You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
abstract = {Anomaly-based techniques were exploited successfully to implement protection mechanisms for various systems. Recently, these approaches have been ported to the web domain under the name of "web application anomaly detectors" (or firewalls) with promising results. In particular, those capable of automatically building specifications, or models, of the protected application by observing its traffic (e.g., network packets, system calls, or HTTP requests and responses) are particularly interesting, since they can be deployed with little effort.\par Typically, the detection accuracy of these systems is significantly influenced by the model building phase (often called training), which clearly depends upon the quality of the observed traffic, which should resemble the normal activity of the protected application and must be also free from attacks. Otherwise, detection may result in significant amounts of false positives (i.e., benign events flagged as anomalous) and negatives (i.e., undetected threats).\par In this work we describe Masibty, a web application anomaly detector that have some interesting properties. First, it requires the training data not to be attack-free. Secondly, not only it protects the monitored application, it also detects and blocks malicious client-side threats before they are sent to the browser. Third, Masibty intercepts the queries before they are sent to the database, correlates them with the corresponding HTTP requests and blocks those deemed anomalous.\par Both the accuracy and the performance have been evaluated on real-world web applications with interesting results. The system is almost not influenced by the presence of attacks in the training data and shows only a negligible amount of false positives, although this is paid in terms of a slight performance overhead.},
2310
2310
}
2311
+
2312
+
@article{DBLP:journals/ese/GiamatteiBPRT25,
2313
+
author = {Luca Giamattei and
2314
+
Matteo Biagiola and
2315
+
Roberto Pietrantuono and
2316
+
Stefano Russo and
2317
+
Paolo Tonella},
2318
+
title = {Reinforcement learning for online testing of autonomous driving systems:
description: Profile of Dr. Matteo Biagiola, Postdoctoral Researcher at the Programming Group.
10
+
lastname: Biagiola
11
+
publications: 'author^=*Biagiola'
12
+
13
+
teaser: >
14
+
I am a PostDoctoral researcher at the Software Institute at Università della Svizzera italiana (USI) in Lugano, Switzerland.
15
+
I am working under the supervision of Paolo Tonella on the Precrime ERC Advanced Grant project.
16
+
I obtained by Ph.D. from Università degli studi di Genova, Genova, Italy, in a joint collaboration with Fondazione Bruno Kessler in Trento, Italy, under the supervision of Paolo Tonella and Filippo Ricca.
17
+
18
+
profile:
19
+
name: Dr. Matteo Biagiola
20
+
align: right
21
+
image: biagiola-profile.jpg
22
+
role: Postdoc
23
+
website: https://matteobiagiola.github.io
24
+
email: matteo.biagiola@unisg.ch
25
+
github: matteobiagiola
26
+
orcid: 0000-0002-7825-3409
27
+
address: >
28
+
School of Computer Science<br />
29
+
Torstrasse 25<br />
30
+
9000 St. Gallen, Switzerland
31
+
---
32
+
33
+
I am a PostDoctoral researcher at the [Software Institute](https://www.si.usi.ch/) at Università della Svizzera italiana ([USI](https://www.usi.ch/)) in Lugano, Switzerland.
34
+
I am working under the supervision of Paolo Tonella on the [Precrime](http://www.pre-crime.eu/) ERC Advanced Grant project.
35
+
I obtained by Ph.D. from [Università degli studi di Genova](https://unige.it/), Genova, Italy, in a joint collaboration with [Fondazione Bruno Kessler](https://www.fbk.eu/) in Trento, Italy, under the supervision of Paolo Tonella and Filippo Ricca.
0 commit comments