Marco Zuppelli
Research Activity
Information Hiding, Steganography, Covert Channels.
Bio
Marco Zuppelli is a third year PhD student at University of Genoa and a research fellow at the Institute for Applied Mathematics and Information Technologies of the National Research Council of Italy. Within the European Project SIMARGL (Secure Intelligent Methods for Advanced RecoGnition of malware and stegomalware), he investigates novel detection methods for steganographic malware exploiting both network and local covert channels. His main research interests are the use of in-kernel methodologies (e.g., the extended Berkeley Packet Filter) to collect information on software/network components, and the design of mechanisms for detecting malicious communications in an efficient, scalable and extensible manner. Moreover, he is studying and analyzing mitigation techniques targeting malware able to conceal itself into digital objects, such as images.
Ongoing Projects
Publications
2022, Journal article
Code Layering for the Detection of Network Covert Channels in Agentless Systems
M. Zuppelli, M. Repetto, A. Schaffhauser, W. Mazurczyk, L. Caviglione
The growing interest in agentless and serverless environments for the implementation of virtual/container network functions makes monitoring and inspection of network services challenging tasks. A maj...
CNR@People | DOI: 10.1109/TNSM.2022.3176752
2022, Journal article
IPv6CC: IPv6 Covert Channels for Testing Networks Against Stegomalware and Data Exfiltration
L. Caviglione, A. Schaffhauser, M. Zuppelli, W. Mazurczyk
IPv6CC is a suite of network covert channels targeting the IPv6 protocol. Its main scope is supporting penetration test campaigns to evaluate the security of a system against emerging information-hidi...
CNR@People | DOI: 10.1016/j.softx.2022.100975
2021, Journal article
An Effective and Efficient Approach to Improve Visibility Over Network Communications
Marco Zuppelli, Alessandro Carrega, Matteo Repetto
Modern applications and services increasingly leverage network infrastructures, cyber-physical systems and distributed computing paradigms to offer unprecedented pervasive and immersive experience to ...
CNR@People | DOI: 10.22667/JOWUA.2021.12.31.089
2021, Journal article
Covert Channels in Transport Layer Security: Performance and Security Assessment
Corinna Heinz, Marco Zuppelli, Luca Caviglione
The ability of creating covert channels within network traffic is now largely exploited by malware to elude detection, remain unnoticed while exfiltrating data or coordinating an attack. As a conseque...
CNR@People | DOI: 10.22667/JOWUA.2021.12.31.022
2021, Journal article
Kernel-level Tracing for Detecting Stegomalware and Covert Channels in Linux Environments
Luca Caviglione, Wojciech Mazurczyk, Matteo Repetto, Andreas Schaffhauser, and Marco Zuppelli
Modern malware is becoming hard to spot since attackers are increasingly adopting new techniques to elude signature- and rule-based detection mechanisms. Among the others, steganography and informatio...
CNR@People | DOI: 10.1016/j.comnet.2021.108010
Code Layering for the Detection of Network Covert Channels in Agentless Systems
M. Zuppelli, M. Repetto, A. Schaffhauser, W. Mazurczyk, L. Caviglione
The growing interest in agentless and serverless environments for the implementation of virtual/container network functions makes monitoring and inspection of network services challenging tasks. A maj...
CNR@People | DOI: 10.1109/TNSM.2022.3176752
2022, Journal article
IPv6CC: IPv6 Covert Channels for Testing Networks Against Stegomalware and Data Exfiltration
L. Caviglione, A. Schaffhauser, M. Zuppelli, W. Mazurczyk
IPv6CC is a suite of network covert channels targeting the IPv6 protocol. Its main scope is supporting penetration test campaigns to evaluate the security of a system against emerging information-hidi...
CNR@People | DOI: 10.1016/j.softx.2022.100975
2021, Journal article
An Effective and Efficient Approach to Improve Visibility Over Network Communications
Marco Zuppelli, Alessandro Carrega, Matteo Repetto
Modern applications and services increasingly leverage network infrastructures, cyber-physical systems and distributed computing paradigms to offer unprecedented pervasive and immersive experience to ...
CNR@People | DOI: 10.22667/JOWUA.2021.12.31.089
2021, Journal article
Covert Channels in Transport Layer Security: Performance and Security Assessment
Corinna Heinz, Marco Zuppelli, Luca Caviglione
The ability of creating covert channels within network traffic is now largely exploited by malware to elude detection, remain unnoticed while exfiltrating data or coordinating an attack. As a conseque...
CNR@People | DOI: 10.22667/JOWUA.2021.12.31.022
2021, Journal article
Kernel-level Tracing for Detecting Stegomalware and Covert Channels in Linux Environments
Luca Caviglione, Wojciech Mazurczyk, Matteo Repetto, Andreas Schaffhauser, and Marco Zuppelli
Modern malware is becoming hard to spot since attackers are increasingly adopting new techniques to elude signature- and rule-based detection mechanisms. Among the others, steganography and informatio...
CNR@People | DOI: 10.1016/j.comnet.2021.108010
2022, Conference posters
Are We Protected Against Network Covert Channels?
Marco Zuppelli
Information-hiding-based techniques like covert channels are increasingly used by attackers to conceal malware in different carriers, such as images or inter-process communication services. These tech...
CNR@People | Link
2022, Conference communications
Strumenti Intelligenti per Threat Detection e Response
Francesco Sergio Pisani, Silvia Biasotti, Nunziato Cassavia, Luca Caviglione, Gianluigi Folino, Massimo Guarascio, Giuseppe Manco, Marco Zuppelli
L'identificazione tempestiva di attacchi o software malevoli, la mitigazione del rischio, e la condivi- sione di informazioni per la "threat intelligence", rappresentano temi di estremo interesse in a...
CNR@People | Link
2021, Conference proceedings
bccstego: A Framework for Investigating Network Covert Channels
M. Repetto, L. Caviglione, M. Zuppelli
Modern malware increasingly exploits information hiding to re- main undetected while attacking. To this aim, network covert channels, i.e., hidden communication paths established within legitimate flo...
CNR@People | Link
2021, Conference proceedings
Code Augmentation for Detecting Covert Channels Targeting the IPv6 Flow Label
L. Caviglione, M. Zuppelli, W. Mazurczyk, A. Schaffhauser, M. Repetto
Information hiding is at the basis of a new-wave of malware able to elude common detection mechanisms or remain unnoticed for long periods. To this aim, a key approach exploits network covert channels...
CNR@People | DOI: 10.1109/NetSoft51509.2021.9492661
2021, Conference proceedings
Detecting Covert Channels Through Code Augmentation
M. Zuppelli, L. Caviglione, M. Repetto
Modern malware increasingly exploits information hiding or steganography to elude security frameworks and remain unnoticed for long periods. To this aim, a prime technique relies upon the ability of c...
CNR@People
2021, Conference proceedings
pcapStego: A Tool for Generating Traffic Traces for Experimenting with Network Covert Channels
M. Zuppelli, L. Caviglione
The increasing diffusion of malware endowed with steganographic and cloaking capabilities requires tools and techniques for conducting research activities, testing real deployments and elaborating mit...
CNR@People | Link
2021, Conference communications
Rilevamento Efficiente di Covert Channel Preservando la Riservatezza del Traffico
Marzo Zuppelli, Luca Caviglione, Corrado Pizzi, Matteo Repetto
Sempre più spesso, i malware sfruttano i covert channel di rete per agire indisturbati ed aggirare i sistemi standard di rilevazione. Identificare questo tipo di comunicazioni richiede la racco...
CNR@People | Link
2021, Conference proceedings
Sanitization of Images Containing Stegomalware via Machine Learning Approaches
M. Zuppelli, G. Manco, L. Caviglione, M. Guarascio
In recent years, steganographic techniques have become increasingly exploited by malware to avoid detection and remain unnoticed for long periods. Among the various approaches observed in real attacks...
CNR@People
2020, Conference proceedings
Programmable Data Gathering for Detecting Stegomalware
A. Carrega, L. Caviglione, M. Repetto and M. Zuppelli
The "arm race" against malware developers re- quires to collect a wide variety of performance measurements, for instance to face threats leveraging information hiding and steganography. Unfortunately,...
CNR@People
Are We Protected Against Network Covert Channels?
Marco Zuppelli
Information-hiding-based techniques like covert channels are increasingly used by attackers to conceal malware in different carriers, such as images or inter-process communication services. These tech...
CNR@People | Link
2022, Conference communications
Strumenti Intelligenti per Threat Detection e Response
Francesco Sergio Pisani, Silvia Biasotti, Nunziato Cassavia, Luca Caviglione, Gianluigi Folino, Massimo Guarascio, Giuseppe Manco, Marco Zuppelli
L'identificazione tempestiva di attacchi o software malevoli, la mitigazione del rischio, e la condivi- sione di informazioni per la "threat intelligence", rappresentano temi di estremo interesse in a...
CNR@People | Link
2021, Conference proceedings
bccstego: A Framework for Investigating Network Covert Channels
M. Repetto, L. Caviglione, M. Zuppelli
Modern malware increasingly exploits information hiding to re- main undetected while attacking. To this aim, network covert channels, i.e., hidden communication paths established within legitimate flo...
CNR@People | Link
2021, Conference proceedings
Code Augmentation for Detecting Covert Channels Targeting the IPv6 Flow Label
L. Caviglione, M. Zuppelli, W. Mazurczyk, A. Schaffhauser, M. Repetto
Information hiding is at the basis of a new-wave of malware able to elude common detection mechanisms or remain unnoticed for long periods. To this aim, a key approach exploits network covert channels...
CNR@People | DOI: 10.1109/NetSoft51509.2021.9492661
2021, Conference proceedings
Detecting Covert Channels Through Code Augmentation
M. Zuppelli, L. Caviglione, M. Repetto
Modern malware increasingly exploits information hiding or steganography to elude security frameworks and remain unnoticed for long periods. To this aim, a prime technique relies upon the ability of c...
CNR@People
2021, Conference proceedings
pcapStego: A Tool for Generating Traffic Traces for Experimenting with Network Covert Channels
M. Zuppelli, L. Caviglione
The increasing diffusion of malware endowed with steganographic and cloaking capabilities requires tools and techniques for conducting research activities, testing real deployments and elaborating mit...
CNR@People | Link
2021, Conference communications
Rilevamento Efficiente di Covert Channel Preservando la Riservatezza del Traffico
Marzo Zuppelli, Luca Caviglione, Corrado Pizzi, Matteo Repetto
Sempre più spesso, i malware sfruttano i covert channel di rete per agire indisturbati ed aggirare i sistemi standard di rilevazione. Identificare questo tipo di comunicazioni richiede la racco...
CNR@People | Link
2021, Conference proceedings
Sanitization of Images Containing Stegomalware via Machine Learning Approaches
M. Zuppelli, G. Manco, L. Caviglione, M. Guarascio
In recent years, steganographic techniques have become increasingly exploited by malware to avoid detection and remain unnoticed for long periods. Among the various approaches observed in real attacks...
CNR@People
2020, Conference proceedings
Programmable Data Gathering for Detecting Stegomalware
A. Carrega, L. Caviglione, M. Repetto and M. Zuppelli
The "arm race" against malware developers re- quires to collect a wide variety of performance measurements, for instance to face threats leveraging information hiding and steganography. Unfortunately,...
CNR@People
