Alberto Bartoli, Giorgio Davanzo, Eric Medvet,
IEEE Internet Computing
vol. 13, n. 4, pp. 52-58, July/August 2009.

Web site defacement has become a common threat for organizations exposed on the web. There exist several statistics that indicate the number of incidents of this sort but there is a crucial piece of information still lacking: the typical duration of a defacement. Clearly, a defacement lasting one week is much more harmful than one of few minutes. In this paper we present the results of a two months monitoring activity that we performed over more than 62000 defacements in order to figure out whether and when a reaction to the defacement is taken. We show that such time tends to be unacceptably long---in the order of several days---and with a long-tailed distribution. We believe our findings may improve the understanding of this phenomenon and highlight issues deserving attention by the research community.

Giorgio Davanzo, Eric Medvet and Alberto Bartoli,
Proc. 12-th IEEE International Conference on Information Visualization,
July 2008, pp. 527-532.

Hand-held devices have become widespread and provided with significant computing capabilities, which results in an increasing pressure for using these devices to perform tasks formerly limited to notebooks, like web browsing. Due to their small screens, however, hand-held devices cannot visualize directly documents that were not designed explicitly for small-screen rendering. Such documents may be rendered either at a scale too small to be useful, or at a scale that requires intensive scrolling operations by the user. Unfortunately, scrolling a small window across a large document with a hand-held device is quite cumbersome.

In this paper we propose a scrolling system much simpler and more natural to use, based on the embedded camera---a component available in every modern hand-held device. We detect device motion by analyzing the video stream generated by the camera and then we transform the motion in a scrolling of the content rendered on the screen. This way, the user experiences the device screen like a small movable window on a larger virtual view, without requiring any dedicated motion-detection hardware.
We performed an experimental evaluation aimed at assessing the effectiveness of the proposed system in the considered scenario, characterized by low image quality, unpredictable framed scene and so on. We performed an objective benchmark quantifying the accuracy of the detected trajectory and a subjective benchmark examining users' confidence with the proposed system. For the latter evaluation, we involved a panel of 20 subjects that executed a trajectory with our system and, as a comparison, with keyboard, mouse and touchpad. The results demonstrate that our approach is indeed practical.

Giorgio Davanzo, Eric Medvet and Alberto Bartoli,
Proc. 23-rd IFIP International Information Security Conference,
September 2008, pp. 711-716.

Web site defacement, the process of introducing unauthorized modifications to a web site, is a very common form of attack. Detecting such events automatically is very difficult because web pages are highly dynamic and their degree of dynamism, as well as their typical content and appearance, may vary widely across different pages. Anomaly based detection can be a feasible and effective solution for this task because it does not require any prior knowledge about the page to be monitored. Instead, a profile may be generated automatically by observing the page for a while and then any deviation from that profile may be considered as a defacement. We developed earlier an anomaly detection algorithm tailored to this problem and showed that the approach indeed delivers satisfactory performance. A key feature of our proposal is that it incorporates a domain specific knowledge about the nature of web content. In this paper we broaden our analysis of automatic detection of web defacements by examining several anomaly detection techniques that have been proposed in the literature for network/host intrusion detection. We assess the performance of such techniques in terms of False Positive Rate and False Negative Rate, by using our earlier domain knowledge-based algorithm as a baseline. Our evaluation is based on a dataset that we constructed by observing 15 highly dynamic web pages for two months and that includes a set of 95 real defacements. This study enables gaining further insights into the problem of automatic detection of web defacements. We want to ascertain whether existing techniques for anomaly intrusion detection may be applied to this problem and we want to assess pros and cons of incorporating domain knowledge into the detection algorithm.

P. Vercesi, A. Bartoli,
Proc. 9-th Modern Information Technology in the Innovation Processes of the Industrial Enterprises (MITIP 2007) .

C.Fillon, A. Bartoli,
Proc. 2007 IEEE Conference on Evolutionary Computation,
Sept. 2007, pp. 23-30

Symbolic regression is aimed at discovering mathematical expressions, in symbolic form, that fit a given sample of data points. While Genetic Programming (GP) constitutes a powerful tool for solving this class of problems, its effectiveness is still severely limited when the data sample requires different expressions in different regions of the input space --- i.e., when the approximating function should be discontinuous.

In this paper we present a new GP-based approach for symbolic regression of discontinuous functions in multivariate data-sets. We identify the portions of the input space that require different approximating functions by means of a new algorithm that we call Hyper-Volume Error Separation (HVES). To this end we run a preliminary GP evolution and partition the input space based on the error exhibited by the best individual across the data-set. Then we partition the data-set based on the partition of the input space and use each such partition for driving an independent, preliminary GP evolution. The populations resulting from such preliminary evolutions are finally merged and evolved again.

Eric Medvet, Cyril Fillon, Alberto Bartoli,
Proc. 3-rd IEEE International Symposium on Information Assurance and Security (IAS'07).

P. Vercesi, A. Bartoli,
Proc. IEEE-ICCCN'07 - Workshop on Advanced Networking and Communications.

Organizations are increasingly aggregating their computing resources to formInternet-based grids specialized in specific application workflows and made available to other organizations. The scheduling of jobs in such grids may clearly have a substantial impact on performance, but finding effective scheduling policies is hard due to the very same nature of this scenario. Performance may greatly depend on a myriad of parameters whose values can hardly be determined in practice. Moreover, the load injected by users istypically unpredictable, performance of Internet links may vary widely during an execution and computing resources at participating organizations could also vary dynamically, perhaps because of additional workloads injected by other competing activities.

In this paper we propose mechanisms and policies for controlling the scheduling of jobs in such a highly dynamic environment. We attempt to minimize the resource usage at the participating organizations while maintaining the performance delivered to clients at an acceptable level. Our approach consists of a form of admission control at the entrance point of the application workflow that is simple to deploy in practice and does not need any hook from the participating organizations. We simply vary dynamically the maximum number of jobs that can be injected within the grid, based on performance measures taken online, and delay excess jobs.

We have evaluated our proposal in detail, by simulation, focussing on its ability to adapt automatically to perturbations in the form of substantial and unexpected changes in the amount of computing resources available. We have found that our proposal is indeed capable of finding automatically a suitable trade-off between throughput and resource usage, even in such a dynamic scenario.

Eric Medvet, Alberto Bartoli,
Proc. Fourth International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, pp. 60-78,
Lecture Notes in Computer Science 4579 Springer 2007

(http://www.dimva2007.org/).

P. Vercesi, A. Bartoli,
in Proc. 31-st IEEE COMPSAC - Computer Software and Applications Conference 2007.

Composition of Internet-based services exported by different organizations has quickly become a key software paradigm for engineering and scientific communities. The widespread diffusion and acceptance of protocols for programmatic interactions across different organizations (e.g. web services, grid computing) has made it feasible the development of workflows encompassing geographically remote organizations connected to the Internet. Although the scheduling of workflow invocations in such a multi-organization, multi-tiered and geographically dispersed environment may have strong impacts on performance, this issue has not been explored very much so far.

C.Fillon, A. Bartoli,
in Proc.10-th European Conference on Genetic Programming  (EuroGP),
Lecture Notes in Computer Science 4445, Springer Verlag (April 2007), pp. 170-180.