WAF-A-MoLE: An adversarial tool for assessing ML-based WAFs

Abstract Web Application Firewalls (WAFs) are plug-and-play security gateways that promise to enhance the security of a (potentially vulnerable) system with minimal cost and configuration. In recent years, machine learning-based WAFs are catching up with traditional, signature-based ones. They are competitive because they do not require predefined rules; instead, they infer their rules through a learning process. In this paper, we present WAF-A-MoLE, a WAF breaching tool. It uses guided mutational-based fuzzing to generate adversarial examples. The main applications include WAF ( i ) penetration testing, ( i i ) benchmarking and ( i i i ) hardening

A Systematic Literature Review on Innovative Technologies Adopted in Logistics Management

Many innovative technologies have been successfully adopted in logistics and supply chain management processes to increase efficiency, reduce costs or enhance communication. In recent years, considerable attention from both practitioners and academics has been focused on evaluating the impacts of innovative technologies adoption. However, the current body of literature on technology adoption, implementation and evaluation in logistics is quite fragmented; thus, an updated and structured overview of the scientific literature in this field might be useful. To this end, this work presents a systematic literature review (SLR) that aims to increase the understanding of the trend toward new technologies in logistics and identify the main research trends and gaps. The principal research trends that emerged from the SLR involve the technologies, their evolution over time and their relationships with the research methodologies. The main literature gaps concern integration and communication, technology-adoption processes and differences between inbound and outbound logistics

A Systematic Review of Innovative Technologies adopted in Logistics Management

Logistics and supply chain management have always been at the forefront of industrial innovations, and numerous technologies have been tested and applied with success to increase efficiency of processes, reduce costs, or improve the relationships among different actors, such as buyers, sellers, retailers and carriers. In recent times, there is a great debate in both practitioners and academic’ worlds about the impacts of these new technologies on the traditional logistic operations. The perspective of extant literature on technology adoption in logistics is quite fragmented: in fact, a stream of literature studies how a technology might provide improvements in logistics processes (e.g. warehouse management, goods distribution) and/or logistics management objectives (e.g. warehouse efficiency), while other research works focus on the impact of technology adoption in terms of overall business performance. Moreover, despite the amount of articles, reports and news regarding innovations in logistics, one of the last literature review about existing technologies applied in logistics has been published almost ten years ago and it is limited only to ICT technologies. Therefore, we reckon the need for an updated view on the literature in this field. Through a systematic literature review, we try to give an answer to the following research questions: i) how the interest in this topic changed in the last ten years from the point of view of scientific literature; ii) what are the main approaches and methodologies used in addressing this issue; iii) what are the most applied innovative technologies in the logistics field

Explaining vulnerabilities of deep learning to adversarial malware binaries

Recent work has shown that deep-learning algorithms for malware detection are also susceptible to adversarial examples, i.e., carefully-crafted perturbations to input malware that enable misleading classification. Although this has questioned their suitability for this task, it is not yet clear why such algorithms are easily fooled also in this particular application domain. In this work, we take a first step to tackle this issue by leveraging explainable machine-learning algorithms developed to interpret the black-box decisions of deep neural networks. In particular, we use an explainable technique known as feature attribution to identify the most influential input features contributing to each decision, and adapt it to provide meaningful explanations to the classification of malware binaries. In this case, we find that a recently-proposed convolutional neural network does not learn any meaningful characteristic for malware detection from the data and text sections of executable files, but rather tends to learn to discriminate between benign and malware samples based on the characteristics found in the file header. Based on this finding, we propose a novel attack algorithm that generates adversarial malware binaries by only changing few tens of bytes in the file header. With respect to the other state-of-the-art attack algorithms, our attack does not require injecting any padding bytes at the end of the file, and it is much more efficient, as it requires manipulating much fewer bytes

ZenHackAdemy: Ethical Hacking @ DIBRIS

Cybersecurity attacks are on the rise, and the current response is not effective enough. The need for a competent workforce, able to face attackers, is increasing. At the moment, the gap between academia and real-world skills is huge and academia cannot provide students with skills that match those of an attacker. To pass on these skills, teachers have to train students in scenarios as close as possible to real-world ones. Capture the Flag (CTF) competitions are a great tool to achieve this goal, since they encourage students to think as an attacker does, thus creating more awareness on the modalities and consequences of an attack. We describe our experience in running an educational activity on ethical hacking, which we proposed to computer science and computer engineering students. We organized seminars, outside formal classes, and provided online support on the hands-on part of the training. We delivered different types of exercises and held a final CTF competition. These activities resulted in growing a community of students and researchers interested in cybersecurity, and some of them have formed ZenHack, an official CTF team

Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries

Recent work has shown that deep-learning algorithms for malware detection are also susceptible to adversarial examples, i.e., carefully-crafted perturbations to input malware that enable misleading classification. Although this has questioned their suitability for this task, it is not yet clear why such algorithms are easily fooled also in this particular application domain. In this work, we take a first step to tackle this issue by leveraging explainable machine-learning algorithms developed to interpret the black-box decisions of deep neural networks. In particular, we use an explainable technique known as feature attribution to identify the most influential input features contributing to each decision, and adapt it to provide meaningful explanations to the classification of malware binaries. In this case, we find that a recently-proposed convolutional neural network does not learn any meaningful characteristic for malware detection from the data and text sections of executable files, but rather tends to learn to discriminate between benign and malware samples based on the characteristics found in the file header. Based on this finding, we propose a novel attack algorithm that generates adversarial malware binaries by only changing few tens of bytes in the file header. With respect to the other state-of-the-art attack algorithms, our attack does not require injecting any padding bytes at the end of the file, and it is much more efficient, as it requires manipulating much fewer bytes

The Collection-And-Delivery Points Implementation Process from the Courier, Express and Parcel Operator's Perspective

Collection-and-Delivery Points (CDP) have become increasingly important for couriers operating in the e-commerce sector. Through this way of delivery, it is possible to mitigate many issues related to the traditional home delivery (e.g. missing delivery, complex routing planning, and traffic delays). Despite this, there are still obstacles that prevent the CDP to become a dominant mode of parcel delivery. Through semi-structured interviews to companies working in the courier, express and parcel sector, this work aims to understand the enablers and barriers to the spread of the CDP mode of delivery, with a focus on the Italian market

A flexible model for dynamic linking in Java and C#

Dynamic linking supports flexible code deployment, allowing partially linked code to link further code on the fly, as needed. Thus, end-users enjoy the advantage of automatically receiving any updates, without any need for any explicit actions on their side, such as re-compilation, or re-linking. On the down side, two executions of a program may link in different versions of code, which in some cases causes subtle errors, and may mystify end-users. Dynamic linking in Java and C# are similar: the same linking phases are involved, soundness is based on similar ideas, and executions which do not throw linking errors give the same result. They are, however, not identical: the linking phases are combined differently, and take place in different order. Consequently, linking errors may be detected at different times by Java and C# runtime systems. We develop a non-deterministic model, which describes the behaviour of both Java and C# program executions. The nondeterminism allows us to describe the design space, to distill the similarities between the two languages, and to use one proof of soundness for both. We also prove that all execution strategies are equivalent with respect to terminating executions that do not throw link errors: they give the same results

Functionality-preserving Black-box Optimization of Adversarial Windows Malware

Windows malware detectors based on machine learning are vulnerable to adversarial examples, even if the attacker is only given black-box query access to the model. The main drawback of these attacks is that: (i) they are query-inefficient, as they rely on iteratively applying random transformations to the input malware; and (ii) they may also require executing the adversarial malware in a sandbox at each iteration of the optimization process, to ensure that its intrusive functionality is preserved. In this paper, we overcome these issues by presenting a novel family of black-box attacks that are both query-efficient and functionality-preserving, as they rely on the injection of benign content - which will never be executed - either at the end of the malicious file, or within some newly-created sections. Our attacks are formalized as a constrained minimization problem which also enables optimizing the trade-off between the probability of evading detection and the size of the injected payload. We empirically investigate this trade-off on two popular static Windows malware detectors, and show that our black-box attacks can bypass them with only few queries and small payloads, even when they only return the predicted labels. We also evaluate whether our attacks transfer to other commercial antivirus solutions, and surprisingly find that they can evade, on average, more than 12 commercial antivirus engines. We conclude by discussing the limitations of our approach, and its possible future extensions to target malware classifiers based on dynamic analysis