Steganalysis and Machine Learning: a European answer

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

By Igino Corona, Matteo Mauri

Steganography is a secret mechanism for encoding information by any means of transmission. Its use has been known since ancient Greece and defined in the glossaries towards the end of the fifteenth century. Both encoding and medium of transmission are secret, that is, known only to the parties who intend to communicate in an occult way. Steganography therefore presents itself as an ideal tool for the creation of secret communication channels that can be used in sophisticated espionage scenarios, computer crime, data breaches in public and private sectors. 

Steganography differs from cryptography, in which encoding of information and medium of transmission are generally known (think for example to the HTTPS protocol used by this site). In this case, the encoding mechanism makes the extraction of information (extremely) difficult without the knowledge of additional data, known as encryption/decryption keys. These keys are known only to the parties authorized to communicate (for example, your browser and our web server).

What is Stegomalware? Information hiding-capable malware and the European answer: the SIMARGL project

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

By Matteo Mauri, Igino Corona, Davide Ariu

Stegomalware (or stegware) is a particular and sophisticated type of malware (malicious / unauthorized software) that uses steganography to evade detection and secretly exchange information.

Steganography was already used in ancient Greece and defined in the glossaries towards the end of the fifteenth century. In essence, it is a secret mechanism for encoding information through any means of transmission. Both the encoding and the transmission medium are secret, that is, known only to the parties who intend to communicate in an occult way.

In this sense, it differs from cryptography, in which the encoding of information and the transmission medium are generally known (e.g., the HTTPS protocol used by this website). In this case, the encoding mechanism makes the extraction of clear-text data (extremely) difficult without the knowledge of additional information, known as encryption / decryption keys. These keys are known only to the authorized communication parties (for example, your browser and our web server).

Artificial Intelligence: past, present and future. Part II - The Good, the Bad and the Ugly

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

By Fabio Roli and Matteo Mauri

In the first part of this article “Artificial Intelligence: past, present and future. Part I - Short history of Artificial Intelligence”, previously published in this blog, we tried to unpack the "suitcase" of Artificial Intelligence. Now we will discuss  the "good", "ugly" and "bad" aspects inside this “suitcase”. As the reader will immediately notice, the title is a small tribute to the famous movie by Sergio Leone. We are not the first to use this leitmotiv to talk about Artificial Intelligence. AI certainly has "good", "ugly" and "bad" aspects; highlighting these aspects can help to understand what is Artificial Intelligence today. Always bearing in mind that, as in the case of the three characters of the movie, the good, the bad and the ugly cannot be clearly separated.

Artificial Intelligence: past, present, and future. Part I - Short history of Artificial Intelligence

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

By Fabio Roli and Matteo Mauri

Marvin Minsky, one of the fathers of Artificial Intelligence, defined intelligence as a "suitcase word" which can lead to ambiguity and confusion, if we do not clarify in what sense we speak of "intelligence". For the same reason, writing a non-technical article on Artificial Intelligence is always a risk, especially for a technical person, and especially nowadays that the term “Artificial Intelligence” is, more than ever, a "suitcase" in which everybody puts a bit of everything. In this post, we will try to unpack this suitcase and to reorder the stuff inside, at least a little.

Is Artificial Intelligence Safe?

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

By Battista Biggio and Matteo Mauri

We know, this is an ill-posed question. It cannot be shown that a system is secure, if not with respect to a precise attack model and under very specific assumptions. It is instead possible to demonstrate, in a much clearer way, when a system is vulnerable, and this is what we will try to do in this article, in relation to Artificial Intelligence (AI) systems.

It is quite known that the security of a system depends solely on the strength of its weakest link. AI is now pervasive and integrated in a transparent way in many different application scenarios and deployed systems. From the viewpoint of computer security, it is therefore legitimate to ask ourselves if AI algorithms themselves do not introduce novel vulnerabilities in such systems, potentially becoming the weakest link in the corresponding security chain.

DeltaPhish - Detecting phishing webpages in compromised websites

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

By Igino Corona et al.

The large-scale deployment of modern phishing attacks relies on the automatic exploitation of vulnerable websites in the wild. To understand the importance of this phenomen, note that, according to the most recent Global Phishing Survey by APWG, published in 2014, 59,485 out of the 87,901 domains linked to phishing scams (namely, the 71.4%) were actually pointing to legitimate (though compromised) websites.
To counter this threat, we have developed DeltaPhish, a tool capable of detecting phishing webpages hosted in compromised websites through the analysis of the differences between the visited webpages and a predetermined reference page (e.g., the website homepage).

Info

Pluribus One S.r.l.

Via Bellini 9, 09128, Cagliari (CA)

info[at]pluribus-one.it

PEC: pluribus-one[at]pec.pluribus-one.it

 

Legal entity

Share capital: € 10008

VAT no.: 03621820921

R.E.A.: Cagliari 285352


 

University of Cagliari

  Pluribus One is a spin-off

  of the Department of

  Electrical and Electronic Engineering

  University of Cagliari, Italy

 

© 2021 Pluribus One s.r.l. All Rights Reserved.