Publications
publications
Lastmod: 2021-03-01
  • My Google Scholar profile

  • I am one of the authoring member of the First.org/NIST Common Vulnerability Scoring System Standard. First.org CVSS Special Interest Group (Authoring member). Common Vulnerability Scoring System (CVSS) v3. Published at http://www.first.org/cvss.

Some highlights

  • Martin Rosso, Michele Campobasso, Ganduulga Gankhuyag, Luca Allodi. SAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation Centers. In Proceedings of the 36th Annual Computer Security Applications Conference (ACSAC 2020). (acc. rate 23%) Distinguished Paper with Artifacts Award. Preprint.
  • Michele Campobasso, Luca Allodi. Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale. In Proceedings of the ACM Conference on Computer and Communications Security (ACM CCS 2020). (acc. rate 17%) Preprint.
  • Amber van der Heijden, Luca Allodi. Cognitive Triaging of Phishing Attacks. In Proceedings of Usenix Security 2019 (Acc. rate 16%). Preprint.
  • Luca Allodi. 2017. Economic Factors of Vulnerability Trade and Exploitation. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘17). ACM, New York, NY, USA, 1483-1499. DOI: https://doi.org/10.1145/3133956.3133960 (Acc. rate 18%). Preprint.
  • Allodi, L. and Massacci, F. (2017), Security Events and Vulnerability Data for Cybersecurity Risk Estimation. Risk Analysis, 37: 1606–1627. doi:10.1111/risa.12864 Impact factor: 2.225, ISI Journal Citation Reports Ranking: 2015: 649 (Social Sciences Mathematical Methods); 17101 (Mathematics Interdisciplinary Applications). Pre pub version.

Journals

  1. Allodi, L., Massacci, F., Williams, J. The Work-Averse Cyber Attacker Model: Theory and Evidence From Two Million Attack Signatures. Risk Analysis. To appear.
  2. Allodi, L., Cremonini, M., Massacci, F. et al. Measuring the accuracy of software vulnerability assessments: experiments with students and professionals. Empirical Software Engineering (2020). Scopus citescore 2018: 5.61. 91st percentile (31358 in CS:Software). Open Access, doi:10.1007/s10664-019-09797-4.
  3. Allodi, L. and Massacci, F. (2017), Security Events and Vulnerability Data for Cybersecurity Risk Estimation. Risk Analysis, 37: 1606–1627. doi:10.1111/risa.12864 Impact factor: 2.225, ISI Journal Citation Reports Ranking: 2015: 649 (Social Sciences Mathematical Methods); 17101 (Mathematics Interdisciplinary Applications). Pre pub version.
  4. Luca Allodi, Marco Corradin, Fabio Massacci. Then and Now: On The Maturity of the Cybercrime Markets. The lesson black-hat marketeers learned. IEEE Transactions on Emerging Topics in Computing, 4(1):35–46, Jan 2016. Impact factor: 4.12 (2016 Scopus CiteScore). Prepub version.
  5. Luca Allodi, Fabio Massacci. Comparing vulnerability severity and exploits using case-control studies. ACM Transactions on Information and System Security (TISSEC). 17, 1, Article 1 (August 2014), 20 pages. Impact factor: 3.45 (2014 Scopus CiteScore); flagship ACM journal on security. PDF.

Policy (white) papers

  1. Winnona DeSombre, James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, Luca Allodi, and Trey Herr. Countering cyber proliferation: Zeroing in on Access-as-a-Service. Atlantic Council, 2021. Available on the Atlantic Council’s website.
  2. Winnona DeSombre, Michele Campobasso, Luca Allodi, Dr. James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, and Dr. Trey Herr. A primer on the proliferation of offensive cyber capabilities. Atlantic Council, 2021. Available on the Atlantic Council’s website.

Conferences

  1. Simone Pirocca, Luca Allodi, Nicola Zannone. A Toolkit for Security Awareness Training Against Targeted Phishing. In proceedings of the 2020 International Conference on Information Systems Security (ICISS 2020) Publisher link, Preprint.
  2. Martin Rosso, Michele Campobasso, Ganduulga Gankhuyag, Luca Allodi. SAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation Centers. In Proceedings of ACSAC 2020. (acc. rate 23%) Distinguished Paper with Artifacts Award Preprint.
  3. Michele Campobasso, Luca Allodi. Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale. In Proceedings of the ACM Conference on Computer and Communications Security (ACM CCS 2020). (acc. rate 17%) Preprint.
  4. Pavlo Burda, Luca Allodi, Nicola Zannone. Don’t Forget the Human: a Crowdsourced Approach to Automate Response and Containment Against Spear Phishing Attacks. In Proceedings of EuroSP WACCO 2020. Proceedings version .
  5. Giorgio Di Tizio, Fabio Massacci, Luca Allodi, Stanislav Dashevskyi, Jelena Mirkovic. An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). Publisher version.
  6. Pavlo Burda, Tzouliano Chotza, Luca Allodi, Nicola Zannone. Testing the effectiveness of tailored phishing techniques in industry and academia: a field experiment. In Proceedings of ARES 2020. Preprint .
  7. Amber van der Heijden, Luca Allodi. Cognitive Triaging of Phishing Attacks. In Proceedings of Usenix Security 2019 (Acc. rate 16%). Preprint .
  8. Luca Allodi, Tzouliano Chotza, Ekaterina Panina, and Nicola Zannone. On the need for new anti-phishing measures against spear phishing attacks. IEEE Security & Privacy, 18(2), 23-34 (2019).. Preprint.
  9. Pavlo Burda, Cohen Boot, Luca Allodi. Characterizing the Redundancy of DarkWeb .onion Services. In Proceedings of the 2019 International Conference on Availability, Reliability, and Security (ARES). Proceedings version.
  10. Donatello Luna, Luca Allodi, and Marco Cremonini. Productivity and patterns of activity in bug bounty programs: Analysis of hackerone and google vulnerability research. In Proceedings of the 2019 International Conference on Availability, Reliability and Security (ARES)
  11. Michele Campobasso, Pavlo Burda, Luca Allodi. CARONTE: Crawling Adversarial Resources Over Non-Trusted, High-Profile Environments. In Proceedings of the 2019 IEEE EuroS&P Workshop on Attackers and Cyber-Crime Operations. Preprint.
  12. Laura Genga, Luca Allodi, Nicola Zannone. Unveiling Systematic Biases in Decisional Processes. An Application to Discrimination Discovery. In Proceedings of ASIACCS 2019. PDF.
  13. Roland van Rijswijk-Deij, Gijs Rijnders, Matthijs Bomhoff, Luca Allodi. Privacy-Conscious Threat Intelligence Using DNSBLOOM. 2019 IFIP/IEEE International Symposium on Integrated Network Management (IM 2019). Link to open access paper.
  14. Luca Allodi. Underground Economics for Vulnerability Risk. Usenix ;login: (2018), Vol 43, no. 1. Link to publisher. Preprint .
  15. Luca Allodi, Marco Cremonini, Fabio Massacci, Woohyun Shim. The effect of security education and expertise on security assessments: the case of software vulnerabilities. Presented at WEIS 2018, Innsbruck, AT. Preprint.
  16. Jukka Ruohonen, Luca Allodi. A bug bounty perspective on the disclosure of web vulnerabilities. Presented at WEIS 2018, Innsbruck, AT. Preprint.
  17. Tho Le, Roland van Rijswijk-Deij, Luca Allodi and Nicola Zannone. Economic Incentives on DNSSEC Deployment: Time to Move from Quantity to Quality. Proceedings of the 16th IEEE/IFIP Network Operations and Management Symposium (NOMS 2018). Preprint.
  18. Luca Allodi and Sandro Etalle. 2017. Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions. In Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense (SafeConfig ‘17). ACM, New York, NY, USA, 23-26. DOI: https://doi.org/10.1145/3140368.3140372 Preprint.
  19. Luca Allodi. 2017. Economic Factors of Vulnerability Trade and Exploitation. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘17). ACM, New York, NY, USA, 1483-1499. DOI: https://doi.org/10.1145/3133956.3133960 (Acc. rate 18%). Preprint .
  20. Luca Allodi, Fabio Massacci. Attack potential in Impact and Complexity. In the Proceedings of ARES 2017. Preprint.
  21. Allodi, L., Biagioni, S., Crispo, B., Labunets, K., Massacci, F., & Santos, W. (2017, November). Estimating the Assessment Difficulty of CVSS Environmental Metrics: An Experiment. In International Conference on Future Data and Security Engineering (pp. 23-39). Springer, Cham.
  22. Luca Allodi, Fabio Massacci, Julian Williams. The Work-Averse Cyber Attacker Model. Evidence from two million attack signatures. Presented at WEIS 2017. SSRN version.
  23. Luca Allodi, Fabio Massacci. The Work-Averse Attacker Model. In the Proceedings of the 2015 European Conference on Information Systems (ECIS 2015). PDF.
  24. Luca Allodi. The Heavy Tails of Vulnerability Exploitation In the Proceedings of ESSoS 2015. To be published by Springer by March 2015. PDF.
  25. Luca Allodi, Luca Chiodi, Marco Cremonini. Self-Organizing Techniques for Knowledge Diffusion in Dynamic Social Networks. in Proceedings of the 5th Workshop on Complex Networks. CompleNET 2014. PDF.
  26. Luca Allodi. Attacker economics for Internet-scale vulnerability risk assessment (Extended Abstract) Research proposal, in Proceedings of Usenix LEET 2013. PDF.
  27. Luca Allodi, Vadim Kotov, Fabio Massacci. MalwareLab: Experimentation with Cybercrime Attack Tools. In Proceedings of Usenix CSET 2013. PDF.
  28. Luca Allodi, Fabio Massacci. How CVSS is DOSsing your patching policy (and wasting your money). Presentation at BlackHat USA 2013. Slides | White paper to come too (end of Aug)
  29. Luca Allodi Fabio Massacci. Analysis of exploits in the wild. Or: do Cybersecurity Standards Make Sense? Poster at IEEE Symposium on Security & Privacy 2013. PDF
  30. Luca Allodi, Woohyun Shim, Fabio Massacci. Quantitative assessment of risk reduction with cybercrime black market monitoring. Proceedings of IEEE S&P 2013 International Workshop on Cyber Crime. PDF
  31. Woohyun Shim, Luca Allodi, Fabio Massacci. Crime Pays If You Are Just an Average Hacker. Proceedings of IEEE/ASE 2012 Cyber Security Conference. PDF
    Conference acceptance rate: 9%. Complementary publication in ASE Journal, 2012, Vol. 2. Journal acceptance rate: 3%. Best paper award.
  32. Luca Allodi, Fabio Massacci. A Preliminary Analysis of Vulnerability Scores for Attacks in Wild. Proceedings of BADGERS 2012 CCS Workshop. PDF.
  33. Luca Allodi, Fabio Massacci, Woohuyn Shim. Crime payes if you are just an average hacker. Accepted Poster at GameSec 2012.+ Luca Allodi. The dark side of vulnerability exploitation. Proceedings of the 2012 ESSoS Conference Doctoral Symposium. link [PDF].
  34. Luca Allodi, Marco Cremonini, Luca Chiodi. The asymmetric diffusion of trust between communities: Simulations in dynamic social networks. Proceedings of the 2011 Winter Simulation Conference. June 13, 2011. Finalist “Best Theoretical Paper Award Wintersim 2011” link
  35. Luca Allodi, Marco Cremonini, Luca Chiodi. Modifying Trust Dynamics through Cooperation and Defection in Evolving Social Networks. Springer LNCS 6740, pp. 131-145, 2011. link.