Fabio Pierazzi

Office 109

169 Euston Rd.

UCL, London

I am invested into understanding how AI can be used to improve systems security tasks, with a particular emphasis on settings in which attackers adapt quickly to new defenses. In this context, I am currently exploring how to measure, mitigate and prevent concept drift in ML-based detection systems; how to measure and improve robustness of systems to adversarial attacks while taking into account problem-space constraints (such as preserving semantics of modified code); and how to explain what these systems are doing, both from an attacker’s and a defender’s perspective.

I also care deeply about the practicality of our proposed solutions, and on understanding implications and limitations of using AI in the context of computer security. To this purpose, I also regularly engage and collaborate with industry. I mostly work on malware analysis and network traffic, but I am becoming more interested in understanding inner workings of AI and ML models to improve their trustworthiness in more general security scenarios.

I am always looking for motivated students and collaborators passionate about these topics. If you are interested in joining my team, or even just visiting, have a look here.

news

Jan 31, 2025	Opportunity for fully-funded Home Studentship at UCL: see here
Nov 1, 2024	I joined UCL Computer Science as Associate Professor in Information Security.
Oct 20, 2024	Shae got a paper accepted at ARTMAN (co-located with ACSAC).
Sep 20, 2024	Jacopo successfully passed his Ph.D. viva, with the usual minor amendments!
Sep 15, 2024	New papers accepted at two CCS Workshops: AISec24 and CPSIoTSec24.

selected publications

2024

DLSP

Shae McFadden, Marcello Maugeri, Chris Hicks, Vasilis Mavroudis, and Fabio Pierazzi , "Wendigo: Deep Reinforcement Learning for Denial-of-Service Query Discovery in GraphQL" , In Proc. of the IEEE Workshop on Deep Learning Security and Privacy (DLSP), 2024

Bib PDF Code

@inproceedings{mcfadden2024wendigo,
  title = {Wendigo: Deep Reinforcement Learning for Denial-of-Service Query Discovery in GraphQL},
  author = {McFadden, Shae and Maugeri, Marcello and Hicks, Chris and Mavroudis, Vasilis and Pierazzi, Fabio},
  booktitle = {Proc. of the {IEEE} Workshop on Deep Learning Security and Privacy ({DLSP})},
  year = {2024},
}

2023

AISec

Theo Chow, Zeliang Kan, Lorenz Linhardt, Lorenzo Cavallaro, Daniel Arp, and Fabio Pierazzi , "Drift Forensics of Malware Classifiers" , In Proc. of the ACM Workshop on Artificial Intelligence and Security (AISec), 2023

Bib PDF Code

@inproceedings{chow2023driftforensics,
  title = {Drift Forensics of Malware Classifiers},
  author = {Chow, Theo and Kan, Zeliang and Linhardt, Lorenz and Cavallaro, Lorenzo and Arp, Daniel and Pierazzi, Fabio},
  booktitle = {Proc. of the {ACM} Workshop on Artificial Intelligence and Security ({AISec})},
  year = {2023},
}

IEEE SaTML

Giovanni Apruzzese, Hyrum S Anderson, Savino Dambra, David Freeman, Fabio Pierazzi, and Kevin Roundy , "“Real Attackers Don’t Compute Gradients”: Bridging the Gap Between Adversarial ML Research and Practice" , In IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), 2023
Position Paper

Bib PDF Website

@inproceedings{apruzzese2023real,
  title = {{“Real Attackers Don't Compute Gradients”: Bridging the Gap Between Adversarial ML Research and Practice}},
  author = {Apruzzese, Giovanni and Anderson, Hyrum S and Dambra, Savino and Freeman, David and Pierazzi, Fabio and Roundy, Kevin},
  booktitle = {{IEEE} Conference on Secure and Trustworthy Machine Learning ({SaTML})},
  pages = {339--364},
  year = {2023},
  organization = {IEEE},
  note = {<br/><span class="badge badge-warning">Position Paper</span>}
}

2022

USENIX Sec

Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, and Konrad Rieck , "Dos and don’ts of machine learning in computer security" , In Proc. of USENIX Security Symposium, 2022
Distinguished Paper Award

arXiv Bib PDF Website

@inproceedings{ArpQuiPen+22,
  title = {Dos and don'ts of machine learning in computer security},
  author = {Arp, Daniel and Quiring, Erwin and Pendlebury, Feargus and Warnecke, Alexander and Pierazzi, Fabio and Wressnegger, Christian and Cavallaro, Lorenzo and Rieck, Konrad},
  booktitle = {Proc. of {USENIX} Security Symposium},
  year = {2022},
  note = {<br/><span class="badge badge-primary">Distinguished Paper Award</span>}
}

2020

IEEE S&P

Fabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, and Lorenzo Cavallaro , "Intriguing properties of adversarial ML attacks in the problem space" , In IEEE Symposium on Security and Privacy (S&P), 2020

Bib PDF Code Website

@inproceedings{pierazzi2020intriguing,
  title = {Intriguing properties of adversarial ML attacks in the problem space},
  author = {Pierazzi, Fabio and Pendlebury, Feargus and Cortellazzi, Jacopo and Cavallaro, Lorenzo},
  booktitle = {{IEEE} Symposium on Security and Privacy ({S\&P})},
  pages = {1332--1349},
  year = {2020},
  organization = {IEEE},
}

2019

USENIX Sec

Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro , "TESSERACT: Eliminating experimental bias in malware classification across space and time" , In Proc. of USENIX Security Symposium, 2019

Bib PDF Code Website

@inproceedings{pendlebury2019tesseract,
  title = {TESSERACT: Eliminating experimental bias in malware classification across space and time},
  author = {Pendlebury, Feargus and Pierazzi, Fabio and Jordaney, Roberto and Kinder, Johannes and Cavallaro, Lorenzo},
  booktitle = {Proc. of {USENIX} Security Symposium},
  year = {2019},
}