Matteo Dell'Amico

Matteo joined Symantec Research Labs in 2014. He received his Ph.D. in Computer Science in 2008 at the University of Genoa (Italy); between 2008 and 2014 he worked at EURECOM (France). His current research is focused on the design of scalable algorithms to make sense of massive security data, and on ways to reason on trust and reputation on the Internet.

Matteo's research interests touch distributed systems and security; he investigated topics such as peer-to-peer systems, machine learning, reputation systems, distributed backup and storage, recommender systems, scheduling, password security.

Selected Academic Papers

  • Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control
    Iskander Sanchez-Rola, Matteo Dell’Amico, Platon Kotzias, Davide Balzarotti, Leyla Bilge, Pierre-Antoine Vervier, Igor Santos
    To appear at the 14th ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2019)

    We evaluate both the information presented to users and the actual tracking implemented through cookies; we find that the GDPR has impacted website behavior in a truly global way, both directly and indirectly. On the other hand, we find that tracking remains ubiquitous.

  • A Field Study of Computer-Security Perceptions Using Anti-Virus Customer-Support Chats
    Kevin A. Roundy, Matteo Dell'Amico, Christopher Gates, Daniel Kats, Lujo Bauer, Nicolas Christin
    In Proceedings of the 2019 Conference on Human Factors in Computing Systems (CHI 2019)

    To identify needs for improvement in security products, we study security concerns raised in Norton Security customer support chats. We found that many consumers face technical support scams and are susceptible to them. Findings also show the value of customer support centers in that 96% of customers that reach out for support in relation to scams have not paid the scammers.

  • Hierarchical Incident Clustering for Security Operation Centers
    David Silva, Matteo Dell’Amico, Michael Hart, Kevin A. Roundy, Daniel Kats
    In Proceedings of the Interactive Data Exploration and Analytics Workshop (IDEA 2018)

    We enable security incident responders to dispatch multiple similar security incidents at once through an intuitive user interface. The heart of our algorithm is a visualized hierarchical clustering technique that enables responders to identify the appropriate level of cluster granularity at which to dispatch multiple incidents.

  • Beyond Precision and Recall: Understanding Uses (and Misuses) of Similarity Hashes in Binary Analysis
    Fabio Pagani, Matteo Dell’Amico, Davide Balzarotti
    In Proceedings of the 8th ACM Conference on Data and Application Security and Privacy (CODASPY 2018)

    Fuzzy hashing algorithms are a cheap and convenient way to find similarity in files. We evaluate how various of these algorithms perform for various tasks in binary analysis.

  • Smoke Detector: Cross-Product Intrusion Detection With Weak Indicators
    Kevin A. Roundy, Acar Tamersoy, Michael Spertus, Michael Hart, Daniel Kats, Matteo Dell'Amico, Robert Scott
    In Proceedings of the Annual Computer Security Applications Conference (ACSAC 2017)

    Smoke Detector significantly expands upon limited collections of hand-labeled security incidents by framing event data as relationships between events and machines, and performing random walks to rank candidate security incidents. Smoke Detector significantly increases incident detection coverage for mature Managed Security Service Providers.

  • RiskTeller: Predicting the Risk of Cyber Incidents
    Leyla Bilge, Yufei Han, Matteo Dell'Amico
    In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

    We present a system, RiskTeller, that can predict to-be-infected machines in an enterprise environment.

  • Lean On Me: Mining Internet Service Dependencies From Large-Scale DNS Data
    Matteo Dell'Amico, Leyla Bilge, Ashwin Kayyoor, Petros Efstathopoulos, Pierre-Antoine Vervier
    In Proceedings of the 33th Annual computer Security Applications Conference (ACSAC 2017)

    To assess the security risk for a given entity, and motivated by the effects of recent service disruptions, we perform a large-scale analysis of passive and active DNS datasets including more than 2.5 trillion queries in order to discover the dependencies between websites and Internet services.

  • Scalable and flexible clustering solutions for mobile phone-based population indicators
    Alessandro Lulli, Lorenzo Gabrielli, Patrizio Dazzi, Matteo Dell'Amico, Pietro Michiardi, Mirco Nanni, Laura Ricci

    We use distributed and scalable clustering techniques to perform estimation of population estimation, including mobility, based on mobile phone calls data.

  • Improving population estimation from mobile calls: a clustering approach
    Alessandro Lulli, Lorenzo Gabrielli, Patrizio Dazzi, Matteo Dell' Amico, Pietro Michiardi, Mirco Nanni, Laura Ricci
    In Proceedings of the 20th IEEE Symposium on Computers and Communications (ISCC 2015)

    We use distributed and scalable clustering techniques to perform estimation of population estimation, including mobility, based on mobile phone calls data.

  • NG-DBSCAN: Scalable Density-Based Clustering for Arbitrary Data
    Alessandro Lulli, Matteo Dell'Amico, Pietro Michiardi, Laura Ricci
    In Proceedings of the VLDB Endowment, Vol. 10, No. 3, 2016

    A scalable and distributed implementation of the DBSCAN clustering algorithm. The particularity of NG-DBSCAN is that it works scalably based on arbitrary data and distance functions.

  • PSBS: Practical Size-Based Scheduling
    Matteo Dell’Amico, Damiano Carra, Pietro Michiardi
    IEEE Transactions on Computers, 2016

    Size-based scheduling algorithms can perform disastrously with skewed workloads and incorrect size information. PSBS is a scheduling discipline that performs very well even when job sizes are incorrect.

  • Efficient and Self-Balanced ROLLUP Aggregates for Large-Scale Data Summarization
    Duy-Hung Phan, Quang-Nhat Hoang-Xuan, Matteo Dell’Amico, Pietro Michiardi
    In Proceedings of the IEEE 4th International Congress on Big Data (BigData Congress 2015)

    The ROLLUP primitive allows summarizing complex and large datasets. We develop an efficient implementation for Apache Pig.

  • HFSP: Bringing Size-Based Scheduling To Hadoop
    Mario Pastorelli, Damiano Carra, Matteo Dell’Amico, Pietro Michiardi
    IEEE Transactions on Cloud Computing, 2015

    HFSP is a scheduler for Hadoop inpired by the FSP algorithm. Like FSP, HFSP improves the scheduling both in terms of service time and fairness.

  • Monte Carlo Strength Evaluation: Fast and Reliable Password Checking
    Matteo Dell’Amico, Maurizio Filippone
    In Proceedings of the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015)

    A method for scalable password strength checking reflecting the effort that state-of-the-art attackers would need to guess them.

  • Scalable k-nn based text clustering
    Alessandro Lulli, Thibault Debatty, Matteo Dell’Amico, Pietro Michiardi, Laura Ricci
    In Proceedings of the 2015 IEEE International Conference on Big Data (IEEE BigData 2015)

    We use distributed and scalable clustering techniques to cluster text data based on the edit distance metric.