the activities performed in the evaluation of the exercises are still manually done by members of the white team, with tedious, repetitive and error-prone tasks. Is it possible to improve the level of automation of the white team activities?

IPv6 security

Since the origins of the Internet, various vulnerabilities exploiting the IP fragmentation process have plagued IPv4 protocol, many of them leading to a wide range of attacks. One of the main source of problems have been the overlapping fragments, namely fragments that when reassembled, result in unexpected –possibly malicious– packets. To overcome the problem related to fragmentation, in IPv6 a specific extension header has been introduced and a RFC 5722 developed, proposing that overlapping fragments are simply and directly dropped when encountered. Since then, several studies have proposed some methodologies to check if IPv6 websites are still accepting overlapping fragments and, than, still vulnerable to the attacks that originate from them. However, some of the above methodologies have been also proved to be incomplete or misleading.

TTP-Based Hunting

A growing body of evidence from industry, MITRE, and government experimentation confirms that collecting and filtering data based on knowledge of adversary tactics, techniques, and procedures (TTPs) is an effective method for detecting malicious activity. This approach is effective because the technology on which adversaries operate (e.g., Microsoft Windows) constrains the number and types of techniques they can use to accomplish their goals post-compromise. There are a relatively small number of these techniques, and they occur on systems owned by the victim organization. All adversaries must either employ these known techniques or expend vast resources to develop novel techniques regardless of their capabilities or strategic mission objectives.

Internship with NEC Laboratories Europe (GmbH in Heidelberg, Germany and Madrid, Spain)

The security group at NEC Laboratories Europe works in many topics in the area of security and privacy, and offers paid internship to graduating master students. If interested, contact me for discussing details and possible thesis-topics.

Deepfake detection

Deep generative models are becoming more and more powerful and easily accessible to broad audiences. In the same time, the increasing utilization of social networks drives people to share and make public personal media as photos and videos. The combination of these two factors has introduced new and concrete threats aimed to attack the intellectual property of users contents and personal identities. One of the main example of this type of threat is the so called Deepfake technology where the victims images are used to create photo-realistic and possible inappropriate fake multimedia contents. We plan to develop a novel detection technique aimed to distinguish genuine from fake media.