Fabio Pierazzi

Office 109

169 Euston Rd.

UCL, London

I am invested into understanding how AI can be used to improve systems security tasks, with a particular emphasis on settings in which attackers adapt quickly to new defenses. In this context, I am currently exploring how to measure, mitigate and prevent concept drift in ML-based detection systems; how to measure and improve robustness of systems to adversarial attacks while taking into account problem-space constraints (such as preserving semantics of modified code); and how to explain what these systems are doing, both from an attacker’s and a defender’s perspective.

I also care deeply about the practicality of our proposed solutions, and on understanding implications and limitations of using AI in the context of computer security. To this purpose, I also regularly engage and collaborate with industry. I mostly work on malware analysis and network traffic, but I am becoming more interested in understanding inner workings of AI and ML models to improve their trustworthiness in more general security scenarios.

I am always looking for motivated students and collaborators passionate about these topics. If you are interested in joining my team, or even just visiting, have a look here.

news

May 30, 2025	Two deadlines (June 2nd and 15th) for fully-funded Home Studentship at UCL: see here.
May 25, 2025	I will be Track Co-Chair at ACM CCS 2026 for the “Machine Learning and Security” track.
Apr 2, 2025	The extension of our problem-space attacks paper has been accepted at TOPS
Mar 10, 2025	We got a paper accepted at SaTML25 - see here
Mar 4, 2025	Updated opportunities for fully-funded Home Studentship at UCL: see here

selected publications

2025

IEEE SaTML

Yigitcan Kaya, Yizheng Chen, Marcus Botacin, Shoumik Saha, Fabio Pierazzi, Lorenzo Cavallaro, David Wagner, and Tudor Dumitras , "ML-Based Behavioral Malware Detection Is Far From a Solved Problem" , In IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), 2025

Bib PDF Website

@inproceedings{kaya2025satml,
  title = {ML-Based Behavioral Malware Detection Is Far From a Solved Problem},
  author = {Kaya, Yigitcan and Chen, Yizheng and Botacin, Marcus and Saha, Shoumik and Pierazzi, Fabio and Cavallaro, Lorenzo and Wagner, David and Dumitras, Tudor},
  booktitle = {{IEEE} Conference on Secure and Trustworthy Machine Learning ({SaTML})},
  year = {2025},
}

ACM TOPS

Jacopo Cortellazzi, Feargus Pendlebury, Daniel Arp, Erwin Quiring, Fabio Pierazzi, and Lorenzo Cavallaro , "Intriguing properties of adversarial ML attacks in the problem space [Extended Version]" , In ACM Transactions on Privacy and Security (TOPS), 2025

Bib Code Website

@inproceedings{cortellazzi2025intriguing,
  title = {Intriguing properties of adversarial ML attacks in the problem space [Extended Version]},
  author = {Cortellazzi, Jacopo and Pendlebury, Feargus and Arp, Daniel and Quiring, Erwin and Pierazzi, Fabio and Cavallaro, Lorenzo},
  booktitle = {{ACM} Transactions on Privacy and Security ({TOPS})},
  year = {2025},
  organization = {ACM},
}

2024

RAID

Ilias Tsingenopoulos, Jacopo Cortellazzi, Branislav Bošanský, Simone Aonzo, Davy Preuveneers, Wouter Joosen, Fabio Pierazzi, and Lorenzo Cavallaro , "How to Train your Antivirus: RL-based Hardening through the Problem Space" , In Proc. of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2024

Bib PDF

@inproceedings{ilias2024train,
  title = {How to Train your Antivirus: RL-based Hardening through the Problem Space},
  author = {Tsingenopoulos, Ilias and Cortellazzi, Jacopo and Bošanský, Branislav and Aonzo, Simone and Preuveneers, Davy and Joosen, Wouter and Pierazzi, Fabio and Cavallaro, Lorenzo},
  year = {2024},
  booktitle = {Proc. of the International Symposium on Research in Attacks, Intrusions and Defenses ({RAID})},
}

DLSP

Shae McFadden, Marcello Maugeri, Chris Hicks, Vasilis Mavroudis, and Fabio Pierazzi , "Wendigo: Deep Reinforcement Learning for Denial-of-Service Query Discovery in GraphQL" , In Proc. of the IEEE Workshop on Deep Learning Security and Privacy (DLSP), 2024

Bib PDF Code

@inproceedings{mcfadden2024wendigo,
  title = {Wendigo: Deep Reinforcement Learning for Denial-of-Service Query Discovery in GraphQL},
  author = {McFadden, Shae and Maugeri, Marcello and Hicks, Chris and Mavroudis, Vasilis and Pierazzi, Fabio},
  booktitle = {Proc. of the {IEEE} Workshop on Deep Learning Security and Privacy ({DLSP})},
  year = {2024},
}

2023

AISec

Theo Chow, Zeliang Kan, Lorenz Linhardt, Lorenzo Cavallaro, Daniel Arp, and Fabio Pierazzi , "Drift Forensics of Malware Classifiers" , In Proc. of the ACM Workshop on Artificial Intelligence and Security (AISec), 2023

Bib PDF Code

@inproceedings{chow2023driftforensics,
  title = {Drift Forensics of Malware Classifiers},
  author = {Chow, Theo and Kan, Zeliang and Linhardt, Lorenz and Cavallaro, Lorenzo and Arp, Daniel and Pierazzi, Fabio},
  booktitle = {Proc. of the {ACM} Workshop on Artificial Intelligence and Security ({AISec})},
  year = {2023},
}

IEEE SaTML

Giovanni Apruzzese, Hyrum S Anderson, Savino Dambra, David Freeman, Fabio Pierazzi, and Kevin Roundy , "“Real Attackers Don’t Compute Gradients”: Bridging the Gap Between Adversarial ML Research and Practice" , In IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), 2023
Position Paper

Bib PDF Website

@inproceedings{apruzzese2023real,
  title = {{“Real Attackers Don't Compute Gradients”: Bridging the Gap Between Adversarial ML Research and Practice}},
  author = {Apruzzese, Giovanni and Anderson, Hyrum S and Dambra, Savino and Freeman, David and Pierazzi, Fabio and Roundy, Kevin},
  booktitle = {{IEEE} Conference on Secure and Trustworthy Machine Learning ({SaTML})},
  pages = {339--364},
  year = {2023},
  organization = {IEEE},
  note = {<br/><span class="badge badge-warning">Position Paper</span>}
}

2022

USENIX Sec

Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, and Konrad Rieck , "Dos and don’ts of machine learning in computer security" , In Proc. of USENIX Security Symposium, 2022
Distinguished Paper Award

arXiv Bib PDF Website

@inproceedings{ArpQuiPen+22,
  title = {Dos and don'ts of machine learning in computer security},
  author = {Arp, Daniel and Quiring, Erwin and Pendlebury, Feargus and Warnecke, Alexander and Pierazzi, Fabio and Wressnegger, Christian and Cavallaro, Lorenzo and Rieck, Konrad},
  booktitle = {Proc. of {USENIX} Security Symposium},
  year = {2022},
  note = {<br/><span class="badge badge-primary">Distinguished Paper Award</span>}
}

2020

IEEE S&P

Fabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, and Lorenzo Cavallaro , "Intriguing properties of adversarial ML attacks in the problem space" , In IEEE Symposium on Security and Privacy (S&P), 2020

Bib PDF Code Website

@inproceedings{pierazzi2020intriguing,
  title = {Intriguing properties of adversarial ML attacks in the problem space},
  author = {Pierazzi, Fabio and Pendlebury, Feargus and Cortellazzi, Jacopo and Cavallaro, Lorenzo},
  booktitle = {{IEEE} Symposium on Security and Privacy ({S\&P})},
  pages = {1332--1349},
  year = {2020},
  organization = {IEEE},
}

2019

USENIX Sec

Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro , "TESSERACT: Eliminating experimental bias in malware classification across space and time" , In Proc. of USENIX Security Symposium, 2019

Bib PDF Code Website

@inproceedings{pendlebury2019tesseract,
  title = {TESSERACT: Eliminating experimental bias in malware classification across space and time},
  author = {Pendlebury, Feargus and Pierazzi, Fabio and Jordaney, Roberto and Kinder, Johannes and Cavallaro, Lorenzo},
  booktitle = {Proc. of {USENIX} Security Symposium},
  year = {2019},
}