Publications

My profiles

• Google Scholar
• Research Gate
• Scopus
• ORCID

List of Publications

• A Closer Look at Modern Evasive Phishing Emails
  E. Boulila, M. Dacier, S. P. V. Peroumal, N. Veys, S. Aonzo
  IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2025
  • [PDF] [BibTeX]
• The Dark Side of Native Code on Android
  A. Ruggia, A. Possemato, S. Dambra, A. Merlo, S. Aonzo, D. Balzarotti
  ACM Transactions on Privacy and Security (TOPS), 2025
  • [PDF] [BibTeX]
• How to Train your Antivirus: RL-based Hardening through the Problem Space
  I. Tsingenopoulos, J. Cortellazzi, B. Bošanský, S. Aonzo, D. Preuveneers, W. Joosen, F. Pierazzi, L. Cavallaro
  International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2024
  • [PDF] [BibTeX]
• Unmasking the Veiled: A Comprehensive Analysis of Android Evasive Malware
  A. Ruggia, D. Nisi, S. Dambra, A. Merlo, D. Balzarotti, S. Aonzo
  ACM Asia conference on Computer and Communications Security (ASIACCS), 2024
  • [PDF] [BibTeX]
• Decoding the Secrets of Machine Learning in Malware Classification: A Deep Dive into Datasets, Feature Extraction, and Model Performance
  S. Dambra, Y. Han, S. Aonzo, P. Kotzias, A. Vitale, J. Caballero, D. Balzarotti, L. Bilge
  ACM Conference on Computer and Communications Security (CCS), 2023
  • [PDF] [BibTeX] [Slides]
• Android, notify me when it is time to go phishing
  A. Ruggia, A. Possemato, A. Merlo, D. Nisi, and S. Aonzo
  IEEE European Symposium on Security and Privacy (EUROS&P), 2023
  • [PDF] [BibTeX]
  • Press: s3blogpost, EurecomMedium, WiredIT
• Humans vs. Machines in Malware Classification
  S. Aonzo, Y. Han, A. Mantovani, D. Balzarotti
  USENIX Security Symposium (USENIX-Security), 2023
  • [PDF] [BibTeX] [Slides] [Video]
• RE-Mind: a First Look Inside the Mind of a Reverse Engineer
  A. Mantovani, S. Aonzo, Y. Fratantonio, D. Balzarotti
  USENIX Security Symposium (USENIX-Security), 2022
  • [PDF] [BibTeX] [Slides] [Video]
• Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization
  A. Possemato, S. Aonzo, D. Balzarotti, Y. Fratantonio
  IEEE Symposium on Security and Privacy (S&P), 2021
  • [PDF] [BibTeX] [Video]
• Longitudinal study of the prevalence of malware evasive techniques
  L. Maffia, D. Nisi, P. Kotzias, G. Lagorio, S. Aonzo, D Balzarotti
  arXiv preprint, 2021
  • [PDF] [BibTeX]
• Prevalence and impact of low-entropy packing schemes in the malware ecosystem
  A. Mantovani, S. Aonzo, X. Ugarte-Pedrero, A. Merlo, D. Balzarotti
  Network and Distributed System Security (NDSS), 2020
  • [PDF] [BibTeX]
  • Press: Talosintelligence Blog
• Obfuscapk: An open-source black-box obfuscation tool for Android apps
  S. Aonzo, G. C. Georgiu, L. Verderame, A. Merlo
  SoftwareX, Volume 11, 2020
  • [PDF] [BibTeX]
  • Website: https://github.com/Obfuscapk
• Droids in Disarray: Detecting Frame Confusion in Hybrid Android Apps
  D. Caputo, L. Verderame, S. Aonzo, A. Merlo
  IFIP Conference on Data and Applications Security and Privacy (DBSec), 2019
  • [PDF] [BibTeX] [Slides]
• Phishing Attacks on Modern Android S. Aonzo, A. Merlo, G. Tavella, Y. Fratantonio ACM Conference on Computer and Communications Security (CCS), 2018
  • [PDF] [BibTeX] [Video] [Slides]
  • Website: http://www.s3.eurecom.fr/projects/modern-android-phishing/
  • Press: SlashDot, The Register, Threat Post, ZDNet, Duo Security, Naked Security, Keeper Security, LastPass, Corriere della Sera [ITA]
• Low-Resource Footprint, Data-driven Malware Detection on Android
  S. Aonzo, A. Merlo, M. Migliardi, L. Oneto, F. Palmieri
  IEEE Transaction on Sustainable Computing, 2015
  • [PDF] [BibTeX]
• RmPerm: a Tool for Android Permissions Removal
  S. Aonzo, G. Lagorio, A. Merlo
  International Conference on Security and Cryptography (SECRYPT), 2017
  • [PDF] [BibTeX]
  • Website: https://github.com/RmPerm

Ph.D. Thesis in Computer Science and Systems Engineering

• Novel Attacks and Defenses in the Userland of Android, 2019
  • [PDF] [Slides]