Battista Biggio

Battista Biggio

Associate Professor at University of Cagliari (Italy), Co-Founder of Pluribus One. Security of Machine Learning, CyberSecurity & Computer Vision.

Publications

For a more updated list of papers and citations, please check also my Google Scholar profile page at https://scholar.google.it/citations?user=OoUIOYwAAAAJ&hl=en

Pre-prints

  1. F. Villani, D. Lazzaro, A. E. Cinà, M. Dell’Amico, B. Biggio, and F. Roli. Sonic: Fast and Transferable Data Poisoning on Clustering Algorithms. arXiv preprint arXiv:2408.07558, 2024.
  2. A. E. Cinà, F. Villani, M. Pintor, L. Schönherr, B. Biggio, and M. Pelillo. σ-zero: Gradient-based Optimization of $\ell _0 $-norm Adversarial Examples. ArXiv e-prints, 2024.
  3. Z. Chen, L. Demetrio, S. Gupta, X. Feng, Z. Xia, A. E. Cinà, M. Pintor, L. Oneto, A. Demontis, B. Biggio, and F. Roli. Over-parameterization and Adversarial Robustness in Neural Networks: An Overview and Empirical Analysis. arXiv preprint arXiv:2406.10090, 2024.
  4. E. Ledda, G. Scodeller, D. Angioni, G. Piras, A. E. Cinà, G. Fumera, B. Biggio, and F. Roli. On the Robustness of Adversarial Training Against Uncertainty Attacks. arXiv preprint arXiv:2410.21952, 2024.
  5. R. Mura, G. Floris, L. Scionis, G. Piras, M. Pintor, A. Demontis, G. Giacinto, B. Biggio, and F. Roli. HO-FMN: Hyperparameter Optimization for Fast Minimum-Norm Attacks. arXiv preprint arXiv:2407.08806, 2024.
  6. D. Gibert, L. Demetrio, G. Zizzo, Q. Le, J. Planes, and B. Biggio. Certified Adversarial Robustness of Machine Learning-based Malware Detectors via (De) Randomized Smoothing. arXiv preprint arXiv:2405.00392, 2024.
  7. A. E. Cinà, J. Rony, M. Pintor, L. Demetrio, A. Demontis, B. Biggio, I. B. Ayed, and F. Roli. AttackBench: Evaluating Gradient-based Attacks for Adversarial Examples. arXiv preprint arXiv:2404.19460, 2024.
  8. G. Piras, M. Pintor, A. Demontis, B. Biggio, G. Giacinto, and F. Roli. Adversarial Pruning: A Survey and Benchmark of Pruning Methods for Adversarial Robustness. arXiv preprint arXiv:2409.01249, 2024.
  9. B. Montaruli, L. Demetrio, A. Valenza, B. Biggio, L. Compagna, D. Balzarotti, D. Ariu, and L. Piras. Adversarial ModSecurity: Countering Adversarial SQL Injections with Robust Machine Learning. ArXiv e-prints, 2023.
  10. A. E. Cinà, A. Demontis, B. Biggio, F. Roli, and M. Pelillo. Energy-latency attacks via sponge poisoning. arXiv preprint arXiv:2203.08147, 2022.
  11. A. Demontis, M. Pintor, L. Demetrio, K. Grosse, H.-Y. Lin, C. Fang, B. Biggio, and F. Roli. A survey on reinforcement learning security with application to autonomous driving. ArXiv e-prints, 2022.
  12. L. Demetrio and B. Biggio. secml-malware: Pentesting Windows Malware Classifiers with Adversarial EXEmples in Python. arXiv preprint arXiv:2104.12848, 2021.
  13. A. E. Cinà, K. Grosse, S. Vascon, A. Demontis, B. Biggio, F. Roli, and M. Pelillo. Backdoor learning curves: Explaining backdoor poisoning beyond influence functions. arXiv preprint arXiv:2106.07214, 2021.

Journal Papers

  1. Z. Li, H. Chen, B. Biggio, Y. He, H. Cai, F. Roli, and L. Xie. Toward Effective Traffic Sign Detection via Two-Stage Fusion Neural Networks. IEEE Transactions on Intelligent Transportation Systems, 25(8):8283-8294, 2024.
  2. H. Eghbal-Zadeh, W. Zellinger, M. Pintor, K. Grosse, K. Koutini, B. A. Moser, B. Biggio, and G. Widmer. Rethinking data augmentation for adversarial robustness. Information Sciences, 654:119838, 2024.
  3. D. Trizna, L. Demetrio, B. Biggio, and F. Roli. Nebula: Self-Attention for Dynamic Malware Analysis. IEEE Transactions on Information Forensics and Security, 19:6155-6167, 2024.
  4. A. E. Cina, K. Grosse, A. Demontis, B. Biggio, F. Roli, and M. Pelillo. Machine Learning Security Against Data Poisoning: Are We There Yet?. IEEE Computer, 57(03):26-34, mar 2024.
  5. B. Biggio. Machine Learning in Computer Security is Difficult to Fix. Commun. ACM, 67(11):103, October 2024.
  6. A. E. Cinà, K. Grosse, A. Demontis, S. Vascon, W. Zellinger, B. A. Moser, A. Oprea, B. Biggio, M. Pelillo, and F. Roli. Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning. ACM Comput. Surv., 55(13s):294:1–294:39, jul 2023.
  7. Y. Zheng, X. Feng, Z. Xia, X. Jiang, A. Demontis, M. Pintor, B. Biggio, and F. Roli. Why adversarial reprogramming works, when it fails, and how to tell the difference. Information Sciences, 632:130-143, 2023.
  8. Y. Mirsky, A. Demontis, J. Kotak, R. Shankar, D. Gelei, L. Yang, X. Zhang, M. Pintor, W. Lee, Y. Elovici, and B. Biggio. The Threat of Offensive AI to Organizations. Computers & Security, 124:103006, 2023.
  9. Y. Zheng, X. Feng, Z. Xia, X. Jiang, M. Pintor, A. Demontis, B. Biggio, and F. Roli. Stateful detection of adversarial reprogramming. Information Sciences, 642:119093, 2023.
  10. K. Grosse, L. Bieringer, T. R. Besold, B. Biggio, and K. Krombholz. Machine Learning Security in Industry: A Quantitative Survey. IEEE Transactions on Information Forensics and Security, 18:1749-1762, 2023.
  11. M. Pintor, D. Angioni, A. Sotgiu, L. Demetrio, A. Demontis, B. Biggio, and F. Roli. ImageNet-Patch: A Dataset for Benchmarking Machine Learning Robustness against Adversarial Patches. Pattern Recognition, 134:109064, 2023.
  12. Y. Zheng, L. Demetrio, A. E. Cinà, X. Feng, Z. Xia, X. Jiang, A. Demontis, B. Biggio, and F. Roli. Hardening RGB-D object recognition systems against adversarial patch attacks. Information Sciences, 651:119701, 2023.
  13. L. Oneto, N. Navarin, B. Biggio, F. Errica, A. Micheli, F. Scarselli, M. Bianchini, L. Demetrio, P. Bongini, A. Tacchella, and A. Sperduti. Towards Learning Trustworthily, Automatically, and with Guarantees on Graphs: An Overview. Neurocomputing, 493:217-243, 2022.
  14. M. Pintor, L. Demetrio, A. Sotgiu, M. Melis, A. Demontis, and B. Biggio. secml: Secure and explainable machine learning in Python. SoftwareX, 18:101095, 2022.
  15. M. Kravchik, L. Demetrio, B. Biggio, and A. Shabtai. Practical Evaluation of Poisoning Attacks on Online Anomaly Detectors in Industrial Control Systems. Computers & Security, 122:102901, 2022.
  16. L. Demetrio, B. Biggio, and F. Roli. Practical Attacks on Machine Learning: A Case Study on Adversarial Windows Malware. IEEE Security & Privacy, 20(05):77-85, sep 2022.
  17. F. Crecchi, M. Melis, A. Sotgiu, D. Bacciu, and B. Biggio. FADER: Fast Adversarial Example Rejection. Neurocomputing, 470:257-268, 2022.
  18. S. Melacci, G. Ciravegna, A. Sotgiu, A. Demontis, B. Biggio, M. Gori, and F. Roli. Domain Knowledge Alleviates Adversarial Attacks in Multi-Label Classifiers. IEEE Transactions on Pattern Analysis and Machine Intelligence, 44(12):9944-9959, 2022.
  19. M. Melis, M. Scalas, A. Demontis, D. Maiorca, B. Biggio, G. Giacinto, and F. Roli. Do Gradient-based Explanations Tell Anything about Adversarial Robustness to Android Malware?. International Journal of Machine Learning and Cybernetics, 13(1):217–232, 2022.
  20. K. Grosse, T. Lee, B. Biggio, Y. Park, M. Backes, and I. Molloy. Backdoor Smoothing: Demystifying Backdoor Attacks on Deep Neural Networks. Computers & Security, 120:102814, 2022.
  21. L. Demetrio, B. Biggio, G. Lagorio, F. Roli, and A. Armando. Functionality-Preserving Black-Box Optimization of Adversarial Windows Malware. IEEE Transactions on Information Forensics and Security, 16:3469-3478, 2021.
  22. P. Temple, G. Perrouin, M. Acher, B. Biggio, J.-M. Jézéquel, and F. Roli. Empirical Assessment of Generating Adversarial Configurations for Software Product Lines. Empirical Software Engineering, 2021.
  23. H.-Y. Lin and B. Biggio. Adversarial Machine Learning: Attacks From Laboratories to the Real World. Computer, 54(5):56-60, 2021.
  24. L. Demetrio, S. E. Coull, B. Biggio, G. Lagorio, A. Armando, and F. Roli. Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection. ACM Trans. Priv. Secur., September 2021.
  25. A. Sotgiu, A. Demontis, M. Melis, B. Biggio, G. Fumera, X. Feng, and F. Roli. Deep Neural Rejection against Adversarial Examples. EURASIP J. Information Security, 2020.
  26. D. Maiorca, A. Demontis, B. Biggio, F. Roli, and G. Giacinto. Adversarial Detection of Flash Malware: Limitations and Open Issues. Computers & Security, 96:101901, 2020.
  27. A. Demontis, M. Melis, B. Biggio, D. Maiorca, D. Arp, K. Rieck, I. Corona, G. Giacinto, and F. Roli. Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection. IEEE Transactions on Dependable and Secure Computing, 16(4):711-724, July 2019.
  28. D. Maiorca, B. Biggio, and G. Giacinto. Towards Adversarial Malware Detection: Lessons Learned from PDF-based Attacks. ACM Comput. Surv., 52(4):78:1–78:36, 2019.
  29. D. Maiorca and B. Biggio. Digital Investigation of PDF Files: Unveiling Traces of Embedded Malware. IEEE Security & Privacy, 17(01):63-71, Jan. 2019.
  30. B. Biggio and F. Roli. Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning. Pattern Recognition, 84:317-331, 2018.
  31. B. Biggio, G. Fumera, G. L. Marcialis, and F. Roli. Statistical Meta-Analysis of Presentation Attacks for Secure Multibiometric Systems. IEEE Transactions on Pattern Analysis and Machine Intelligence, 39(3):561-575, March 2017.
  32. S. Rota Bulò, B. Biggio, I. Pillai, M. Pelillo, and F. Roli. Randomized Prediction Games for Adversarial Machine Learning. IEEE Transactions on Neural Networks and Learning Systems, 28(11):2466-2478, 2017.
  33. A. Demontis, M. Melis, B. Biggio, G. Fumera, and F. Roli. Super-sparse Learning in Similarity Spaces. IEEE Computational Intelligence Magazine, 11(4):36-45, Nov 2016.
  34. F. Zhang, P.P.K. Chan, B. Biggio, D.S. Yeung, and F. Roli. Adversarial Feature Selection Against Evasion Attacks. IEEE Transactions on Cybernetics, 46(3):766-777, 2016.
  35. H. Xiao, B. Biggio, B. Nelson, H. Xiao, C. Eckert, and F. Roli. Support Vector Machines under Adversarial Label Contamination. Neurocomputing, Special Issue on Advances in Learning with Label Noise, 160(0):53 - 62, 2015.
  36. G. Ennas, B. Biggio, and M. C. Di Guardo. Data-driven Journal Meta-ranking in Business and Management. Scientometrics, 105(3):1911-1929, 2015.
  37. B. Biggio, G. Fumera, P. Russu, L. Didaci, and F. Roli. Adversarial Biometric Recognition: A review on biometric system security from the adversarial machine-learning perspective. IEEE Signal Processing Magazine, 32(5):31-41, Sept 2015.
  38. B. Biggio, G. Fumera, and F. Roli. Security Evaluation of Pattern Classifiers Under Attack. IEEE Transactions on Knowledge and Data Engineering, 26(4):984-996, April 2014.
  39. B. Biggio, G. Fumera, and F. Roli. Pattern Recognition Systems under Attack: Design Issues and Research Challenges. Int’l J. Patt. Recogn. Artif. Intell., 28(7):1460002, 2014.
  40. B. Biggio, Z. Akhtar, G. Fumera, G. L. Marcialis, and F. Roli. Security Evaluation of Biometric Authentication Systems under Real Spoofing Attacks. IET Biometrics, 1(1):11-24, March 2012.
  41. B. Biggio, G. Fumera, I. Pillai, and F. Roli. A Survey and Experimental Evaluation of Image Spam Filtering Techniques. Pattern Recognition Letters, 32(10):1436 - 1446, 2011.
  42. B. Biggio, G. Fumera, and F. Roli. Multiple Classifier Systems for Robust Classifier Design in Adversarial Environments. Int’l J. Mach. Learn. and Cybernetics, 1(1):27–41, 2010.

Conference Papers

  1. K. Grosse, L. Bieringer, T. R. Besold, B. Biggio, and A. Alahi. When Your AI Becomes a Target: AI Security Incidents and Best Practices. In Proceedings of the AAAI Conference on Artificial Intelligence, volume 38, 23041-23046. Mar. 2024.
  2. C. Scano, G. Floris, B. Montaruli, L. Demetrio, A. Valenza, L. Compagna, D. Ariu, L. Piras, D. Balzarotti, and B. Biggio. ModSec-Learn: Boosting ModSecurity with Machine Learning. In 21th Int’l Conf. Distributed Computing and Artificial Intelligence (DCAI). 2024.
  3. S. Gupta, D. Angioni, L. Schönherr, A. Demontis, and B. Biggio. BUILD: Buffer-free Incremental Learning with OOD Detection for the Wild. In ICML 2024 Workshop on Foundation Models in the Wild. 2024.
  4. G. Piras, M. Pintor, A. Demontis, and B. Biggio. Samples on Thin Ice: Re-evaluating Adversarial Pruning of Neural Networks. In International Conference on Machine Learning and Cybernetics, ICMLC. IEEE SMC, 2023.
  5. B. Montaruli, L. Demetrio, M. Pintor, L. Compagna, D. Balzarotti, and B. Biggio. Raze to the Ground: Query-Efficient Adversarial HTML Attacks on Machine-Learning Phishing Webpage Detectors. In Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security, AISec ‘23, 233–244. New York, NY, USA, 2023. Association for Computing Machinery.
  6. A. Shapira, A. Zolfi, L. Demetrio, B. Biggio, and A. Shabtai. Phantom Sponges: Exploiting Non-Maximum Suppression to Attack Deep Object Detectors. In IEEE/CVF Winter Conference on Applications of Computer Vision (WACV), 4560–4569. 2023.
  7. D. Lazzaro, A. E. Cinà, M. Pintor, A. Demontis, B. Biggio, F. Roli, and M. Pelillo. Minimizing Energy Consumption of Deep Learning Models by Energy-Aware Training. In G. L. Foresti, A. Fusiello, and E. Hancock, editors, Image Analysis and Processing – ICIAP 2023, 515–526. Cham, 2023. Springer Nature Switzerland.
  8. G. Floris, R. Mura, L. Scionis, G. Piras, M. Pintor, A. Demontis, and B. Biggio. Improving Fast Minimum-Norm Attacks with Hyperparameter Optimization. In ESANN. 2023.
  9. M. Pintor, L. Demetrio, A. Sotgiu, H.-Y. Lin, C. Fang, A. Demontis, and B. Biggio. Detecting Attacks against Deep Reinforcement Learning for Autonomous Driving. In International Conference on Machine Learning and Cybernetics, ICMLC. IEEE SMC, 2023.
  10. E. Ledda, D. Angioni, G. Piras, G. Fumera, B. Biggio, and F. Roli. Adversarial Attacks Against Uncertainty Quantification. In 2023 IEEE/CVF International Conference on Computer Vision Workshops (ICCVW), 4601-4610. October 2023.
  11. B. A. Moser, M. Lewandowski, S. Kargaran, W. Zellinger, B. Biggio, and C. Koutschan. Tessellation-Filtering ReLU Neural Networks. In L. D. Raedt, editor, Proceedings of the Thirty-First International Joint Conference on Artificial Intelligence, IJCAI-22, 3335–3341. International Joint Conferences on Artificial Intelligence Organization, 7 2022. Main Track.
  12. D. Angioni, L. Demetrio, M. Pintor, and B. Biggio. Robust Machine Learning for Malware Detection over Time. In ITASEC 2022, volume 3260 of CEUR-WS, 169-180. 2022.
  13. L. Bieringer, K. Grosse, M. Backes, B. Biggio, and K. Krombholz. Industrial practitioners’ mental models of adversarial machine learning. In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), 97–116. Boston, MA, August 2022. USENIX Association.
  14. M. Pintor, L. Demetrio, A. Sotgiu, A. Demontis, N. Carlini, B. Biggio, and F. Roli. Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples. In S. Koyejo, S. Mohamed, A. Agarwal, D. Belgrave, K. Cho, and A. Oh, editors, Advances in Neural Information Processing Systems, volume 35, 23063–23076. Curran Associates, Inc., 2022.
  15. G. Piras, M. Pintor, L. Demetrio, and B. Biggio. Explaining Machine Learning DGA Detectors from DNS Traffic Data. In ITASEC 2022, volume 3260 of CEUR-WS, 150-168. 2022.
  16. A. Sotgiu, M. Pintor, and B. Biggio. Explainability-Based Debugging of Machine Learning for Vulnerability Discovery. In Proc. 17th International Conference on Availability, Reliability and Security, ARES ‘22, 1-8. New York, NY, USA, 2022. Association for Computing Machinery.
  17. A. E. Cinà, S. Vascon, A. Demontis, B. Biggio, F. Roli, and M. Pelillo. The Hammer and the Nut: Is Bilevel Optimization Really Needed to Poison Linear Classifiers?. In International Joint Conference on Neural Networks (IJCNN), 1-8. Shenzhen, China, 2021. IEEE.
  18. G. Buchgeher, G. Czech, A. S. Ribeiro, W. Kloihofer, P. Meloni, P. Busia, G. Deriu, M. Pintor, B. Biggio, C. Chesta, L. Rinelli, D. Solans, and M. Portela. Task-Specific Automation in Deep Learning Processes. In G. Kotsis, A. M. Tjoa, I. Khalil, B. Moser, A. Mashkoor, J. Sametinger, A. Fensel, J. Martinez-Gil, L. Fischer, G. Czech, F. Sobieczky, and S. Khan, editors, Database and Expert Systems Applications - DEXA 2021 Workshops, 159–169. Cham, 2021. Springer International Publishing.
  19. M. Pintor, L. Demetrio, G. Manca, B. Biggio, and F. Roli. Slope: A First-order Approach for Measuring Gradient Obfuscation. In ESANN. 2021.
  20. M. Kravchik, B. Biggio, and A. Shabtai. Poisoning Attacks on Cyber Attack Detectors for Industrial Control Systems. In Proceedings of the 36th Annual ACM Symposium on Applied Computing, SAC ‘21, 116–125. New York, NY, USA, 2021. Association for Computing Machinery.
  21. D. Solans, B. Biggio, and C. Castillo. Poisoning Attacks on Algorithmic Fairness. In F. Hutter, K. Kersting, J. Lijffijt, and I. Valera, editors, Machine Learning and Knowledge Discovery in Databases (ECML PKDD 2020), Lecture Notes in Computer Science, 162–177. Cham, 2021. Springer International Publishing.
  22. M. Pintor, F. Roli, W. Brendel, and B. Biggio. Fast Minimum-norm Adversarial Attacks through Adaptive Norm Constraints. In M. Ranzato, A. Beygelzimer, Y. Dauphin, P.S. Liang, and J. W. Vaughan, editors, Advances in Neural Information Processing Systems (NeurIPS), volume 34, 20052–20062. Curran Associates, Inc., 2021.
  23. L. Oneto, N. Navarin, B. Biggio, F. Errica, A. Micheli, F. Scarselli, M. Bianchini, and A. Sperduti. Complex Data: Learning Trustworthily, Automatically, and with Guarantees. In ESANN. 2021.
  24. A. Demontis, M. Melis, M. Pintor, M. Jagielski, B. Biggio, A. Oprea, C. Nita-Rotaru, and F. Roli. Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, 2019.
  25. P. Temple, M. Acher, G. Perrouin, B. Biggio, J.-M. Jezequel, and F. Roli. Towards Quality Assurance of Software Product Lines with Adversarial Configurations. In Proceedings of the 23rd International Systems and Software Product Line Conference - Volume A, SPLC ‘19, 277–288. New York, NY, USA, 2019. Association for Computing Machinery.
  26. R. Labaca-Castro, B. Biggio, and G. Dreo Rodosek. Poster: Attacking Malware Classifiers by Crafting Gradient-Attacks That Preserve Functionality. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS ‘19, 2565–2567. New York, NY, USA, 2019. ACM.
  27. P. Meloni, D. Loi, P. Busia, G. Deriu, A. D. Pimentel, D. Sapra, T. Stefanov, S. Minakova, F. Conti, L. Benini, M. Pintor, B. Biggio, B. Moser, N. Shepelev, N. Fragoulis, I. Theodorakopoulos, M. Masin, and F. Palumbo. Optimization and Deployment of CNNs at the Edge: The ALOHA experience. In ACM International Conference on Computing Frontiers, 326 – 332. 2019.
  28. L. Demetrio, B. Biggio, G. Lagorio, F. Roli, and A. Armando. Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries. In 3rd Italian Conference on Cyber Security, ITASEC, volume 2315. CEUR Workshop Proceedings, 2019.
  29. F. Crecchi, D. Bacciu, and B. Biggio. Detecting Adversarial Examples through Nonlinear Dimensionality Reduction. In ESANN. 2019.
  30. M. Jagielski, A. Oprea, B. Biggio, C. Liu, C. Nita-Rotaru, and B. Li. Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. In IEEE Symposium on Security and Privacy, SP ‘18, 931-947. IEEE CS, 2018.
  31. M. Melis, D. Maiorca, B. Biggio, G. Giacinto, and F. Roli. Explaining Black-box Android Malware Detection. In 26th European Signal Processing Conf., EUSIPCO, 524-528. Rome, Italy, 2018. IEEE.
  32. P. Meloni, D. Loi, G. Deriu, A. D. Pimentel, D. Saprat, M. Pintor, B. Biggio, O. Ripolles, D. Solans, F. Conti, L. Benini, T. Stefanov, S. Minakova, B. Moser, N. Shepeleva, M. Masin, F. Palumbo, N. Fragoulis, and I. Theodorakopoulos. Architecture-aware design and implementation of CNN algorithms for embedded inference: The ALOHA project. In Proceedings of the International Conference on Microelectronics (ICM), volume 2018-December, 52 – 55. 2018.
  33. P. Meloni, D. Loi, G. Deriu, A. D. Pimentel, D. Sapra, B. Moser, N. Shepeleva, F. Conti, L. Benini, O. Ripolles, D. Solans, M. Pintor, B. Biggio, T. Stefanov, S. Minakova, N. Fragoulis, I. Theodorakopoulos, M. Masin, and F. Palumbo. ALOHA: An Architectural-Aware Framework for Deep Learning at the Edge. In Proceedings of the Workshop on INTelligent Embedded Systems Architectures and Applications, INTESA ‘18, 19–26. New York, NY, USA, 2018. Association for Computing Machinery.
  34. B. Kolosnjaji, A. Demontis, B. Biggio, D. Maiorca, G. Giacinto, C. Eckert, and F. Roli. Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables. In 26th European Signal Processing Conf., EUSIPCO, 533-537. Rome, 2018. IEEE.
  35. L. Muñoz-González, B. Biggio, A. Demontis, A. Paudice, V. Wongrassamee, E. C. Lupu, and F. Roli. Towards Poisoning of Deep Learning Algorithms with Back-gradient Optimization. In B. M. Thuraisingham, B. Biggio, D. M. Freeman, B. Miller, and A. Sinha, editors, 10th ACM Workshop on Artificial Intelligence and Security, AISec ‘17, 27–38. New York, NY, USA, 2017. ACM.
  36. M. Melis, A. Demontis, B. Biggio, G. Brown, G. Fumera, and F. Roli. Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid. In ICCVW Vision in Practice on Autonomous Robots (ViPAR), 751-759. IEEE, 2017.
  37. A. Demontis, B. Biggio, G. Fumera, G. Giacinto, and F. Roli. Infinity-norm Support Vector Machines against Adversarial Label Contamination. In A. Armando, R. Baldoni, and R. Focardi, editors, First Italian Conference on Cybersecurity (ITASEC17), number 1816 in CEUR Workshop Proceedings, 106-115. Aachen, 2017.
  38. D. Maiorca, P. Russu, I. Corona, B. Biggio, and G. Giacinto. Detection of Malicious Scripting Code through Discriminant and Adversary-Aware API Analysis. In A. Armando, R. Baldoni, and R. Focardi, editors, First Italian Conference on Cybersecurity (ITASEC17), number 1816 in CEUR Workshop Proceedings, 96-105. Aachen, 2017.
  39. I. Corona, B. Biggio, M. Contini, L. Piras, R. Corda, M. Mereu, G. Mureddu, D. Ariu, and F. Roli. DeltaPhish: Detecting Phishing Webpages in Compromised Websites. In S. N. Foley, D. Gollmann, and E. Snekkenes, editors, 22nd European Symposium on Research in Computer Security (ESORICS), volume 10492 of LNCS, 370–388. Cham, 2017. Springer International Publishing.
  40. P. Piredda, D. Ariu, B. Biggio, I. Corona, L. Piras, G. Giacinto, and F. Roli. Deepsquatting: Learning-Based Typosquatting Detection at Deeper Domain Levels. In AI*IA, volume 10640 of LNCS, 347–358. Springer, 2017.
  41. D. M. Freeman, S. Jain, M. Dürmuth, B. Biggio, and G. Giacinto. Who are you? A statistical approach to measuring user authenticity. In Proc. 23rd Annual Network & Distributed System Security Symposium (NDSS). The Internet Society, 2016.
  42. P. Russu, A. Demontis, B. Biggio, G. Fumera, and F. Roli. Secure Kernel Machines against Evasion Attacks. In 9th ACM Workshop on Artificial Intelligence and Security, AISec ‘16, 59-69. New York, NY, USA, 2016. ACM.
  43. A. Demontis, P. Russu, B. Biggio, G. Fumera, and F. Roli. On Security and Sparsity of Linear Classifiers for Adversarial Settings. In A. Robles-Kelly, M. Loog, B. Biggio, F. Escolano, and R. Wilson, editors, Joint IAPR Int’l Workshop on Structural, Syntactic, and Statistical Pattern Recognition, volume 10029 of LNCS, 322-332. Cham, 2016. Springer International Publishing.
  44. B. Biggio. Machine Learning under Attack: Vulnerability Exploitation and Security Measures. In 4th ACM Workshop on Information Hiding & Multimedia Security, IH&MMSec ‘16, 1-2. New York, NY, USA, 2016. ACM.
  45. A. Demontis, B. Biggio, G. Fumera, and F. Roli. Super-Sparse Regression for Fast Age Estimation from Faces at Test Time. In V. Murino and E. Puppo, editors, Image Analysis and Processing, volume 9280 of LNCS, 551–562. Springer International Publishing, 2015.
  46. B. Biggio, M. Melis, G. Fumera, and F. Roli. Sparse Support Faces. In Int’l Conf. on Biometrics (ICB), 208-213. May 2015.
  47. B. Biggio, I. Corona, Z.-M. He, P. P. K. Chan, G. Giacinto, D. S. Yeung, and F. Roli. One-and-a-Half-Class Multiple Classifier Systems for Secure Learning Against Evasion Attacks at Test Time. In F. Schwenker, F. Roli, and J. Kittler, editors, Multiple Classifier Systems, volume 9132 of Lecture Notes in Computer Science, 168-180. Springer International Publishing, 2015.
  48. H. Xiao, B. Biggio, G. Brown, G. Fumera, C. Eckert, and F. Roli. Is Feature Selection Secure against Training Data Poisoning?. In F. Bach and D. Blei, editors, JMLR W&CP - Proc. 32nd Int’l Conf. Mach. Learning (ICML), volume 37, 1689-1698. 2015.
  49. M. Melis, L. Piras, B. Biggio, G. Giacinto, G. Fumera, and F. Roli. Fast Image Classification with Reduced Multiclass Support Vector Machines. In V. Murino and E. Puppo, editors, Image Analysis and Processing, volume 9280 of LNCS, 78-88. Springer International Publishing, 2015.
  50. B. Biggio, S. R. Bulò, I. Pillai, M. Mura, E. Z. Mequanint, M. Pelillo, and F. Roli. Poisoning complete-linkage hierarchical clustering. In P. Franti, G. Brown, M. Loog, F. Escolano, and M. Pelillo, editors, Joint IAPR Int’l Workshop on Structural, Syntactic, and Statistical Pattern Recognition, volume 8621 of Lecture Notes in Computer Science, 42-52. Joensuu, Finland, 2014. Springer Berlin Heidelberg.
  51. B. Biggio, K. Rieck, D. Ariu, C. Wressnegger, I. Corona, G. Giacinto, and F. Roli. Poisoning Behavioral Malware Clustering. In 2014 Workshop on Artificial Intelligent and Security, AISec ‘14, 27–36. New York, NY, USA, 2014. ACM.
  52. B. Biggio. On Learning and Recognition of Secure Patterns. In ACM Workshop on Artificial Intelligence and Security, AISec ‘14, 1–2. New York, NY, USA, 2014. ACM.
  53. B. Biggio, L. Didaci, G. Fumera, and F. Roli. Poisoning attacks to compromise face templates. In 6th IAPR Int’l Conf. on Biometrics (ICB 2013), 1–7. Madrid, Spain, 2013.
  54. F. Roli, B. Biggio, and G. Fumera. Pattern Recognition Systems under Attack. In J. Ruiz-Shulcloper and G. S. di Baja, editors, Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications, volume 8258 of Lecture Notes in Computer Science, 1–8. Springer, 2013.
  55. B. Biggio, I. Pillai, S. R. Bulò, D. Ariu, M. Pelillo, and F. Roli. Is Data Clustering in Adversarial Settings Secure?. In Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, AISec ‘13, 87-98. New York, NY, USA, 2013. ACM.
  56. B. Biggio, I. Corona, D. Maiorca, B. Nelson, N. Šrndić, P. Laskov, G. Giacinto, and F. Roli. Evasion attacks against machine learning at test time. In H. Blockeel, K. Kersting, S. Nijssen, and F. Železný, editors, Machine Learning and Knowledge Discovery in Databases (ECML PKDD), Part III, volume 8190 of LNCS, 387–402. Springer Berlin Heidelberg, 2013.
  57. B. Biggio, B. Nelson, and P. Laskov. Poisoning attacks against support vector machines. In J. Langford and J. Pineau, editors, 29th Int’l Conf. on Machine Learning, 1807-1814. Omnipress, 2012.
  58. B. Biggio, G. Fumera, F. Roli, and L. Didaci. Poisoning Adaptive Biometric Systems. In G. Gimel’farb, E. Hancock, A. Imiya, A. Kuijper, M. Kudo, S. Omachi, T. Windeatt, and K. Yamada, editors, Structural, Syntactic, and Statistical Pattern Recognition, volume 7626 of Lecture Notes in Computer Science, 417-425. Springer Berlin Heidelberg, 2012.
  59. B. Biggio, G. Fumera, and F. Roli. Learning sparse kernel machines with biometric similarity functions for identity recognition. In IEEE 5th Int’l Conf. on Biometrics: Theory, Applications and Systems (BTAS), 325-330. 2012.
  60. B. Nelson, B. Biggio, and P. Laskov. Understanding the Risk Factors of Learning in Adversarial Environments. In 4th ACM Workshop on Artificial Intelligence and Security, AISec ‘11, 87–92. Chicago, IL, USA, 2011.
  61. B. Biggio, B. Nelson, and P. Laskov. Support Vector Machines Under Adversarial Label Noise. In Journal of Machine Learning Research - Proc. 3rd Asian Conf. Machine Learning, volume 20, 97-112. November 2011.
  62. B. Biggio, Z. Akhtar, G. Fumera, G. L. Marcialis, and F. Roli. Robustness of multi-modal biometric verification systems under realistic spoofing attacks. In Int’l Joint Conf. on Biometrics (IJCB), 1-6. 2011.
  63. Z. Akhtar, B. Biggio, G. Fumera, and G. L. Marcialis. Robustness of Multi-modal Biometric Systems under Realistic Spoof Attacks against All Traits. In 2nd Int’l IEEE Workshop on Biometric Measurements and Systems for Security and Medical Applications (BioMS 2011), 5-10. Milan, Italy, September 2011.
  64. B. Nelson, B. Biggio, and P. Laskov. Microbagging Estimators: An Ensemble Approach to Distance-weighted Classifiers. In Journal of Machine Learning Research - Proc. 3rd Asian Conf. Machine Learning, volume 20, 63-79. Taoyuan, Taiwan, November 2011.
  65. B. Biggio, G. Fumera, and F. Roli. Design of robust classifiers for adversarial environments. In IEEE Int’l Conf. on Systems, Man, and Cybernetics (SMC), 977-982. oct. 2011.
  66. B. Biggio, I. Corona, G. Fumera, G. Giacinto, and F. Roli. Bagging Classifiers for Fighting Poisoning Attacks in Adversarial Classification Tasks. In C. Sansone, J. Kittler, and F. Roli, editors, 10th International Workshop on Multiple Classifier Systems (MCS), volume 6713 of Lecture Notes in Computer Science, 350–359. Springer-Verlag, June 2011.
  67. B. Biggio, G. Fumera, and F. Roli. Multiple Classifier Systems under attack. In N. E. Gayar, J. Kittler, and F. Roli, editors, 9th International Workshop on Multiple Classifier Systems (MCS), volume 5997 of Lecture Notes in Computer Science, 74-83. Springer, 2010.
  68. B. Biggio, G. Fumera, and F. Roli. Multiple Classifier Systems for Adversarial Classification Tasks. In J. A. Benediktsson, J. Kittler, and F. Roli, editors, Proceedings of the 8th International Workshop on Multiple Classifier Systems, volume 5519 of Lecture Notes in Computer Science, 132-141. Springer, 2009.
  69. B. Biggio, G. Fumera, I. Pillai, and F. Roli. Improving Image Spam Filtering Using Image Text Features. In Fifth Conference on Email and Anti-Spam (CEAS). Mountain View, CA, USA, 21 August 2008.
  70. B. Biggio, G. Fumera, and F. Roli. Evade Hard Multiple Classifier Systems. In Workshop on Supervised and Unsupervised Ensemble Methods and their Applications (SUEMA). 2008.
  71. B. Biggio, G. Fumera, and F. Roli. Adversarial Pattern Classification using Multiple Classifiers and Randomisation. In 12th Joint IAPR International Workshop on Structural and Syntactic Pattern Recognition (SSPR 2008), volume 5342 of Lecture Notes in Computer Science, 500-509. Orlando, Florida, USA, 04/12/2008 2008. Springer-Verlag.
  72. B. Biggio, G. Fumera, I. Pillai, and F. Roli. Image Spam Filtering Using Visual Information. In 14th International Conference on Image Analysis and Processing, 105–110. Modena, Italy, 10-14 September 2007. IEEE Computer Society.
  73. G. Fumera, I. Pillai, F. Roli, and B. Biggio. Image spam filtering using textual and visual information. In MIT Spam Conference. Cambridge, MA, USA, 30 March 2007.
  74. F. Roli, B. Biggio, G. Fumera, I. Pillai, and R. Satta. Image Spam Filtering by Detection of Adversarial Obfuscated Text. In NIPS Workshop on Machine Learning in Adversarial Environments for Computer Security. Whistler, British Columbia, Canada, 2007.
  75. B. Biggio, G. Fumera, I. Pillai, and F. Roli. Image Spam Filtering by Content Obscuring Detection. In Fourth Conference on Email and Anti-Spam (CEAS). Microsoft Research Silicon Valley, Mountain View, California, 2-3 August 2007.
  76. B. Biggio, G. Fumera, and F. Roli. Bayesian Analysis of Linear Combiners. In M. Haindl, J. Kittler, and F. Roli, editors, Multiple Classifier Systems, 7th International Workshop, MCS 2007, Prague, Czech Republic, May 23-25, 2007, Proceedings, volume 4472 of Lecture Notes in Computer Science, 292-301. Springer, 23/05/2007 2007.

Book Chapters

  1. G. L. Marcialis, B. Biggio, and G. Fumera. Anti-spoofing: Multimodal. In S. Z. Li and A. K. Jain, editors, Encyclopedia of Biometrics, pages 103-105. Springer US, 2015.
  2. B. Biggio, I. Corona, B. Nelson, BenjaminI.P. Rubinstein, D. Maiorca, G. Fumera, G. Giacinto, and F. Roli. Security Evaluation of Support Vector Machines in Adversarial Environments. In Y. Ma and G. Guo, editors, Support Vector Machines Applications, pages 105-153. Springer International Publishing, Cham, 2014.
  3. G. Fumera, G. L. Marcialis, B. Biggio, F. Roli, and S. C. Schuckers. Multimodal Anti-Spoofing in Biometric Recognition Systems. In S. Marcel, M. Nixon, and S. Z. Li, editors, Handbook of Biometric Anti-Spoofing, Advances in Computer Vision and Pattern Recognition, pages 165-184. Springer London, 2014.
  4. B. Biggio, G. Fumera, and F. Roli. Bayesian Linear Combination of Neural Networks. In M. Bianchini, M. Maggini, F. Scarselli, and L. C. Jain, editors, Innovations in Neural Information Paradigms and Applications, volume 247 of Studies in Computational Intelligence, pages 201-230. Springer Berlin Heidelberg, 2009.
  5. B. Biggio, G. Fumera, and F. Roli. Evade Hard Multiple Classifier Systems. In O. Okun and G. Valentini, editors, Supervised and Unsupervised Ensemble Methods and Their Applications, volume 245 of Studies in Computational Intelligence, pages 15-38. Springer Berlin / Heidelberg, 2008.

Proceedings / Edited Books

  1. A. Torsello, L. Rossi, M. Pelillo, B. Biggio, and A. Robles-Kelly, editors. Structural, Syntactic, and Statistical Pattern Recognition - Joint IAPR International Workshops, S+SSPR 2020, Padua, Italy, January 21-22, 2021, Proceedings, volume 12644 of Lecture Notes in Computer Science, Springer, 2021.
  2. N. Vasiloglou, B. Biggio, and N. Carlini, editors. Deep Learning and Security Workshop (DLS 2020), 2020 IEEE Security and Privacy Workshops (SPW), 2020.
  3. K. Rieck, B. Biggio, and N. Vasiloglou, editors. Deep Learning and Security Workshop (DLS 2019), 2019 IEEE Security and Privacy Workshops (SPW), 2019.
  4. L. Cavallaro, J. Kinder, S. Afroz, B. Biggio, N. Carlini, Y. Elovici, and A. Shabtai, editors. AISec ‘19: Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security, New York, NY, USA, 2019. Association for Computing Machinery.
  5. X. Bai, E. R. Hancock, T. K. Ho, R. C. Wilson, B. Biggio, and A. Robles-Kelly, editors. Structural, Syntactic, and Statistical Pattern Recognition - Joint IAPR International Workshop, S+SSPR 2018, Beijing, China, August 17-19, 2018, Proceedings, volume 11004 of Lecture Notes in Computer Science, Springer, 2018.
  6. S. Afroz, B. Biggio, Y. Elovici, D. Freeman, and A. Shabtai, editors. AISec ‘18: Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security, New York, NY, USA, 2018. Association for Computing Machinery.
  7. B. M. Thuraisingham, B. Biggio, D. M. Freeman, B. Miller, and A. Sinha, editors. AISec ‘17: Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, New York, NY, USA, 2017. ACM.
  8. A. Robles-Kelly, M. Loog, B. Biggio, F. Escolano, and R. C. Wilson, editors. Structural, Syntactic, and Statistical Pattern Recognition - Joint IAPR International Workshop, S+SSPR 2016, Mérida, Mexico, November 29 - December 2, 2016, Proceedings, volume 10029 of Lecture Notes in Computer Science, 2016.

Miscellaneous

  1. B. Biggio, G. Fumera, G. L. Marcialis, and F. Roli. Security of pattern recognition systems in adversarial environments. Convegno Gruppo Italiano Ricercatori Pattern Recognition, 2012.
  2. B. Biggio, G. Fumera, I. Pillai, F. Roli, and R. Satta. Evading SpamAssassin with Obfuscated Text Images. Virus Bulletin, November 2007.

PhD Thesis

  1. B. Biggio. Adversarial Pattern Classification. PhD Thesis, University of Cagliari, Cagliari (Italy), 2010.