Publications
Chosen filters:
Chosen filters:
A Quantitative Assessment of the Detection Performance of Web Vulnerability Scanners KU Leuven
Software developers use web application vulnerability scanners to automatically identify security weaknesses in their web applications. The scanners inspect source code or analyze the running application, and look for specific vulnerability types. While it can be expected that a scanner will not discover every vulnerability, no information is available on the expected efficacy of currently available vulnerability scanners for a given ...
Helping hands: Measuring the impact of a large threat intelligence sharing community KU Leuven
We tracked the largest volunteer security information sharing community known to date: the COVID-19 Cyber Threat Coalition, with over 4,000 members. This enabled us to address long-standing questions on threat information sharing. First, does collaboration at scale lead to better coverage? And second, does making threat data freely available improve the ability of defenders to act? We found that the CTC mostly aggregated existing industry ...
An Audit of Facebook’s Political Ad Policy Enforcement KU Leuven
Major technology companies strive to protect the integrity of political advertising on their platforms by implementing and enforcing self-regulatory policies that impose transparency requirements on political ads. In this paper, we quantify whether Facebook's current enforcement correctly identifies political ads and ensures compliance by advertisers. In a comprehensive, large-scale analysis of 4.2 million political and 29.6 million ...
Trace Oddity: Methodologies for Data-Driven Traffic Analysis on Tor KU Leuven
Traffic analysis attacks against encrypted web traffic are a persisting problem. However, there is a large gap between the scientific estimate of attack threats and the real-world situation. As traffic analysis attacks depend on very specific metadata information, they are sensitive to artificial changes in the transmission characteristics. While the advent of deep learning greatly improves the performance rates of traffic analysis attacks on ...
Applying Machine Learning to use security oracles: a case study in virus and malware detection KU Leuven
Machine Learning (ML) has a significant potential to enhance the security posture of an organization by improving threat detection and discovery. The growing quality and quantity of data through measurements creates opportunities in this context. However, when an organization does not have sufficient labeled data to make predictions, it can rely on third parties for expert advise. In this work, we present a real-world case study of a company ...
Position Paper: On Advancing Adversarial Malware Generation Using Dynamic Features KU Leuven
Along the evolution of malware detection systems, adversaries develop sophisticated evasion techniques that render malicious samples undetectable. Especially for ML-based detection systems, an effective approach is to craft adversarial malware to evade detection. In this position paper, we conduct a critical review of existing adversarial attacks against malware detection, and conclude that current research focuses mainly on evasion techniques ...
Adversarial machine learning KU Leuven
Intelligent Malware Defenses KU Leuven
With rapidly evolving threat landscape surrounding malware, intelligent defenses based on machine learning are paramount. In this chapter, we review the literature proposed in the past decade and identify the state-of-the-art in various related research directions—malware detection, malware analysis, adversarial malware, and malware author attribution. We discuss challenges that emerge when machine learning is applied to malware. We also ...