Raffaele Della Corte | Università degli Studi di Napoli "Federico II" (original) (raw)
Papers by Raffaele Della Corte
On behalf of the Organizing Committee, it is our pleasure to welcome you to the Fifth Internation... more On behalf of the Organizing Committee, it is our pleasure to welcome you to the Fifth International Workshop on Reliability and Security Data Analysis (RSDA) co-located with the virtual 31st IEEE International Symposium on Software Reliability Engineering (ISSRE).
Journal of Network and Computer Applications, Dec 1, 2022
Annual Information Security Symposium, Mar 24, 2015
Phishing attacks continue to pose a major headache for defenders of computing systems, often form... more Phishing attacks continue to pose a major headache for defenders of computing systems, often forming the first step in a multi-stage attacks. There have been great strides made in phishing detection and email servers have gotten good at flagging potentially phishing messages. However, some insidious kinds of phishing messages appear to pass through filters by making seemingly simple structural and semantic changes to the messages. We tackle this problem in this paper, through the use of machine learning algorithms operating on a large corpus of phishing messages and legitimate messages. By understanding common phishing features, we design a system to extract features and extrapolate out values of such features. The algorithms are specialized for phishing detection, such as, the use of synonyms or change in sentence structure. The insights and algorithms are instantiated in a system called SNIPE (Signature geNeratIon for Phishing Emails). To evaluate SNIPE, we collect the largest known corpus of phishing messages (used in any publicly known study) from the central IT organization at a tier-1 research university. We run SNIPE on the dataset and it exposes some hitherto unknown insights about phishing campaigns directed at university users. SNIPE is able to detect 100% of phishing messages that had eluded our production deployment of Sophos, a state-of-the-art email filtering tool today.
Monitoring is a core reliability engineering practice to gain insights into production systems. N... more Monitoring is a core reliability engineering practice to gain insights into production systems. New trends in microservices exacerbate the role of monitoring. This paper discusses key challenges in microservices monitoring. We introduce our proposal for a novel monitoring framework, which aims to cope with existing challenges by means of non-intrusive techniques that capitalize on passive tracing and log analysis. We present our ongoing work on the topic and preliminary outcomes.
ACM Transactions in Embedded Computing Systems, Jun 18, 2023
2022 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), Sep 12, 2022
Time predictable edge cloud is seen as the answer for many arising needs in Industry 4.0 environm... more Time predictable edge cloud is seen as the answer for many arising needs in Industry 4.0 environments, since it is able to provide flexible, modular, and reconfigurable services with low latency and reduced costs. Orchestration systems are becoming the core component of clouds since they take decisions on the placement and lifecycle of software components. Current solutions start introducing real-time containers support for time predictability; however, these approaches lack of determinism as well as support for workloads requiring multiple levels of assurance/criticality. In this paper, we present k4.0s, an orchestration model for real-time and mixed-criticality environments, which includes timeliness, criticality and network requirements. The model leverages new abstractions for both node and jobs, e.g., node assurance, and requires novel monitoring strategies. We sketch an implementation of the proposal based on Kubernetes, and present an experimentation motivating the need for node assurance levels and adequate monitoring.
This paper presents an explorative study on microservices monitoring. The study paves the way for... more This paper presents an explorative study on microservices monitoring. The study paves the way for MetroFunnel, our novel application-transparent and zeroconf monitoring tool, which aims to cope with the flexibility of microservices systems. MetroFunnel generates a tracelog of microservices' invocations based on the REST request-response communication model. We present an overview of MetroFunnel and its assessment within the well-consolidated Clearwater IMS.
2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)
Orchestration systems are becoming a key component to automatically manage distributed computing ... more Orchestration systems are becoming a key component to automatically manage distributed computing resources in many fields with criticality requirements like Industry 4.0 (I4.0). However, they are mainly linked to OS-level virtualization, which is known to suffer from reduced isolation. In this paper, we propose RunPHI with the aim of integrating partitioning hypervisors, as a solution for assuring strong isolation, with OS-level orchestration systems. The purpose is to enable container orchestration in mixed-criticality systems with isolation requirements through partitioned containers.
2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)
On behalf of the Organizing Committee, it is our pleasure to welcome you to the Seventh Internati... more On behalf of the Organizing Committee, it is our pleasure to welcome you to the Seventh International Workshop on Resiliency, Security, Defenses and Attacks (RSDA) co-located with the 33rd IEEE International Symposium on Software Reliability Engineering (ISSRE).
2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), 2021
Real-time containers are a promising solution to implement mixed-criticality systems. In this pap... more Real-time containers are a promising solution to implement mixed-criticality systems. In this paper we propose a novel solution to implement real-time containers in Linux environments with real-time co-kernels and hierarchical scheduling. Preliminary experimental results are presented, confirming that the solution is able to keep the worst-case latency of a task running within a real-time container within acceptable limits, despite the presence of non-real time load on the same machine.
2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017
Critical information systems strongly rely on event logging techniques to collect data, such as h... more Critical information systems strongly rely on event logging techniques to collect data, such as housekeeping/error events, execution traces and dumps of variables, into unstructured text logs. Event logs are the primary source to gain actionable intelligence from production systems. In spite of the recognized importance, system/application logs remain quite underutilized in security analytics when compared to conventional and structured data sources, such as audit traces, network flows and intrusion detection logs. This paper proposes a method to measure the occurrence of interesting activity (i.e., entries that should be followed up by analysts) within textual and heterogeneous runtime log streams. We use an entropy-based approach, which makes no assumptions on the structure of underlying log entries. Measurements have been done in a real-world Air Traffic Control information system through a data analytics framework. Experiments suggest that our entropy-based method represents a valuable complement to security analytics solutions.
Future Generation Computer Systems, 2019
On-line timing error detection entails gathering and analyzing monitoring data to pinpoint deviat... more On-line timing error detection entails gathering and analyzing monitoring data to pinpoint deviations from the expected timing behavior of a given software system. Current solutions for system monitoring and runtime analysis present several practical drawbacks that limit their usability in real industrial systems, such as the need of kernel-level probes or the coarse per-node/perprocess monitoring granularity. This paper proposes a novel framework for timing error detection that capitalizes on the systematic interleaving of logging instructions across the functional code in order to overcome above limitations. The paper faces the practical challenges related to the specification and implementation of a log weaving technique, detection algorithms, and a data centralization platform to collect and analyze fine-grained execution traces in distributed systems. We experiment the proposed framework in two real-world critical information systems from the Crisis Management and the Air Traffic Control domains. Results show that our framework achieves 95% timing error coverage and allows reconstructing error trends with high statistical confidence at negligible performance overhead.
IEEE Transactions on Dependable and Secure Computing, 2018
Phishing attacks continue to pose a major headache for computer system defenders, often forming t... more Phishing attacks continue to pose a major headache for computer system defenders, often forming the first step in a multi-stage attack. There have been great strides made in phishing detection, however, some phishing messages appear to pass through filters by making seemingly simple structural and semantic changes to the messages. We tackle this problem in this paper, through the use of a machine learning classifier operating on a large corpus of phishing and legitimate messages. By understanding common phishing features, we design a system to extract features, elevating some to higher level features, that are meant to defeat common phishing mail detection strategies. The algorithms are instantiated in a usable system called SAFE-PC (Semi-Automated Feature generation for Phish Classification). To evaluate SAFE-PC, we collect a large corpus of phishing messages from the central IT organization at a tier-1 research university. The execution of SAFE-PC on the dataset exposes some hitherto unknown insights about phishing campaigns directed at university users. SAFE-PC can detect more than 70% of the emails that had eluded our production deployment of Sophos, a state-of-the-art email filtering tool today. It also performs better than SpamAssassin, a commonly used email filtering tool. We also developed an online version of SAFE-PC, that can be incrementally retrained with new samples. Its detection performance improves with time as new samples are collected, while the time to retrain the classifier stays constant.
This paper presents the notion of real-time containers, or rt-cases, conceived as the convergence... more This paper presents the notion of real-time containers, or rt-cases, conceived as the convergence of container-based virtualization technologies, such as Docker, and hard real-time operating systems. The idea is to allow critical containers, characterized by stringent timeliness and reliability requirements, to cohabit with traditional non real-time containers on the same hardware. The approach allows to keep the advantages of real-time virtualization, largely adopted in the industry, while reducing its inherent scalability limitation when to be applied to large-scale mixed-criticality systems or severely constrained hardware environments. The paper provides a reference architecture scheme for implementing the real-time container concept on top of a Linux kernel patched with a hard real-time co-kernel, and it discusses a possible solution, based on execution time monitoring, to achieve temporal separation of fixed-priority hard real-time periodic tasks running within containers with...
2021 17th European Dependable Computing Conference (EDCC)
Expert Systems with Applications
On behalf of the Organizing Committee, it is our pleasure to welcome you to the Fifth Internation... more On behalf of the Organizing Committee, it is our pleasure to welcome you to the Fifth International Workshop on Reliability and Security Data Analysis (RSDA) co-located with the virtual 31st IEEE International Symposium on Software Reliability Engineering (ISSRE).
Journal of Network and Computer Applications, Dec 1, 2022
Annual Information Security Symposium, Mar 24, 2015
Phishing attacks continue to pose a major headache for defenders of computing systems, often form... more Phishing attacks continue to pose a major headache for defenders of computing systems, often forming the first step in a multi-stage attacks. There have been great strides made in phishing detection and email servers have gotten good at flagging potentially phishing messages. However, some insidious kinds of phishing messages appear to pass through filters by making seemingly simple structural and semantic changes to the messages. We tackle this problem in this paper, through the use of machine learning algorithms operating on a large corpus of phishing messages and legitimate messages. By understanding common phishing features, we design a system to extract features and extrapolate out values of such features. The algorithms are specialized for phishing detection, such as, the use of synonyms or change in sentence structure. The insights and algorithms are instantiated in a system called SNIPE (Signature geNeratIon for Phishing Emails). To evaluate SNIPE, we collect the largest known corpus of phishing messages (used in any publicly known study) from the central IT organization at a tier-1 research university. We run SNIPE on the dataset and it exposes some hitherto unknown insights about phishing campaigns directed at university users. SNIPE is able to detect 100% of phishing messages that had eluded our production deployment of Sophos, a state-of-the-art email filtering tool today.
Monitoring is a core reliability engineering practice to gain insights into production systems. N... more Monitoring is a core reliability engineering practice to gain insights into production systems. New trends in microservices exacerbate the role of monitoring. This paper discusses key challenges in microservices monitoring. We introduce our proposal for a novel monitoring framework, which aims to cope with existing challenges by means of non-intrusive techniques that capitalize on passive tracing and log analysis. We present our ongoing work on the topic and preliminary outcomes.
ACM Transactions in Embedded Computing Systems, Jun 18, 2023
2022 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), Sep 12, 2022
Time predictable edge cloud is seen as the answer for many arising needs in Industry 4.0 environm... more Time predictable edge cloud is seen as the answer for many arising needs in Industry 4.0 environments, since it is able to provide flexible, modular, and reconfigurable services with low latency and reduced costs. Orchestration systems are becoming the core component of clouds since they take decisions on the placement and lifecycle of software components. Current solutions start introducing real-time containers support for time predictability; however, these approaches lack of determinism as well as support for workloads requiring multiple levels of assurance/criticality. In this paper, we present k4.0s, an orchestration model for real-time and mixed-criticality environments, which includes timeliness, criticality and network requirements. The model leverages new abstractions for both node and jobs, e.g., node assurance, and requires novel monitoring strategies. We sketch an implementation of the proposal based on Kubernetes, and present an experimentation motivating the need for node assurance levels and adequate monitoring.
This paper presents an explorative study on microservices monitoring. The study paves the way for... more This paper presents an explorative study on microservices monitoring. The study paves the way for MetroFunnel, our novel application-transparent and zeroconf monitoring tool, which aims to cope with the flexibility of microservices systems. MetroFunnel generates a tracelog of microservices' invocations based on the REST request-response communication model. We present an overview of MetroFunnel and its assessment within the well-consolidated Clearwater IMS.
2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)
Orchestration systems are becoming a key component to automatically manage distributed computing ... more Orchestration systems are becoming a key component to automatically manage distributed computing resources in many fields with criticality requirements like Industry 4.0 (I4.0). However, they are mainly linked to OS-level virtualization, which is known to suffer from reduced isolation. In this paper, we propose RunPHI with the aim of integrating partitioning hypervisors, as a solution for assuring strong isolation, with OS-level orchestration systems. The purpose is to enable container orchestration in mixed-criticality systems with isolation requirements through partitioned containers.
2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)
On behalf of the Organizing Committee, it is our pleasure to welcome you to the Seventh Internati... more On behalf of the Organizing Committee, it is our pleasure to welcome you to the Seventh International Workshop on Resiliency, Security, Defenses and Attacks (RSDA) co-located with the 33rd IEEE International Symposium on Software Reliability Engineering (ISSRE).
2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), 2021
Real-time containers are a promising solution to implement mixed-criticality systems. In this pap... more Real-time containers are a promising solution to implement mixed-criticality systems. In this paper we propose a novel solution to implement real-time containers in Linux environments with real-time co-kernels and hierarchical scheduling. Preliminary experimental results are presented, confirming that the solution is able to keep the worst-case latency of a task running within a real-time container within acceptable limits, despite the presence of non-real time load on the same machine.
2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017
Critical information systems strongly rely on event logging techniques to collect data, such as h... more Critical information systems strongly rely on event logging techniques to collect data, such as housekeeping/error events, execution traces and dumps of variables, into unstructured text logs. Event logs are the primary source to gain actionable intelligence from production systems. In spite of the recognized importance, system/application logs remain quite underutilized in security analytics when compared to conventional and structured data sources, such as audit traces, network flows and intrusion detection logs. This paper proposes a method to measure the occurrence of interesting activity (i.e., entries that should be followed up by analysts) within textual and heterogeneous runtime log streams. We use an entropy-based approach, which makes no assumptions on the structure of underlying log entries. Measurements have been done in a real-world Air Traffic Control information system through a data analytics framework. Experiments suggest that our entropy-based method represents a valuable complement to security analytics solutions.
Future Generation Computer Systems, 2019
On-line timing error detection entails gathering and analyzing monitoring data to pinpoint deviat... more On-line timing error detection entails gathering and analyzing monitoring data to pinpoint deviations from the expected timing behavior of a given software system. Current solutions for system monitoring and runtime analysis present several practical drawbacks that limit their usability in real industrial systems, such as the need of kernel-level probes or the coarse per-node/perprocess monitoring granularity. This paper proposes a novel framework for timing error detection that capitalizes on the systematic interleaving of logging instructions across the functional code in order to overcome above limitations. The paper faces the practical challenges related to the specification and implementation of a log weaving technique, detection algorithms, and a data centralization platform to collect and analyze fine-grained execution traces in distributed systems. We experiment the proposed framework in two real-world critical information systems from the Crisis Management and the Air Traffic Control domains. Results show that our framework achieves 95% timing error coverage and allows reconstructing error trends with high statistical confidence at negligible performance overhead.
IEEE Transactions on Dependable and Secure Computing, 2018
Phishing attacks continue to pose a major headache for computer system defenders, often forming t... more Phishing attacks continue to pose a major headache for computer system defenders, often forming the first step in a multi-stage attack. There have been great strides made in phishing detection, however, some phishing messages appear to pass through filters by making seemingly simple structural and semantic changes to the messages. We tackle this problem in this paper, through the use of a machine learning classifier operating on a large corpus of phishing and legitimate messages. By understanding common phishing features, we design a system to extract features, elevating some to higher level features, that are meant to defeat common phishing mail detection strategies. The algorithms are instantiated in a usable system called SAFE-PC (Semi-Automated Feature generation for Phish Classification). To evaluate SAFE-PC, we collect a large corpus of phishing messages from the central IT organization at a tier-1 research university. The execution of SAFE-PC on the dataset exposes some hitherto unknown insights about phishing campaigns directed at university users. SAFE-PC can detect more than 70% of the emails that had eluded our production deployment of Sophos, a state-of-the-art email filtering tool today. It also performs better than SpamAssassin, a commonly used email filtering tool. We also developed an online version of SAFE-PC, that can be incrementally retrained with new samples. Its detection performance improves with time as new samples are collected, while the time to retrain the classifier stays constant.
This paper presents the notion of real-time containers, or rt-cases, conceived as the convergence... more This paper presents the notion of real-time containers, or rt-cases, conceived as the convergence of container-based virtualization technologies, such as Docker, and hard real-time operating systems. The idea is to allow critical containers, characterized by stringent timeliness and reliability requirements, to cohabit with traditional non real-time containers on the same hardware. The approach allows to keep the advantages of real-time virtualization, largely adopted in the industry, while reducing its inherent scalability limitation when to be applied to large-scale mixed-criticality systems or severely constrained hardware environments. The paper provides a reference architecture scheme for implementing the real-time container concept on top of a Linux kernel patched with a hard real-time co-kernel, and it discusses a possible solution, based on execution time monitoring, to achieve temporal separation of fixed-priority hard real-time periodic tasks running within containers with...
2021 17th European Dependable Computing Conference (EDCC)
Expert Systems with Applications