@conference {18595, title = {Power and Performance Optimized Hardware Classifiers for Eefficient On-device Malware Detection}, booktitle = {Cryptography and Security in Computing Systems}, year = {2019}, month = {01/2019}, publisher = {ACM}, organization = {ACM}, address = {Valencia, Spain}, author = {Wahab, Muhammad Abdul and Milosevic, Jelena and Regazzoni, Francesco and Ferrante, Alberto} } @article {18594, title = {Time, Accuracy and Power Consumption Tradeoff in Mobile Malware Detection Systems}, journal = {Computers \& Security}, volume = {82}, year = {2019}, month = {05/2019}, pages = {314-328}, chapter = {314}, issn = {01674048}, doi = {https://doi.org/10.1016/j.cose.2019.01.001}, author = {Milosevic, Jelena and Malek, Miroslaw and Ferrante, Alberto} } @inbook {18529, title = {Extinguishing Ransomware - A Hybrid Approach to Android Ransomware Detection}, booktitle = {Foundations and Practice of Security}, volume = {10723}, year = {2018}, month = {02/2018}, pages = {242-258}, publisher = {Springer International Publishing}, organization = {Springer International Publishing}, address = {Cham}, abstract = {Mobile ransomware is on the rise and effective defense from it is of utmost importance to guarantee security of mobile users{\textquoteright} data. Current solutions provided by antimalware vendors are signature-based and thus ineffective in removing ransomware and restoring the infected devices and files. Also, current state-of-the art literature offers very few solutions to effectively detecting and blocking mobile ransomware. Starting from these considerations, we propose a hybrid method able to effectively counter ransomware. The proposed method first examines applications to be used on a device prior to their installation (static approach) and then observes their behavior at runtime and identifies if the system is under attack (dynamic approach). To detect ransomware, the static detection method uses the frequency of opcodes while the dynamic detection method considers CPU usage, memory usage, network usage and system call statistics. We evaluate the performance of our hybrid detection method on a dataset that contains both ransomware and legitimate applications. Additionally, we evaluate the performance of the static and dynamic stand-alone methods for comparison. Our results show that although both static and dynamic detection methods perform well in detecting ransomware, their combination in a form of a hybrid method performs best, being able to detect ransomware with 100{\%} precision and having a false positive rate of less than 4{\%}.}, isbn = {978-3-319-75650-9}, doi = {https://doi.org/10.1007/978-3-319-75650-9_16}, author = {Ferrante, Alberto and Malek, Miroslaw and Martinelli, Fabio and Mercaldo, Francesco and Milosevic, Jelena}, editor = {Imine, Abdessamad and Fernandez, Jos{\'e} M. and Marion, Jean-Yves and Logrippo, Luigi and Garcia-Alfaro, Joaquin} } @conference {18530, title = {Time series kernel similarities for predicting Paroxysmal Atrial Fibrillation from ECGs}, booktitle = { IJCNN 2018 : International Joint Conference on Neural Networks}, year = {2018}, month = {07/2018}, publisher = {IEEE}, organization = {IEEE}, address = {Rio, Brazil}, author = {Bianchi, Filippo Maria and Livi, Lorenzo and Ferrante, Alberto and Milosevic, Jelena and Malek, Miroslaw} } @inbook {18466, title = {Malware Threats and Solutions for Trustworthy Mobile Systems Design}, booktitle = {Hardware Security and Trust: Design and Deployment of Integrated Circuits in a Threatened Environment}, year = {2017}, pages = {149-167}, publisher = {Springer}, organization = {Springer}, edition = {First edition; 2016}, keywords = {malware, mobile systems, security metric, trusting}, doi = {https://doi.org/10.1007/978-3-319-44318-8_8}, author = {Milosevic, Jelena and Regazzoni, Francesco and Malek, Miroslaw} } @inbook {18521, title = {Runtime Classification of Mobile Malware for Resource-constrained Devices}, booktitle = {Lecture Notes in Communications in Computer and Information Science}, volume = {764}, year = {2017}, pages = {195-215}, publisher = { Springer International Publishing AG}, organization = { Springer International Publishing AG}, doi = {https://doi.org/10.1007/978-3-319-67876-4_10}, author = {Milosevic, Jelena and Malek, Miroslaw and Ferrante, Alberto} } @conference {18459, title = {A Friend or a Foe? Detecting Malware Using Memory and CPU Features}, booktitle = {SECRYPT 2016, 13th International Conference on Security and Cryptography}, year = {2016}, month = {07/2016}, publisher = {SciTePress Digital Library}, organization = {SciTePress Digital Library}, address = {Lisbon, Portugal}, author = {Milosevic, Jelena and Malek, Miroslaw and Ferrante, Alberto} } @conference {18461, title = {MalAware: Effective and Efficient Run-time Mobile Malware Detector}, booktitle = {The 14th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2016)}, year = {2016}, month = {08/2016}, publisher = {IEEE Computer Society Press}, organization = {IEEE Computer Society Press}, address = {Auckland, New Zealand}, author = {Milosevic, Jelena and Ferrante, Alberto and Malek, Miroslaw} } @conference {18515, title = {Spotting the Malicious Moment: Characterizing Malware Behavior Using Dynamic Features}, booktitle = {2016 11th International Conference on Availability, Reliability and Security (ARES)}, year = {2016}, month = {08/2016}, address = {Salzburg, Austria}, keywords = {Android applications, Androids, automatic mobile application analysis, dynamic features, Feature extraction, Humanoid robots, informative malware identification, invasive software, learning (artificial intelligence), local malicious behavior detection, machine learning, malicious activity, malware, malware behavior characterization, malware detection tools, mobile computing, mobile devices, Mobile handsets, monitoring, pattern classification, program diagnostics, resource usage, security, system calls, user protection}, doi = {10.1109/ARES.2016.70}, author = {Ferrante, Alberto and Mercaldo, Francesco and Milosevic, Jelena and Visaggio, Corrado Aaron}, editor = {Medvet, Eric} } @conference {18505, title = {Trojan Families Identification Using Dynamic Features and Low Complexity Classifiers}, booktitle = {24th EICAR Annual Conference 2016 "Trustworthiness in IT Security Products"}, year = {2016}, month = {10/2016}, publisher = {EICAR}, organization = {EICAR}, address = {Nuremberg, Germany}, author = {Milosevic, Jelena and Ferrante, Alberto and Malek, Miroslaw} } @conference {18385, title = {What Does the Memory Say? Towards the most indicative features for efficient malware detection}, booktitle = {CCNC 2016, The 13th Annual IEEE Consumer Communications \& Networking Conference}, year = {2016}, month = {01/2016}, publisher = {IEEE Communication Society}, organization = {IEEE Communication Society}, address = {Las Vegas, NV, USA}, author = {Milosevic, Jelena and Ferrante, Alberto and Malek, Miroslaw} } @conference {18390, title = {Can we Achieve both Privacy Protection and Efficient Malware Detection on Smartphones?}, booktitle = {1st Interdisciplinary Cyber Research Workshop 2015}, year = {2015}, month = {07/2015}, publisher = {Tallinn University of Technology}, organization = {Tallinn University of Technology}, address = {Tallin, Estona}, url = {http://cybercentre.cs.ttu.ee/wp/wp-content/uploads/2015/02/ICR_2015_proceedings.pdf}, author = {Milosevic, Jelena and Ferrante, Alberto and Malek, Miroslaw} } @misc {18391, title = {A General Practitioner or a Specialist for Your Infected Smartphone?}, journal = {36th IEEE Symposium on Security and Privacy }, year = {2015}, month = {05/2015}, publisher = {IEEE Computer Society Technical Committee on Security and Privacy}, address = {San Jose, CA, USA}, abstract = {With explosive growth in the number of mobile devices, the mobile malware is rapidly spreading as well, and the number of encountered malware families is increasing. Existing solutions, which are mainly based on one malware detector running on the phone or in the cloud, are no longer effective. Main problem lies in the fact that it might be impossible to create a unique mobile malware detector that would be able to detect different malware families with high accuracy, being at the same time lightweight enough not to drain battery quickly and fast enough to give results of detection promptly. The proposed approach to mobile malware detection is analogous to general practitioner versus specialist approach to dealing with a medical problem. Similarly to a general practitioner that, based on indicative symptoms identifies potential illnesses and sends the patient to an appropriate specialist, our detection system distinguishes among symptoms representing different malware families and, once the symptoms are detected, it triggers specific analyses. A system monitoring application operates in the same way as a general practitioner. It is able to distinguish between different symptoms and trigger appropriate detection mechanisms. As an analogy to different specialists, an ensemble of detectors, each of which specifically trained for a particular malware family, is used. The main challenge of the approach is to define representative symptoms of different malware families and train detectors accordingly to them. The main goal of the poster is to foster discussion on the most representative symptoms of different malware families and to discuss initial results in this area obtained by using Malware Genome project dataset.}, keywords = {Android, feature selection, malware detection, PCA, security}, url = {http://www.ieee-security.org/TC/SP2015/posters/paper_16.pdf}, author = {Milosevic, Jelena and Ferrante, Alberto and Malek, Miroslaw} } @conference {18462, title = {Security Challenges for Hardware Designers of Mobile Systems}, booktitle = {2015 Mobile Systems Technologies Workshop (MST)}, year = {2015}, month = {May}, keywords = {cryptographic capabilities, cryptographic primitives, cryptography, hardware, hardware design flow, hardware designers, hardware trojan, Hardware Trojans, Integrated optics, malware, mobile communication, mobile computing, mobile device, mobile devices, Mobile handsets, mobile systems, Optical device fabrication, pervasive mobile devices, physical attack, physical attacks, security, security challenges, software malware, telecommunication security, Trojan horses}, doi = {10.1109/MST.2015.11}, author = {Milosevic, Jelena and Ferrante, Alberto and Regazzoni, Francesco} } @conference {18233, title = {Modeling Requirements For Security-enhanced Design of Embedded Systems}, booktitle = {ICETE SECRYPT}, year = {2014}, month = {08/2014}, publisher = {ICETE}, organization = {ICETE}, address = {Vienna, Austria}, author = {Ferrante, Alberto and Kaitovi{\'c}, Igor and Milosevic, Jelena} } @conference {18206, title = {A Resource-optimized Approach to Efficient Early Detection of Mobile Malware}, booktitle = {3rd International Workshop on Security of Mobile Applications - IWSMA 2014}, year = {2014}, month = {09/2014}, address = {Fribourg, Switzerland}, author = {Milosevic, Jelena and Dittrich, Andreas and Ferrante, Alberto and Malek, Miroslaw} } @conference {18227, title = {Risk Assessment of Atrial Fibrillation: a Failure Prediction Approach}, booktitle = {41st Computing in Cardiology Conference (CinC)}, year = {2014}, month = {09/2014}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, address = {Cambridge, MA, USA}, abstract = {We present a methodology for identifying patients who have experienced Paroxysmal Atrial Fibrillation (PAF) among a given subjects population. Our work is intended as an initial step towards the design of an unobtrusive system for concurrent detection and monitoring of chronic cardiac conditions. Our methodology comprises two stages: off-line training and on-line analysis. During training the most significant features are selected using machine-learning methods, without relying on a manual selection based on previous knowledge. Analysis is based on two phases: feature extraction and detection of PAF patients. Light-weight algorithms are employed in the feature extraction phase, allowing the on-line implementation of this step on wearable and resource-constrained sensor nodes. The detection phase employs techniques borrowed from the field of failure prediction. While these algorithms have found extensive applications in diverse scenarios, their application to automated cardiac analysis has not been sufficiently investigated. Obtained results, in terms of performance, are comparable to similar efforts in the field. Nonetheless, the proposed method employs computationally simpler and more efficient algorithms, which are compatible with the computational constraints of state-of-the-art body sensor nodes.}, url = {http://andreas-dittrich.eu/2014/06/risk-assessment-of-atrial-fibrillation-a-failure-prediction-approach}, author = {Milosevic, Jelena and Dittrich, Andreas and Ferrante, Alberto and Malek, Miroslaw and Rojas Quiros, Camilo and Braojos, Rub{\'e}n and Ansaloni, Giovanni and Atienza, David} } @conference {17772, title = {A Security-enhanced Design Methodology For Embedded Systems}, booktitle = { ICETE SECRYPT 2013}, year = {2013}, month = {07/2013}, publisher = {ICETE}, organization = {ICETE}, address = {Reykjavik, Iceland}, keywords = {design methodology, design space exploration, embedded systems, metric, security, security metric}, author = {Ferrante, Alberto and Milosevic, Jelena and Janjusevic, Marija} }