In my research work, I study how bot infected machines interact with third party services. A functional botnet has to contact legitimate services to carry out its malicious activities. For example, it has to use DNS to locate other servers and SMTP to send out spam. Unlike Command and Control traffic, this communication cannot be obfuscated, because the third party service has to understand it. In addition, bots use such services in a very different way than legitimate users, the main reason being that their goal is very different: while users want to have a good user experience, bots are interested in spreading malicious content as fast as possible.
For these reasons, I study the differences in which bots use such services compared to real users. So far, I focused on Social Networks and SMTP servers. You can find my papers here.
I was born in Genova, a large coastal city in northern Italy. Once upon a time, my fellow citizens ruled the seven seas. Nowadays, they are mostly known for having invented pesto sauce. Much to your surprise, we usually put pesto on pasta, and nobody ever dared putting it on chicken. Also, Genova is the birth place of Christopher Columbus, who wanted to get to India heading west, but discovered America instead. We also invented an American icon such as Blue Jeans.
A hundred years ago, poor Italians used to leave from Genova on huge ships looking for a new life in the United States. Nowadays, most Italians leaving the country are high educated people looking for qualified jobs. They typically get to the US by plane.
I'm a PhD candidate in the Department of Computer Science at University of California, Santa Barbara. I work in the Computer Security Lab, advised by Professors Christopher Kruegel and Giovanni Vigna. Before being here, I studied computer enginnering at University of Genova, in Italy, where I received my Bachelor degree in 2006 and my Master's degree in 2009. During my studies in Italy, I have been vice president of the computer science club 0p3n_l4b, which organizes activities related to free software. I was also involved in various open source projects, which unfortunately are long time dead. My research interests span various fields of computer security, in particular botnet and spam mitigation, social network security, and intrusion detection.
If you are planning on applying to grad school, you can look up which PhD programs are best for you here.
If you want to start doing research in my field, you can read my Major Area Exam Writeup. This should give you a good overview on what has been done so far in the field of botnet and spam mitigation, and what are the challenges. Also, a more comprehensive reading list is available here.
If you are lazy, or just want to get a feeling on what's going on in the field, you can take a look at my slides.