Igino Corona

Igino Corona received the M.Sc. Degree in Electronic Engineering from the University of Cagliari, in October 2006. In his MSc thesis (in Italian), he discussed the design and the implementation (in Python and C++ programming languages) of an anomaly-based, unsupervised Intrusion Detection System for the analysis of the HTTP traffic. The Clusit Association rewarded this work as one of the best Italian research thesis on computer system security.

 

Since February 2007, he is a member of the Pattern Recognition and Applications Group (Dept. of Electrical and Electronic Engineering). In the period January/June 2009 he worked with the research group headed by Prof. Wenke Lee, Georgia Institute of Technology, Altlanta, USA) as a visiting PhD student. During such a period, Igino Corona and Roberto Perdisci developed Flux Buster, an advanced system which is able to detect fast flux service networks by means of passive analysis of DNS traffic in large networks.

 

In march 2010 Igino Corona received the PhD degree in Computer Engineering from the University of Cagliari, with the following dissertation: Detection of web-based attacks. Igino Corona is manager of the Computer Security Technical Committee of the GIRPR (Italian Group of Pattern Recognition researchers, affiliated to IAPR) and one of the organizers of the  International School on Computer Security & Privacy that will be held in August 2012. Igino Corona is the author of SuStorID, an advanced intrusion detection system for web services based on machine learning, released in January 2012 under open source licence.

Teaching

• Computer Security MSc Electronic Engineering and Telecommunications, PhD Computer Engineering
• Operating Systems MSc Electronic Engineering and Telecommunications, Prof. Giacinto
• Artificial Intelligence, MSc Electronic Engineering and Telecommunications, Prof. Roli

Research interests at-large involve all aspects of computer security. In particular, most of interest regards the detection of security violations:

• Web Intrusion Detection
• Detection of Fast Flux Networks and automatic classification of illicit activities supported by such networks
• Ideation, development, and testing of advanced Intrusion Detection Systems (IDS)
• Anomaly Detection paradigm to spot both known and unknown threats
• Pattern Recognition techniques to create IDS based on machine learning
• Multiple Classifier Systems to enhance the reliability and the robustness of IDS
• Learning in Adversarial Environment to provide for a reliable IDS training using real time traffic

In order to ease the comparison of experimental results and allow security administrators to better protect their machines, most of programs ideated and developed by Igino Corona will be offered with open-source licence. 

Currently, the following tools are available:

• HMM-Web: a framework to the detection of web attacks
• SuStorID: anomaly-based Web Intrusion Protection system
• Modsecurity for SuStorID: extended version of modsecurity which is able to interact with SuStorID

On the other hand, the following tools are currently being developed/improved/documented (they will be available soon):

• D1gg3r: high-performance, active probing and detection of fast flux domain names
• WebInspector: automatic classification of content hosted by fast flux networks