Publications

Conference Proceedings and Refereed Journal Publications

[CCSYizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, Nikolaos Vasiloglou. "Practical Attacks Against Graph-based Clustering" ACM Conference on Computer and Communications SecurityACM CCS 2017 (acceptance rate 18.1% = 151/836) [pdf]

[DSN] Babak Rahbarinia, Marco Balduzzi, Roberto Perdisci. "Exploring the Long Tail of (Malicious) Software Downloads". IEEE/IFIP International Conference on Dependable Systems and NetworksDSN 2017 (acceptance rate 22.3% = 49/220) [pdf][AVtype]

[NDSS] Phani Vadrevu, Jienan Liu, Bo Li, Babak Rahbarinia, Kyu Hyung Lee, Roberto Perdisci. "Enabling Reconstruction of Attacks on Users via Efficient Browsing Snapshots". Network and Distributed System Security SymposiumNDSS 2017 (acceptance rate 16.1% = 68/423) [pdf,code]

[ACM-TOPS] Babak Rahbarinia, Roberto Perdisci, Manos Antonakakis. "Efficient and Accurate Behavior-Based Tracking of Malware-Control Domains in Large ISP Networks." ACM Transactions on Privacy and Security , Volume 19, Issue 2, Article No. 4, August 2016 [pdf

[USENIX Sec] Terry Nelms, Roberto PerdisciManos Antonakakis, Mustaque Ahamad. "Towards Measuring and Mitigating Social Engineering Software Download Attacks.USENIX Security Symposium, 2016. (acceptance rate 15.6% = 72/463) [pdf]

[AsiaCCS] Babak Rahbarinia, Marco BalduzziRoberto Perdisci. "Real-Time Detection of Malware Downloads via Large-Scale URL->File->Machine Graph Mining." ACM Symposium on InformAtion, Computer and Communications SecurityAsiaCCS 2016. (acceptance rate for full papers: 21% = 73/350) [pdf]
 
[AsiaCCS] Phani Vadrevu, Roberto Perdisci. "MAXS: Scaling Malware Execution with Sequential Multi-Hypothesis Testing." ACM Symposium on InformAtion, Computer and Communications SecurityAsiaCCS 2016(acceptance rate for full papers: 21% = 73/350) [pdf]

[IEEE-TDSC] Yacin Nadji, Roberto PerdisciManos Antonakakis. "Still Beheading Hydras: Botnet Takedowns Then and Now." IEEE Transactions on Dependable and Secure Computing, (IEEE TDSC), 2015.  [DOI]

[CCS] Christopher Neasbitt, Bo Li, Roberto Perdisci, Long Lu, Kapil Singh, Kang Li. "WebCapsule: Towards a Lightweight Forensic Engine for Web Browsers." ACM Conference on Computer and Communications SecurityACM CCS 2015. (acceptance rate 19.8% = 128/646) [pdf][code]

[USENIX Sec] Terry Nelms, Roberto PerdisciManos Antonakakis, Mustaque Ahamad. "WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths.USENIX Security Symposium, 2015. (acceptance rate 15.7% = 67/426) [pdf]

[SIGCOMM] Maria Konte, Roberto Perdisci, Nick Feamster. "ASwatch: An AS Reputation System to Expose Bulletproof Hosting ASes." ACM SIGCOMM 2015 Conference. (acceptance rate 15.6% = 40/256) [pdf]

[ACM-CCR] Maria Konte, Roberto Perdisci, Nick Feamster. "ASwatch: An AS Reputation System to Expose Bulletproof Hosting ASes." ACM SIGCOMM Computer Communication ReviewVolume 45 Issue 4, October 2015 Pages 625-638 [DOI]

[DSN] Babak Rahbarinia, Roberto Perdisci, Manos Antonakakis. "Segugio: Efficient Behavior-Based Tracking of New Malware-Control Domains in Large ISP Networks." IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015. (acceptance rate 21.8% = 50/229) [pdf]

[WWW] Xinyu Xing, Wei Meng, Udi Weinsberg, Anmol Sheth, Byoungyoung Lee, 
 Roberto Perdisci, Wenke Lee. "Understanding Malvertising Through Ad-Injecting Browser Extensions." International World Wide Web Conference, WWW 2015. (acceptance rate 14.1% = 131/929) [pdf]

[CCS] Christopher Neasbitt, Roberto Perdisci, Kang Li, Terry Nelms. "ClickMiner: Towards Forensic Reconstruction of User-Browser Interactions from Network Traces." ACM Conference on Computer and Communications Security, ACM CCS 2014. (acceptance rate 19.5% = 114/585) [pdf][code]

[DSN] Yizheng Chen, Manos Antonakakis, Roberto Perdisci, Yacin Nadji, David Dagon, Wenke Lee. "DNS Noise: Measuring the Pervasiveness of Disposable Domains in Modern DNS Traffic." IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014

[JISA] Babak Rahbarinia, Roberto Perdisci, Andrea Lanzi, and Kang Li. "PeerRush: Mining for unwanted P2P traffic." Journal of Information Security and Applications, Volume 19, Issue 3, July 2014, Pages 194–208. [DOI]

[IEEE-TIFS] Junjie Zhang, Roberto Perdisci, Wenke Lee, Unum Sarfraz, and Xiapu Luo. "Building a scalable system for stealthy P2P-botnet detection". IEEE Transactions on Information Forensics and Security (IEEE-TIFS), 9(1):27–38, Jan. 2014. [pdf][DOI]

[CompNet] Roberto Perdisci, Davide Ariu, Giorgio Giacinto. "Scalable Fine-Grained Behavioral Clustering of HTTP-Based Malware." Computer Networks, Special Issue on Botnet Activity: Analysis, Detection and Shutdown, 57(2):487–500, 2013. [pdf][DOI]

[CCS] Yacin Nadji, Manos Antonakakis, Roberto Perdisci, Wenke Lee, David Dagon. "Beheading Hydras: Performing Effective Botnet Takedowns." 20th ACM Conference on Computer and Communications Security, ACM CCS 2013(acceptance rate 19.8% = 105/530) [pdf]

[ESORICS] Phani Vadrevu, Babak Rahbarinia, Roberto Perdisci, Kang Li, Manos Antonakakis. "Measuring and Detecting Malware Downloads in Live Network Traffic." 18th European Symposium on Research in Computer Security, ESORICS 2013. (acceptance rate 17.8% = 43/242) [pdf][source code]

[RAID] Yacin Nadji, Manos Antonakakis, Roberto Perdisci, Wenke Lee. "Connected Colors: Unveiling the Structure of Criminal Networks." 16th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2013. [pdf]

[USENIX Sec] Terry Nelms, Roberto Perdisci, Mustaque Ahamad. "ExecScent: Mining for New C&C Domains in Live Networks with Adaptive Control Protocol Templates." USENIX Security Symposium 2013. (acceptance rate 16.2% = 45/277) [pdf]

[LEET] Babak Rahbarinia, Roberto Perdisci, Manos Antonakakis, David Dagon. "SinkMiner: Mining Botnet Sinkholes for Fun and Profit." 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET 2013. (acceptance rate 43.5% = 10/23) [pdf,slides]

[DIMVA] Babak Rahbarinia, Roberto Perdisci, Andrea Lanzi, Kang Li. "PeerRush: Mining for Unwanted P2P Traffic". 10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, DIMVA 2013 Best Paper Award (acceptance rate 31.6% = 12/38) [pdf,slides]

[ACSAC] Roberto Perdisci, ManChon U. "VAMO: Towards a Fully Automated Malware Clustering Validity Analysis". 28th Annual Computer Security Applications Conference, ACSAC 2012 (acceptance rate 19.0% = 44/231) [pdf,slides]

[USENIX Sec] Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou, Saeed Abu-Nimeh, Wenke Lee, David Dagon. "From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware". USENIX Security Symposium, 2012 (acceptance rate 19.4% = 43/222) [pdf]

[IEEE-DSC] Roberto Perdisci, Igino Corona, Giorgio Giacinto. "Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis." IEEE Transactions on Dependable and Secure Computing (IEEE-TDSC), 9(5), Sept.-Oct. 2012, pp. 714-726. [DOI][pdf][slides][source code]

[ACSAC] Yacin Nadji, Manos Antonakakis, Roberto Perdisci, Wenke Lee. "Understanding the Prevalence and Use of Alternative Plans in Malware with Network Games". Annual Computer Security Applications Conference, ACSAC 2011 (acceptance rate 18.5% = 36/195) [pdf

[ACSAC] Xiapu Luo, Peng Zhou, Junjie Zhang, Roberto Perdisci, Wenke Lee, Rocky K.C. Chang. "Exposing Invisible Timing-based Traffic Watermarks with BACKLIT". Annual Computer Security Applications Conference, ACSAC 2011 (acceptance rate 18.5% = 36/195[pdf

[CCS] Long Lu, Roberto Perdisci, Wenke Lee. "SURF: Detecting and Measuring Search Poisoning". ACM Conference on Computer and Communications Security, ACM CCS 2011 (acceptance rate 14.0% = 60/429) [pdf

[USENIX Sec] Manos Antonakakis, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou, David Dagon. "Detecting Malware Domains at the Upper DNS Hierarchy". USENIX Security Symposium, 2011 (acceptance rate 17.2% = 35/204) [pdf

[DSN] Junjie Zhang, Roberto Perdisci, Wenke Lee, Unum Sarfraz, Xiapu Luo. "Detecting Stealthy P2P Botnets Using Statistical Traffic Fingerprints". IEEE/IFIP International Conference on Dependable Systems and Networks - Dependable Computing and Communications Symposium, DSN DCCS 2011 (acceptance rate 17.6% = 26/148) [pdf,slides

[ASIACCS] Junjie Zhang, Xiapu Luo, Roberto Perdisci, Guofei Gu, Wenke Lee, Nick Feamster. "Boosting the scalability of Botnet Detection Using Adaptive Traffic Sampling". 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011. (acceptance rate 16.1% = 35 regular papers out of 217 submissions) [pdf

[NDSS] Xiapu Luo, P. Zhou, E. W. W. Chan, Wenke Lee, R. K. C. Chang, Roberto Perdisci. "HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows". 18th Annual Network and Distributed System Security Symposium, NDSS 2011. (acceptance rate 20.1% = 28/139) [pdf]

[ESORICS] Xiapu Luo, Junjie Zhang, Roberto Perdisci, Wenke Lee. "On the Secrecy of Spread-Spectrum Flow Watermarks". European Symposium on Research in Computer Security, ESORICS 2010. (acceptance rate 20.9% = 42/201) [pdf]

[RAID] Manos Antonakakis, David Dagon, Xiapu Luo, Roberto Perdisci, W. Lee, J. Bellmor. "Anax: A Monitoring Infrastructure for Improving DNS Security". International Symposium on Recent Advances in Intrusion Detection, RAID 2010. (acceptance rate 23.1% = 24/104) [pdf]

[USENIX Sec] Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee, Nick Feamster. "Building a Dynamic Reputation System for DNS". USENIX Security Symposium 2010 (acceptance rate 14.9% = 30/202) [pdf,slides]

[NSDI] Roberto Perdisci, Wenke Lee, Nick Feamster. "Behavioral Clustering of HTTP-based Malware and Signature Generation using Malicious Network Traces". USENIX Symposium on Networked Systems Design and Implementation, NSDI 2010 (acceptance rate 16.6% = 29/175) [pdf,slides]

[CompNet] Roberto Perdisci, Davide Ariu, Prahlad Fogla, Giorgio Giacinto, Wenke Lee. "McPAD : A Multiple Classifier System for Accurate Payload-based Anomaly Detection." Computer Networks, Special Issue on Traffic Classification and Its Applications to Modern Networks, 5(6), 2009, pp. 864-881. [pdf][source code]

[ACSAC] Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee. "Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces". Annual Computer Security Applications Conference, ACSAC 2009 (acceptance rate 19.6% = 44/224) [pdf,slides]

[DSN] Roberto Perdisci, Manos Antonakakis, Xiapu Luo, Wenke Lee. "WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks". IEEE/IFIP International Conference on Dependable Systems and Networks - Dependable Computing and Communications Symposium, DSN-DCCS 2009 (acceptance rate 21% = 37/177 full submissions) [pdf,extended_pdf,slides]

[ACSAC] Roberto Perdisci, Andrea Lanzi, Wenke Lee. "McBoost : Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables". Annual Computer Security Applications Conference, ACSAC 2008 (acceptance rate 24.3% = 42/172) [pdf,slides

[PRL] Roberto Perdisci, Andrea Lanzi, Wenke Lee. "Classification of Packed Executables for Accurate Computer Virus Detection." Pattern Recognition Letters, 29(14), 2008, pp. 1941-1946. [pdf][source code]

[JIF] Giorgio Giacinto, Roberto Perdisci, Mauro Del Rio, Fabio Roli. "Intrusion Detection in Computer Networks by a Modular Ensemble of One-Class Classifiers". Information Fusion, Special Issue on Applications of Ensemble Methods, 9(1), 2008, pp. 69-82. [pdf]

[USENIX Sec] Guofei Gu, Roberto Perdisci, Junjie Zhang, Wenke Lee. "BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection". USENIX Security Symposium 2008 (acceptance rate 15.9% = 27/170) [pdf,slides]

[MLDM] Davide Ariu, Giorgio Giacinto, Roberto Perdisci. "Sensing Attacks in Computers Networks with Hidden Markov Models". International Conference on Machine Learning and Data Mining in Pattern recognition, MLDM 2007. [pdf]

[ICDM] Roberto Perdisci, Guofei Gu, Wenke Lee. "Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems". IEEE International Conference on Data Mining, IEEE ICDM 2006 (acceptance rate 9.4% = 73 regular papers out of 776 submissions) [pdf,slides]

[USENIX Sec] Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov, Wenke Lee. "Polymorphic Blending Attacks". USENIX Security Symposium 2006 (acceptance rate 12.3% = 22/179) [pdf,slides]

[IEEE-S&P] Roberto Perdisci, David Dagon, Wenke Lee, Prahlad Fogla, Monirul Sharif. "Misleading Worm Signature Generators Using Deliberate Noise Injection". IEEE Symposium on Security and Privacy, IEEE S&P (Oakland) 2006 (acceptance rate 9.2% = 23 regular papers out of 251 submissions) [pdf,slides

[EAAI] Roberto Perdisci, Giorgio Giacinto, Fabio Roli. "Alarm clustering for intrusion detection systems in computer networks". Engineering Applications of Artificial Intelligence (EAAI), 19(4), 2006, pp. 429-438. [pdf]

[ICIAP] Giorgio Giacinto, Roberto Perdisci, Fabio Roli. "Network Intrusion Detection by Combining One-class Classifiers". International Conference on Image Analysis and Processing, ICIAP 2005, Special Session on Intrusion Detection. [pdf]

[MLDM] Giorgio Giacinto, Roberto Perdisci, and Fabio Roli, "Alarm Clustering for Intrusion Detection Systems in Computer Networks". International Conference on Machine Learning and Data Mining in Pattern recognition, MLDM 2005. [pdf]

Other Workshops, Posters, Magazines, and Tech Report Publications
Christopher Neasbitt, Roberto Perdisci, Long Lu, Kapil Singh, and Kang Li. "WebCapsule: Platform-Agnostic Record & Replay for Web Applications" - 12th USENIX  Symposium on Networked Systems Design and Implementation, NSDI 2015 - poster session [abstract, poster]

Tiffany Cauthen, Roberto Perdisci. "Domain Name Classification via Web Search Results Mining". In UGA Center For Undergraduate Research Opportunities (CURO) Symposium, Athens, GA, April 1, 2013. [poster]

Phani Vadrevu, Babak Rahbarinia, Roberto Perdisci, and Kang Li. "Malware defense via download provenance classification". In NSF SaTC PI Meeting, Poster Session, 2012. 

Kevin Warrick, Roberto Perdisci, Kang Li. "Poster: Measuring the Lifecycles of Malicious Domains". IEEE Symposium on Security and Privacy 2012, Poster Session [abstractposter]

M. Antonakakis, R. Perdisci, N. Vasiloglou, and W. Lee. Detecting and tracking the rise of DGA-based malware. USENIX;login:, 37(6):15–24, December 2012 [article]

R. Perdisci, G. Gu, W. Lee. "Combining Multiple One-Class Classifiers for Hardening Payload-based Anomaly Detection Systems". NIPS 2007, Workshop on Machine Learning in Adversarial Environments for Computer Security [poster]

D. Ariu, I. Corona, G. Giacinto, R. Perdisci, F. Roli, "Intrusion Detection Systems based on anomaly detection techniques", Italian Workshop on Privacy and Security (PRISE), 2007.

R. Perdisci, M. Antonakakis, W. Lee. "Solving the DNS Cache Poisoning Problem Without Changing the Protocol". Tech. Report. GTISC, Georgia Institute of Technology. May 16, 2008. [pdf].
NOTE: this work was published before Dan Kaminsky's talk at Black Hat 2008, where Dan presented a new poisoning attack. Since then, things have changed quite a lot. We have updated this tech report to address Kaminsky's attack. The new work is "WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks", which was accepted at DSN-DCCS 2009.

Ph.D. Thesis
Roberto Perdisci. "Statistical Pattern Recognition Techniques for Intrusion Detection in Computer Networks, Challenges and Solutions". Department of Electrical and Electronic Engineering, University of Cagliari, ITALY (2007). [pdf]