from 1st March to 31st May

Publications & Demonstrators

All accepted publications from SPARTA partners under its funding as well as videos presenting some of the work done under SPARTA


VisualDroid: automatic triage and detection of Android repackaged applications

Rosangela Casolare, Carlo De Dominicis, Fabio Martinelli, Francesco Mercaldo, Antonella Santone

Considering the pervasiveness of mobile devices, malicious writers are constantly focusing their attention in developing malicious payload aimed to gather sensible information from mobile devices without user content. As a matter of fact, it is really easy for malware writers to embed malicious payloads into legitimate applications, by applying the...More>>

Domains: Android

Towards Visual Debugging for Multi-Target Time Series Classification

Udo Schlegel, Eren Cakmak, Hiba Arnout, Mennatallah El-Assady, Daniela Oelke, Daniel A Keim

Multi-target classification of multivariate time series data poses a challenge in many real-world applications (e.g., predictive main- tenance). Machine learning methods, such as random forests and neural networks, support training these classifiers. However, the debugging and analysis of possible misclassifications remain chal- lenging due to the often complex relations between...More>>

Domains: Classification

Towards Using Source Code Repositories to Identify Software Supply Chain Attacks

Duc Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta

Increasing popularity of third-party package repositories, like NPM, PyPI, or RubyGems, makes them an attractive target for software supply chain attacks. By injecting malicious code into legitimate packages, attackers were known to gain more than 100 000 downloads of compromised packages. Current approaches for identifying malicious payloads are resource demanding....More>>

Domains: Software, Supply, Chain, Attacks

Towards Quantum-Enhanced Machine Learning for Network Intrusion Detection

Arnaldo Gouveia, Miguel Correia

Network Intrusion Detection Systems (NIDSs) are commonly used today to detect malicious activities. Quantum computers, despite not being practical yet, are becoming available for experimental purposes. We present the first approach for applying unsupervised Quantum Machine Learning (QML) in the context of network intrusion detection from the perspective of quantum...More>>

Domains: Network, Intrusion, Detection, System

Towards an Interpretable Deep Learning Model for Mobile Malware Detection and Family Identification

Giacomo Iadarola, Fabio Martinelli, Francesco, Antonella Santone

Mobile devices are pervading everyday activities of our life. Each day we store a plethora of sensitive and private information in smart devices such as smartphones or tablets, which are typically equipped with an always-on internet connection. These information are of interest for malicious writers that are developing more and...More>>

Domains: Malicious, softwareMalwareExplainabilityInterpretabilityDeep, LearningArtificial, IntelligenceSecurityAndroid

Machine Learning - the results are not the only thing that matters! What about security, explainability and fairness?

Szczepanski, Choras, Pawlicki, Kozik

Recent advances in machine learning (ML) and the surge in computational power have opened the way to the proliferation of ML and Artificial Intelligence (AI) in many domains and applications. Still, apart from achieving good accuracy and results, there are many challenges that need to be discussed in order to...More>>

Domains: Machine, Learning, (ML), AI, Secure, ML, Explainable, Fairness

SEkey: A Distributed Hardware-based Key Management System

Matteo Fornero, Nicolò Maunero, Paolo Prinetto, Antonio Varriale

Cryptography plays a key role in all the aspects of today cybersecurity and any cryptographic approach relies on cryptographic keys, i.e., series of bits that determine how a plain text is encrypted and decrypted, according to an agreed algorithm. The secrecy and security of an encryption key are thus crucial...More>>

Domains: cryptography, , telecommunication, security

Requirements for a Lightweight AKE for OSCORE

M. Vucinic, G. Selander, J. Mattsson, D. Garcia

This document compiles the requirements for a lightweight authenticated key exchange protocol for OSCORE.

Domains: security

Predicting Probability of Default Under IFRS 9 Through Data Mining Techniques

Fabio Martinelli, Francesco Mercaldo, Domenico Raucci, Antonella Santone

Data mining techniques were employed to automatise decision-making processes in several domains. In the banking context, the introduction of IFRS 9 on Financial Instruments has impacted not only on the area of accounting and financial reporting, but also on banks’ credit risk measurement and management processes, promoting effective and efficient...More>>

Domains: IFRS, 9, Expected, Loss, Approach, Credit, risk, assessment, Probability, of, default, Banking, context