Publications

Social media platforms continue to struggle with the growing presence of social bots-automated accounts that can influence public opinion and facilitate the spread of disinformation. Over time, these social bots have advanced significantly, making them increasingly difficult to distinguish from genuine users. Recently, new groups of bots have emerged, utilizing Large Language Models to generate content for posting, further complicating detection efforts. This paper proposes a novel approach that uses algorithms to measure the similarity between DNA strings, commonly used in biological contexts, to classify social users as bots or not. Our approach begins by clustering social media users into distinct macro species based on the similarities (and differences) observed in their timelines. These macro species are subsequently classified as either bots or genuine users, using a novel metric we developed that evaluates their behavioral characteristics in a way that mirrors biological comparison methods. This study extends beyond past approaches that focus solely on identical behaviors via analyses of the accounts' timelines. By incorporating new metrics, our approach systematically classifies non-trivial accounts into appropriate categories, effectively peeling back layers to reveal non-obvious species.

Social media platforms face an ongoing challenge in combating the proliferation of social bots, automated accounts that are also known to distort public opinion and support the spread of disinformation. Over the years, social bots have evolved greatly, often becoming indistinguishable from real users, and more recently, families of bots have been identified that are powered by Large Language Models to produce content for posting. We suggest an idea to classify social users as bots or not using genetic similarity algorithms. These algorithms provide an adaptive method for analyzing user behavior, allowing for the continuous evolution of detection criteria in response to the ever-changing tactics of social bots. Our proposal involves an initial clustering of social users into distinct macro species based on the similarities of their timelines. Macro species are then classified as either bot or genuine based on genetic characteristics. The preliminary idea we present, once fully developed, will allow existing detection applications based on timeline equality alone to be extended to detect bots. By incorporating new metrics, our approach will systematically classify non-trivial accounts into appropriate categories, effectively peeling back layers to reveal non-obvious species.

Cyber ranges are virtual training ranges that have emerged as indispensable environments for conducting secure exercises and simulating real or hypothetical scenarios. These complex computational infrastructures enable the simulation of attacks, facilitating the evaluation of defense tools and methodologies and developing novel countermeasures against threats. One of the main challenges of cyber range scalability is the exercise evaluation that often requires the manual intervention of human operators, the White team. This paper proposes a novel approach that uses Blue and Red team reports and well-known databases to automate the evaluation and assessment of the exercise outcomes, overcoming the limitations of existing assessment models. Our proposal encompasses evaluating various aspects and metrics, explicitly emphasizing Blue Teams' actions and strategies and allowing the automated generation of their cyber posture.

Since the origins of the Internet, various vulnerabilities exploiting the IP fragmentation process have plagued IPv4 protocol, many leading to a wide range of attacks. IPv6 modified the handling of fragmentations and introduced a specific extension header, not solving the related problems, as proved by extensive literature. One of the primary sources of problems has been the overlapping fragments, which result in unexpected or malicious packets when reassembled. To overcome the problem related to fragmentation, the authors of RFC 5722 decided that IPv6 hosts MUST silently drop overlapping fragments.

Online Social Networks have revolutionized how we consume and share information, but they have also led to a proliferation of content not always reliable and accurate. One particular type of social accounts is known to promote unreputable content, hyperpartisan, and propagandistic information. They are automated accounts, commonly called bots. Focusing on Twitter accounts, we propose a novel approach to bot detection: we first propose a new algorithm that transforms the sequence of actions that an account performs into an image; then, we leverage the strength of Convolutional Neural Networks to proceed with image classification. We compare our performances with state-of-the-art results for bot detection on genuine accounts/bot accounts datasets well known in the literature. The results confirm the effectiveness of the proposal, because the detection capability is on par with the state of the art, if not better in some cases.

Security and dependability of devices are paramount for the IoT ecosystem. Message Queuing Telemetry Transport protocol (MQTT) is the de facto standard and the most common alternative for those limited devices that cannot leverage HTTP. However, the MQTT protocol was designed with no security concern since initially designed for private networks of the oil and gas industry. Since MQTT is widely used for real applications, it is under the lens of the security community, also considering the widespread attacks targeting IoT devices. Following this direction research, in this paper we present an empirical security evaluation of several widespread implementations of MQTT system components, namely five broker libraries and three client libraries. While the results of our research do not capture very critical flaws, there are several scenarios where some libraries do not fully adhere to the standard and leave some margins that could be maliciously exploited and potentially cause system inconsistencies.