Research
Research Interests
Malware countermeasures (analysis/anti-anti-analysis, defensive tools & techniques, desktop/mobile/IoT threats)
Operating system vulnerabilities and attacks detection
Mobile devices security
Machine Learning/Data Science applied to security data
Hardware-assisted security solutions
Secure/resilient Operating Systems
Security & Privacy of Health Information Systems
Projects
Current research projects involves the design and implementation of solutions based on the interests listed above. My team is currently working on novel, smart antiviruses, malware classifiers, and analysis systems. We have ongoing collaboration work with University of Florida, FAU Erlangen-Nuremberg, University of California at Santa Barbara, and University of Campinas. Contact me to know more about BehEMOT, Lumus, HEAVEn, Corvus, MIMI, TiTOS, and other projects...
Publications
2022, 2023, and so on...
See:
2021
Botacin, Marcus; Aghakhani, Hojjat; Ortolani, Stefano; Kruegel, Christopher; Vigna, Giovanni; Oliveira, Daniela; Geus, Paulo Lício De; Grégio, André. One Size Does Not Fit All: A Longitudinal Analysis of Brazilian Financial Malware. ACM Trans. Priv. Secur., 24 (2), 2021, ISSN: 2471-2566.
Botacin, Marcus; Ceschin, Fabricio; Sun, Ruimin; Oliveira, Daniela; Grégio, André. Challenges and Pitfalls in Malware Research. Computers & Security, pp. 102287, 2021, ISSN: 0167-4048.
Botacin, Marcus; Moia, Vitor Hugo Galhardo; Ceschin, Fabricio; Henriques, Marco Amaral A; Grégio, André. Understanding uses and misuses of similarity hashing functions for malware detection and family clustering in actual scenarios. Forensic Science International: Digital Investigation, 38 , pp. 301220, 2021, ISSN: 2666-2817.
2020
Ceschin, Fabricio; Botacin, Marcus; Lüders, Gabriel; Gomes, Heitor Murilo; Oliveira, Luiz; Gregio, Andre. No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-Based Adversarial Samples. Reversing and Offensive-Oriented Trends Symposium, pp. 13–22, Association for Computing Machinery, Vienna, Austria, 2020, ISBN: 9781450389747.
Botacin, Marcus; Ceschin, Fabricio; de Geus, Paulo; Grégio, André. We Need to Talk About AntiViruses: Challenges & Pitfalls of AV Evaluations. Computers & Security, pp. 101859, 2020, ISSN: 0167-4048.
Botacin, Marcus; de Geus, Paulo Lício; Grégio, André. Leveraging branch traces to understand kernel internals from within. Journal of Computer Virology and Hacking Techniques, 2020, ISSN: 2263-8733.
Botacin, Marcus; Zanata, Marco; Grégio, André. The self modifying code (SMC)-aware processor (SAP): a security look on architectural impact and support. Journal of Computer Virology and Hacking Techniques, 2020, ISSN: 2263-8733.
Sun, R; Botacin, M; Sapountzis, N; Yuan, X; Bishop, M; Porter, D E; Li, X; Gregio, A; Oliveira, D. A Praise for Defensive Programming: LeveragingUncertainty for Effective Malware Mitigation. IEEE Transactions on Dependable and Secure Computing, pp. 1-1, 2020.
Botacin, Marcus; Bertão, G; de Geus, Paulo; Grégio, André; Kruegel, Christopher; Vigna, Giovanni. On the Security of Application Installers and Online Software Repositories. Detection of Intrusions and Malware, and Vulnerability Assessment, Springer International Publishing, Cham, 2020, ISBN: 978-3-030-52683-2.
Botacin, Marcus; Grégio, André; Alves, Marco Antonio Zanata. Near-Memory & In-Memory Detection of Fileless Malware. The International Symposium on Memory Systems, pp. 23–38, Association for Computing Machinery, Washington, DC, USA, 2020, ISBN: 9781450388993.
2019
Botacin, Marcus; Galante, Lucas; de Geus, Paulo; Grégio, André. RevEngE is a Dish Served Cold: Debug-Oriented Malware Decompilation and Reassembly. Proceedings of the 3rd Reversing and Offensive-Oriented Trends Symposium, Association for Computing Machinery, Vienna, Austria, 2019, ISBN: 9781450377751.
Ceschin, Fabrício; Botacin, Marcus; Gomes, Heitor Murilo; Oliveira, Luiz S; Grégio, André. Shallow Security: On the Creation of Adversarial Variants to Evade Machine Learning-Based Malware Detectors. Proceedings of the 3rd Reversing and Offensive-Oriented Trends Symposium, Association for Computing Machinery, Vienna, Austria, 2019, ISBN: 9781450377751.
Botacin, Marcus; de Geus, Paulo Lício; Grégio, André. ``VANILLA'' malware: vanishing antiviruses by interleaving layers and layers of attacks. Journal of Computer Virology and Hacking Techniques, 2019, ISSN: 2263-8733.
Botacin, Marcus; Galante, Lucas; Ceschin, Fabricio; Santos, Luigi Carro Paulo Cesar; de Geus, Paulo Licio; Gregio, Andre; Zanata, Marco. The AV says: Your hardware definitions were updated! 14th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC 2019), IEEE, 2019, ISBN: 978-1-7281-
Botacin, Marcus; Kalysch, Anatoli; Grégio, André. The Internet Banking [in]Security Spiral: Past, Present, and Future of Online Banking Protection Mechanisms Based on a Brazilian Case Study. Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 49:1–49:10, ACM, Canterbury, CA, United Kingdom, 2019, ISBN: 978-1-4503-7164-3.
Beppler, Tamy; Botacin, Marcus; Ceschin, Fabrício; Oliveira, Luiz E S; Grégio, André. L(a)ying in (Test)Bed: How Biased Datasets Produce Impractical Results for Actual Malware Families’ Classification. Lin, Zhiqiang; Papamanthou, Charalampos; Polychronakis, Michalis (Ed.): Information Security, pp. 381–401, Springer International Publishing, Cham, 2019, ISBN: 978-3-030-30215-3.
2018
Ceschin, Fabrício; Pinage, Felipe; Castilho, Marcos; Menotti, David; Oliveira, Luis S; Gregio, André. The Need for Speed: An Analysis of Brazilian Malware Classifiers. IEEE Security Privacy, 16 (6), pp. 31-41, 2018, ISSN: 1540-7993.
Botacin, Marcus; de Geus, Paulo Lício; Grégio, André. The other guys: automated analysis of marginalized malware. Journal of Computer Virology and Hacking Techniques, 14 (1), pp. 87–98, 2018, ISSN: 2263-8733.
Botacin, Marcus; Geus, Paulo Lício De; Grégio, André. Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms. ACM Comput. Surv., 51 (4), pp. 69:1–69:34, 2018, ISSN: 0360-0300.
Botacin, Marcus; Geus, Paulo Lício De; Grégio, André. Enhancing Branch Monitoring for Security Purposes: From Control Flow Integrity to Malware Analysis and Debugging. ACM Trans. Priv. Secur., 21 (1), pp. 4:1–4:30, 2018, ISSN: 2471-2566.
Afonso, Vitor; Kalysch, Anatoli; Müller, Tilo; Oliveira, Daniela; Grégio, André; de Geus, Paulo Lício. Lumus: Dynamically Uncovering Evasive Android Applications. Chen, Liqun; Manulis, Mark; Schneider, Steve (Ed.): Information Security, pp. 47–66, Springer International Publishing, Cham, 2018, ISBN: 978-3-319-99136-8.
Older Publications
Journals
BOTACIN, M. F.; GEUS, P. L., GRÉGIO, A. R. A. The Other Guys: Automated Analysis of Marginalized Malware. Journal of Computer Virology and Hacking Techniques, 2017.
GRÉGIO, A. R. A.; BONACIN, R.; MARCHI, A. C.; NABUCO, O. F.; GEUS, P. L. An ontology of suspicious software behavior. Applied Ontology (Online), v. 11, p. 29-49, 2016.
GRÉGIO, A. R. A.; AFONSO, V. M ; FILHO, D. S. F.; GEUS, P. L.; JINO, M. Toward a Taxonomy of Malware Behaviors. Computer Journal (Print), v. 58, p. bxv047-2758-2777, 2015.
AFONSO, V. M.; AMORIM, M. F.; GRÉGIO, A. R. A.; JUNQUERA, G. B.; GEUS, P. L. Identifying Android malware using dynamically obtained features. Journal of Computer Virology and Hacking Techniques, v. 11, p. 9-17, 2014.
Conferences (International)
Sun, R.; Yuan, X.; Lee, A.; Bishop, M.; Porter, D. E.; Li, X.; Grégio, A. R. A.; Oliveira, D. The Dose Makes the Poison - Leveraging Uncertainty for Effective Malware Detection. In: IEEE Conference on Dependable and Secure Computing (DSC), 2017, Taipei/Taiwan.
Pinno, O. J. A.; Grégio, A. R. A.; Bona, L. C. E. ControlChain: Blockchain as a central enabler for access control authorizations in the IoT. In: IEEE Global Communications Conference (GLOBECOM), 2017, Singapura.
Grégio, A. R. A; Fernandes, D. S.; Afonso, V. M.; Geus, P. L.; Martins, V. F.; Jino, M. An empirical analysis of malicious internet banking software behavior. In: 28th Annual ACM Symposium on Applied Computing (SAC) - Security Track, 2013, Coimbra/Portugal.
Afonso, V. M.; Fernandes, D. S.; Grégio, A. R. A; Geus, P. L.; Jino, M. A hybrid framework to analyze web and OS malware. In: IEEE International Conference on Communications (ICC), 2012, Ottawa/Canada.
Grégio, A. R. A; Geus, P. L.; Kruegel, C.; Vigna, G. Tracking Memory Writes for Malware Classification and Code Reuse Identification. In: 9th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), 2012, Heraklion/Crete/Greece.