	Paolo Milani Comparetti
	Homepage	People	Research	Teaching	About

Paolo Milani Comparetti

General Information

I am a Postdoc at the Secure Systems labs since march 2008.

Research Interests.

The main focus of my research so far has been automated (malicious) program analysis and reverse engineering, and I am part of the Anubis team. Other interests include application and operating system security, and understanding and detecting malicious infrastructure.

Teaching

I am teaching introductory and advanced classes on system and network security: Internet Security and Advanced Internet Security.

Current Funded Projects

iCode (Real-time Malicious Code Detection)
Sponsor: The EU Commission
Role: Principle Investigator

SysSec (Network of Excellence for Networking Systems Security Research in Europe)
Sponsor: The EU Commission
Role: Principle Investigator

TRUDIE (Trust Relationships in Underground IT Economies)
Sponsor: FIT-IT Trust in IT-Systems 4. Call, Austria
Role: Investigator

WOMBAT (Worldwide Observatory of Malicious Behaviors and Attack Threats)
Sponsor: The EU Commission
Role: Principle Investigator

Publications

EVILSEED: A Guided Approach to Finding Malicious Web Pages
Luca Invernizzi, Stefano Benvenuti, Marco Cova, Paolo Milani Comparetti, Christopher Kruegel and Giovanni Vigna
IEEE Symposium on Security & Privacy
San Francisco, USA, May 2012 (to appear).
Article

Detecting Malware's Failover C&C Strategies with SQUEEZE
Matthias Neugschwandtner, Paolo Milani Comparetti and Christian Platzer
Annual Computer Security Applications Conference (ACSAC)
Orlando, FL, December 2011.
Article Slides

FORECAST - Skimming off the Malware Cream
Matthias Neugschwandtner, Paolo Milani Comparetti, Gregoire Jacob and Christopher Kruegel
Annual Computer Security Applications Conference (ACSAC)
Orlando, FL, December 2011.
Article Slides Tech report (with additional evaluation results)

Detecting Environment-Sensitive Malware
Martina Lindorfer, Clemens Kolbitsch, and Paolo Milani Comparetti
Recent Advances in Intrusion Detection (RAID)
Menlo Park, CA, September 2011.
Article Slides Bibtex

Martina Lindorfer's masters thesis provides some additional information on this work.

dAnubis - Dynamic Device Driver Analysis Based on Virtual Machine Introspection
Matthias Neugschwandtner, Christian Platzer, Paolo Milani Comparetti and Ulrich Bayer
Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
Bonn, Germany, July 2010.
Article. Slides. Bibtex.

Identifying Dormant Functionality in Malware Programs
Paolo Milani Comparetti, Guido Salvaneschi, Engin Kirda, Clemens Kolbitsch, Christopher Kruegel and Stefano Zanero
IEEE Symposium on Security & Privacy
Oakland, USA, May 2010.
Article. Slides. Bibtex.

Effective and Efficient Malware Detection at the End Host
Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiaoyong Zhou, and XiaoFeng Wang
Usenix Security Symposium
Montreal, Canada, August 2009
Article. Slides. Bibtex.

The full evaluation results as well as the malware samples used in the evaluation are available on request.

Prospex: Protocol Specification Extraction
Paolo Milani Comparetti, Gilbert Wondracek, Christopher Kruegel, and Engin Kirda
IEEE Symposium on Security & Privacy
Oakland, USA, May 2009.
Article. Slides. Bibtex.

A distribution of the state machine inference code used for this paper is available here. My implementation of the exbar algorithm can be found here.

Scalable, Behavior-Based Malware Clustering
Ulrich Bayer, Paolo Milani Comparetti, Clemens Hlauschek, Christopher Kruegel, and Engin Kirda
Network and Distributed System Security Symposium (NDSS), Internet Society.
San Diego, USA, February 2009.
Article. Slides. Bibtex.

The reference dataset as well as our traces and full clustering results from this paper are available on request. See this readme file for more information. More details on how the reference clustering was obtained can be found here.

Automatic Network Protocol Analysis
Gilbert Wondracek, Paolo Milani Comparetti, Christopher Kruegel, and Engin Kirda
Network and Distributed System Security Symposium (NDSS), Internet Society.
San Diego, USA, February 2008.
Article. Slides. Bibtex.

Invited Talks

The WOMBAT API: Querying a global network of advanced honeypots
Blackhat DC.
Washington DC, USA, February 2010.
Slides.

Classifying Threats: Clustering malware with ANUBIS and SGNET
2nd Wombat Workshop
St. Malo, France, September 2009.
Slides.

Contact

I can be reached at .

Last Modified: Fri Jan 20 2009

International Secure Systems Lab www.iseclab.org