Massimiliano AlbaneseGeorge Mason University | GMU · Department of Information Sciences and Technology
Massimiliano Albanese
Ph.D. in Computer Science and Engineering
About
123
Publications
62,030
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,200
Citations
Introduction
Massimiliano Albanese is an Associate Professor in the Department of Information Sciences and Technology at George Mason University, where he is also serving as the Associate Director of the Center for Secure Information Systems (CSIS), and the Codirector of the Laboratory for IT Entrepreneurship (LITE). Dr. Albanese received his Ph.D. degree in Computer Science and Engineering in 2005 from the University of Naples Federico II, and joined George Mason University in 2011 after serving as a Postdoctoral Researcher at the University of Maryland. His research interests are in the area of Information and Network Security. Dr. Albanese is one of the only three recipients of the 2014 Mason Emerging Researcher/Scholar/Creator Award, one of the most prestigious honors at Mason.
Skills and Expertise
Additional affiliations
August 2013 - present
Publications
Publications (123)
Intrusion Detection Systems (IDS) are strategically installed on specific nodes of an enterprise network to detect ongoing attempts to exploit vulnerable systems. However, deploying a large number of detection rules in each IDS may reduce their efficiency and effectiveness, especially when an IDS is monitoring high-speed data communication channels...
This paper analyzes the tradeoffs between performance and resilience against cyber attacks of applications organized as workflows. The static nature of current workflows is a major benefit to attackers. To combat this advantage, a promising new approach inspired to Moving Target Defense (MTDs) was developed to increase a workflow’s robustness to cy...
This paper analyzes the tradeoffs between performance and resilience against cyber attacks of applications organized as workflows. The static nature of current workflows is a major benefit to attackers. To combat this advantage, a promising new approach inspired to Moving Target Defense (MTDs) was developed to increase a workflows robustness to cyb...
For more than a decade, the notion of attack surface has been used to define the set of vulnerable assets that an adversary may exploit to penetrate a system, and various metrics have been developed to quantify the extent of a system's attack surface. However, most approaches to tackle this problem have failed to consider the complex interdependenc...
Fingerprint‐based authentication has been successfully adopted in a wide range of applications, including law enforcement and immigration, due to its numerous advantages over traditional password‐based authentication. Despite the usability and accuracy of this technology, some significant concerns still exist, which can potentially hinder its furth...
One of the first lines of defense against cyberattacks is to understand and evaluate the weaknesses and vulnerabilities that a system exposes to malicious users. To address this need, several scoring systems have been developed, providing security analysts and practitioners with a means of quantifying the severity of common weaknesses and vulnerabi...
Fingerprint-based authentication has been successfully adopted in a wide range of applications, including law enforcement and immigration, due to its numerous advantages over traditional password-based authentication. However, despite the usability and accuracy of this technology, some significant concerns still exist, which can potentially hinder...
Cloud technologies are currently experiencing a remarkable degree of pervasiveness in most of the applications and services that are consumed daily by both individual users and companies. The sheer volume of sensitive data and operations that are regularly outsourced to the cloud calls for the adoption of adequate measures to fulfill the existing s...
Addressing security misconfiguration in complex distributed systems, such as networked Industrial Control Systems (ICS) and Internet of Things (IoT) is challenging. Owners and operators must go beyond tuning parameters of individual components and consider the security implications of configuration changes on entire systems. Given the growing scale...
Moving Target Defense (MTD) has the potential to increase the cost and complexity for threat actors by creating asymmetric uncertainty in the cyber security landscape. The tactical advantages that MTD can provide to the defender have led to the development of a vast array of diverse techniques, which are designed to operate under different constrai...
Cyberattacks are typically preceded by a reconnaissance phase in which attackers aim at collecting valuable information about the target system, including network topology, service dependencies, operating systems (OSs), and unpatched vulnerabilities. Unfortunately, when system configurations are static, given enough time, attackers can always acqui...
Organizations increasingly rely on complex networked systems to maintain operational efficiency. While the widespread adoption of network-based IT solutions brings significant benefits to both commercial and government organizations, it also exposes them to an array of novel threats. Specifically, malicious actors can use networks of compromised an...
This chapter introduces cyber security researchers to key concepts in the data streaming and sketching literature that are relevant to Adaptive Cyber Defense (ACD) and Moving Target Defense (MTD). We begin by observing the challenges met in the big data realm. Particular attention is paid to the need for compact representations of large datasets, a...
Complex distributed systems are inherently difficult to secure due to the many interdependencies amongst their components, vulnerabilities, and configuration parameters. To address this problem, we present an approach for improving the security posture of distributed systems by examining the security impact of configuration changes across their int...
Malicious actors use networks of compromised and remotely controlled hosts, known as botnets, to execute different classes of cyberattacks, including exfiltration of sensitive data. Recently, we have observed a trend toward more resilient botnet architectures, departing from traditional centralized architectures and enabling botnets to evade detect...
In the cyber security landscape, the asymmetric relationship between defender and attacker tends to favor the attacker: while the defender needs to protect a system against all possible ways of breaching it, the attacker needs to identify and exploit only one vulnerable entry point in order to succeed. In this chapter, we show how we can effectivel...
Moving Target Defense (MTD) has recently emerged as a game changer in the security landscape due to its proven potential to introduce asymmetric uncertainty that gives the defender a tactical advantage over the attacker. Many different MTD techniques have been developed, but, despite the huge progress made in this area, critical gaps still exist wi...
Cyber reconnaissance is the process of gathering information about a target network for the purpose of compromising systems within that network. Network-based deception has emerged as a promising approach to disrupt attackers’ reconnaissance efforts. However, limited work has been done so far on measuring the effectiveness of network-based deceptio...
The objective of the 5th ACM Workshop on Moving Target Defense (MTD 2018) - held in Toronto, Canada on October 15, 2018, in conjunction with the 24th ACM Conference on Computer and Communications Security (ACM CCS 2018) - is to bring together researchers from academia, government, and industry to discuss novel randomization, diversification, and dy...
In recent years, Advanced Persistent Threats (APTs) have emerged as increasingly sophisticated cyber attacks, often waged by state actors or other hostile organizations against high-profile targets. APT actors employ a diversified set of sophisticated tools and advanced capabilities to penetrate target systems, evade detection, and maintain a footh...
In today’s IT landscape, organizations are increasingly exposed to an array of novel and sophisticated threats—including advanced persistent threats (APTs) and distributed denial-of-service (DDoS) attacks—which can bypass traditional defenses and persist in target systems indefinitely. Threat actors often rely on networks of compromised and remotel...
In the last several decades, networked systems have grown in complexity and sophistication, introducing complex interdependencies amongst their numerous and diverse components. Attackers can leverage such interdependencies to penetrate seemingly well-guarded networks through sophisticated multi-step attacks. Research has shown that explicit and imp...
In recent years, Advanced Persistent Threats (APTs) have emerged as increasingly sophisticated cyber attacks, often waged by state actors or other hostile organizations against high-profile targets. APT actors employ a diversified set of sophisticated tools and advanced capabilities to penetrate target systems, evade detection, and maintain a footh...
Modern botnets can persist in networked systems for extended periods of time by operating in a stealthy manner. Despite the progress made in the area of botnet prevention, detection, and mitigation, stealthy botnets continue to pose a significant risk to enterprises. Furthermore, existing enterprise-scale solutions require significant resources to...
In recent years, Moving Target Defense (MTD) has emerged as a potential game changer in the security landscape, due to its potential to create asymmetric uncertainty that favors the defender. Many different MTD techniques have then been proposed, each addressing an often very specific set of attack vectors. Despite the huge progress made in this ar...
In this chapter, we present a framework that integrates an array of techniques and automated tools designed with the objective of drastically enhancing the Cyber Situation Awareness process. This framework incorporates the theory and the tools we developed to answer – automatically and efficiently – some of the fundamental questions security analys...
In this chapter, we provide an overview of Cyber Situational Awareness, an emerging research area in the broad field of cyber security, and discuss, at least at a high level, how to gain Cyber Situation Awareness. Our discussion focuses on answering the following questions: What is Cyber Situation Awareness? Why is research needed? What are the cur...
Moving Target Defense (MTD) has emerged as a game changer in the security landscape, as it can create asymmetric uncertainty favoring the defender. Despite the significant work done in this area and the many different techniques that have been proposed, MTD has not yet gained widespread adoption due to several limitations. Specifically, interaction...
We describe results from a semester-long class taught by seven faculty at George Mason University, aimed at providing resources to engage students in idea generation, design cycle development, and finally elaboration of a business plan. This is intended to alleviate a perceived lack of access for students to commercialize their ideas. Undergraduate...
Botnets are increasingly being used for exfiltrating sensitive data from mission-critical systems. Research has shown that botnets have become extremely sophisticated and can operate in stealth mode by minimizing their host and network footprint. In order to defeat exfiltration by modern botnets, we propose a moving target defense approach for dyna...
Distributed denial-of-service attacks are an increasing problem facing web applications, for which many defense techniques have been proposed, including several moving-target strategies. These strategies typically work by relocating targeted services over time, increasing uncertainty for the attacker, while trying not to disrupt legitimate users or...
Cyber attacks are typically preceded by a reconnaissance phase in which attackers aim at collecting valuable information about the target system, including network topology, service dependencies, operating systems, and unpatched vulnerabilities. Unfortunately, when system configurations are static, attackers will always be able, given enough time,...
Diversity has long been regarded as a security mechanism for improving the resilience of software and networks against various attacks. More recently, diversity has found new applications in cloud computing security, moving target defense, and improving the robustness of network routing. However, most existing efforts rely on intuitive and imprecis...
It is well known that not all intrusions can be prevented and additional lines of defense are needed to deal with intruders. However, most current approaches use honey-nets relying on the assumption that simply attracting intruders into honeypots would thwart the attack. In this chapter, we propose a different and more realistic approach, which aim...
Online social networks (OSNs) have become extremely popular in recent years, and their widespread adoption has led to the presence of huge volumes of users’ personal information on the Internet. The ever-increasing number of social networks’ users on one hand and the massive amount of information being shared daily on the other hand have encouraged...
Cyber attacks are typically preceded by a reconnaissance phase in which attackers aim at collecting valuable information about the target system, including network topology, service dependencies, and unpatched vulnerabilities. Unfortunately, when system configurations are static, attackers will always be able, given enough time, to acquire accurate...
Having discussed the importance and key features of CSA, both in general and in comparison with a better known Kinetic Situational Awareness, we now proceed to explore how and from where the CSA emerges. Formation of Cyber Situational Awareness is a complex process that goes through a number of distinct phases and produces a number of distinct outp...
Computer systems are vulnerable to both known and zeroday attacks. Although known attack patterns can be easily modeled, thus enabling the definition of suitable hardening strategies, handling zero-day vulnerabilities is inherently difficult due to their unpredictable nature. Previous research has attempted to assess the risk associated with unknow...
An ever increasing number of critical missions rely today on complex Information Technology infrastructures, making such missions vulnerable to a wide range of potentially devastating cyber-attacks. Attackers can exploit network configurations and vulnerabilities to incrementally penetrate a network and compromise critical systems, thus rendering s...
The interest in diversity as a security mechanism has recently been revived in various applications, such as Moving Target Defense (MTD), resisting worms in sensor networks, and improving the robustness of network routing. However, most existing efforts on formally modeling diversity have focused on a single system running diverse software replicas...
Intrusion detection and alert correlation are valuable and complementary techniques for identifying security threats in complex networks. Intrusion detection systems monitor network traffic for suspicious behavior, and trigger security alerts. Alert correlation methods can aggregate such alerts into multi-step attacks scenarios. However, both metho...
There are numerous applications where we wish to discover unexpected activities in a sequence of time-stamped observation data--for instance, we may want to detect inexplicable events in transactions at a website or in video of an airport tarmac. In this paper, we start with a known set $({cal A})$ of activities (both innocuous and dangerous) that...
In this chapter, we provide a brief review of related work, including attack graphs and applications, existing network hardening techniques, and other relevant topics, such as alert correlation and security metrics.
In this monograph we have presented an abstraction-based approach to intrusion detection in distributed systems, where the component systems are usually heterogeneous and/or autonomous. To address heterogeneity and autonomy of distributed environments, the concept of system view was introduced to provide an abstract interface between different hete...
In defending one’s network against cyber attacks, certain vulnerabilities may seem acceptable risks when considered in isolation. But an intruder can often infiltrate a seemingly well-guarded network through a multi-step intrusion, in which each step prepares for the next. Attack graphs can reveal the threat by enumerating possible sequences of exp...
Attack graph analysis has been established as a powerful tool for analyzing network vulnerability. However, previous approaches to network hardening look for exact solutions and thus do not scale. Further, hardening elements have been treated independently, which is inappropriate for real environments. For example, the cost for patching many system...
In this chapter, we briefly review some important concepts that are relevant to further discussions. First, we introduce attack graph and its related concepts. Second, we formalize the network hardening problem. Third, we briefly review standard heuristic approaches and their applicability to network hardening.
Recent years have seen a rapid increase in the use of heterogeneous distributed systems for deploying critical missions. This trend is motivated by the flexibility and great processing capabilities that such systems can offer. However, their inherent complexity makes them prone to a wide range of cyber attacks. Efficiently scheduling mission tasks...
The huge technological progress we have witnessed in the last decade has enabled us to generate data at an unprecedented rate, leading to what has become the era of big data. However, big data is not just about generating, storing, and retrieving massive amounts of data. The focus should rather be on new analytical approaches that would enable us t...
Automatic service composition finds applicability in many different domains. Composition comes into play when a user's request cannot be fulfilled by a single software module, but the composition of multiple modules can provide the requested services. In many application domains it is important to be able to express QoS and security attributes asso...
The extraordinary technological progress we have witnessed in recent years has made it possible to generate and exchange multimedia content at an unprecedented rate. As a consequence, massive collections of multimedia objects are now widely available to a large population of users. As the task of browsing such large collections could be daunting, R...
Recent years have seen a growing interest in the use of Cloud Computing facilities to execute critical missions. However, due to their inherent complexity, most Cloud Computing services are vulnerable to multiple types of cyber-attacks and prone to a number of failures. Current solutions focus either on the infrastructure itself or on mission analy...
Mechanisms for continuously changing or shifting a system's attack surface are emerging as game-changers in cyber security. In this paper, we propose a novel defense mechanism for protecting the identity of nodes in Mobile Ad Hoc Networks and defeat the attacker's reconnaissance efforts. The proposed mechanism turns a classical attack mechanism - S...
Mobile Ad-hoc Networks (MANETs) are frequently exposed to a wide range of cyber threats due to their unique characteristics. The lack of a centralized monitoring and management infrastructure and the dynamic nature of their topology pose new and interesting challenges for the design of effective security mechanisms. While conventional methods prima...
Techniques aimed at continuously changing a system's attack surface, usually referred to as Moving Target Defense (MTD), are emerging as powerful tools for thwarting cyber attacks. Such mechanisms increase the uncertainty, complexity, and cost for attackers, limit the exposure of vulnerabilities, and ultimately increase overall resiliency. In this...
Recent years have seen a growing interest in mission-centric operation of large-scale distributed systems. However, due to their complexity, these systems are prone to failures and vulnerable to a wide range of cyber-attacks. Current solutions focus either on the infrastructure itself or on mission analysis, but fail to consider information about t...
Today, numerous applications require the ability to monitor a continuous stream of fine-grained data for the occurrence of certain high-level activities. A number of computerized systems-including ATM networks, web servers, and intrusion detection systems-systematically track every atomic action we perform, thus generating massive streams of timest...
One of the most important challenges in the information access field, especially for multimedia repositories, is information overload. To cope with this problem, in this paper, the authors present a strategy for a recommender system that computes customized recommendations for users’ accessing multimedia collections, using semantic contents and low...
With the enormous amount of textual information now available online, there is an increasing demand – especially in the national security community – for tools capable of automatically extracting certain types of information from massive amounts of raw data. In the last several years, ad-hoc Information Extraction (IE) systems have been developed t...
Attack graph analysis has been established as a powerful tool for analyzing network vulnerability. However, previous approaches to network hardening look for exact solutions and thus do not scale. Further, hardening elements have been treated independently, which is inappropriate for real environments. For example, the cost for patching many system...
Mobile Ad Hoc Networks (MANETs) represent an attractive and cost effective solution for providing connectivity in areas where a fixed infrastructure is not available or not a viable option. However, given their wireless nature and the lack of a stable infrastructure, MANETs are susceptible to a wide range of attacks waged by malicious nodes physica...
The cyber situational awareness of an organization determines its effectiveness in responding to attacks. Mission success is highly dependent on the availability and correct operation of complex computer networks, which are vulnerable to various types of attacks. Today, situational awareness capabilities are limited in many ways, such as inaccurate...