The following is a reverse chronological list of my academic publications. For metrics and links to papers, please refer to my Google Scholar page.

  • DEEPCASE: Semi-Supervised Contextual Analysis of Security Events
    Thijs van Ede, Hojjat Aghakhani, Noah Spahn, Riccardo Bortolameotti, Marco Cova, Andrea Continella, Maarten van Steen, Andreas Peter, Christopher Kruegel, Giovanni Vigna
    Proceedings of the IEEE Symposium on Security and Privacy
    San Francisco, California, USA, May 2022
  • Revolver: An Automated Approach to the Detection of Evasive Web-based Malware
    Alex Kapravelos, Yan Shoshitaishvili, Marco Cova, Christopher Kruegel, Giovanni Vigna
    Proceedings of the USENIX Security Symposium
    Washington DC, USA, August 2013
  • Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
    Davide Balzarotti, Salvatore Stolfo, Marco Cova
    Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
    Amsterdam, The Netherlands, September 2012
  • The Unbearable Lightness of Monitoring: Indirect and Direct Peer Monitoring in BitTorrent
    Tom Chothia, Marco Cova, Chris Novakovic, Camilo Toro
    Proceedings of the Conference on Security and Privacy in Communication Networks (SECURECOMM)
    Padova, Italy, September 2012
  • EVILSEED: A Guided Approach to Finding Malicious Web Pages
    Luca Invernizzi, Stefano Benvenuti, Paolo Milani, Marco Cova, Christopher Kruegel, Giovanni Vigna
    Proceedings of the IEEE Symposium on Security and Privacy
    San Francisco, California, May 2012
  • Escape from Monkey Island: Evading High-Interaction Honeyclients
    Alex Kapravelos, Marco Cova, Christopher Kruegel, Giovanni Vigna
    Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
    Amsterdam, The Netherlands, July 2011
  • HARMUR: Storing and Analyzing Historic Data on Malicious Domains
    Corrado Leita, Marco Cova
    Proceedings of the Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)
    Salzburg, Austria, April 2011
  • Peering Through the iFrame
    Brett Stone-Gross, Marco Cova, Christopher Kruegel, Giovanni Vigna
    Proceedings of the IEEE International Conference on Computer Communications (INFOCOM) Mini-Conference
    Shanghai, China, April 2011
  • Prophiler: a Fast Filter for the Large-Scale Detection of Malicious Web Pages
    Davide Canali, Marco Cova, Christopher Kruegel, Giovanni Vigna
    Proceedings of the International World Wide Web Conference (WWW)
    Hyderabad, India, March 2011
  • Analysis of a Botnet Takeover
    Brett Stone-Gross, Marco Cova, Bob Gilbert, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna
    IEEE Security and Privacy Magazine, 9(1)
    January 2011
  • An Analysis of Rogue AV Campaigns
    Marco Cova, Corrado Leita, Olivier Thonnard, Angelos Keromytis, Marc Dacier
    Proceedings of the Symposium on Recent Advances in Intrusion Detection (RAID)
    Ottawa, Canada, September 2010
  • Taming the Malicious Web: Avoiding and Detecting Web-based Attacks
    Marco Cova
    Ph.D. dissertation
    University of California, Santa Barbara
    July 2010
  • Organizing Large Scale Hacking Competitions
    Nick Childers, Bryce Boe, Ludovico Cavedon, Lorenzo Cavallaro, Marco Cova, Manuel Egele, Giovanni Vigna
    Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
    Bonn, Germany, July 2010
  • Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners
    Adam Doupè, Marco Cova, Giovanni Vigna
    Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
    Bonn, Germany, July 2010
  • Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code
    Marco Cova, Christopher Kruegel, Giovanni Vigna
    Proceedings of the International World Wide Web Conference (WWW)
    Raleigh, NC, USA, April 2010
  • Efficient Detection of Split Personalities in Malware
    Davide Balzarotti, Marco Cova, Christoph Karlberger, Engin Kirda, Christopher Kruegel, Giovanni Vigna
    Proceedings of the Symposium on Network and Distributed System Security (NDSS)
    San Diego, CA, USA, February 2010
  • An Experience in Testing the Security of Real-World Electronic Voting Systems
    Davide Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger, Richard Kemmerer, William Robertson, Fredrik Valeur, Giovanni Vigna
    IEEE Transactions on Software Engineering, 36(4) 2010
    [Spotlight paper for the July/August 2010 issue]
  • Analyzing and Detecting Malicious Flash Advertisements
    Sean Ford, Marco Cova, Christopher Kruegel, Giovanni Vigna
    Proceedings of the Annual Computer Security Applications Conference (ACSAC)
    Honolulu, HI, USA, December 2009
  • Your Botnet is My Botnet: Analysis of a Botnet Takeover
    Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna
    Proceedings of the ACM Conference on Computer and Communications Security (CCS)
    Chicago, IL, USA, November 2009
  • Symbolic String Verification: An Automata-based Approach
    Fang Yu, Tevfik Bultan, Marco Cova, Oscar Ibarra
    Proceedings of the International SPIN Workshop on Model Checking of Software
    Los Angeles, CA, USA, August 2008
  • There Is No Free Phish: An Analysis of “Free” and Live Phishing Kits
    Marco Cova, Christopher Kruegel, Giovanni Vigna
    Proceedings of the USENIX Workshop on Offensive Technologies (WOOT)
    San Jose, CA, USA, July 2008
  • Are Your Votes Really Counted? Testing the Security of Real-world Electronic Voting Systems
    Davide Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger, Richard Kemmerer, William Robertson, Fredrik Valeur, Giovanni Vigna
    Proceedings of the International Symposium on Software Testing and Analysis (ISSTA)
    Seattle, WA, USA, July 2008
    [One of six best papers of ISSTA 2008, nominated for submission to special TSE issue]
  • ClearShot: Eavesdropping on Keyboard Input from Video
    Davide Balzarotti, Marco Cova, Giovanni Vigna
    Proceedings of the IEEE Symposium on Security and Privacy
    Oakland, CA, USA, May 2008
  • Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
    Davide Balzarotti, Marco Cova, Viktoria Felmetsger, N. Jovanovic, Engin Kirda, Christopher Kruegel, Giovanni Vigna
    Proceedings of the IEEE Symposium on Security and Privacy
    Oakland, CA, USA, May 2008
  • Multi-Module Vulnerability Analysis of Web-based Applications
    Davide Balzarotti, Marco Cova, Viktoria Felmetsger, Giovanni Vigna
    Proceedings of the ACM Conference on Computer and Communications Security (CCS)
    Alexandria, VA, USA, October 2007
  • Vulnerability Analysis of Web-Based Applications
    Marco Cova, Viktoria Felmetsger, Giovanni Vigna
    Test and Analysis of Web Services
    September 2007
  • Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications
    Marco Cova, Davide Balzarotti, Viktoria Felmetsger, Giovanni Vigna
    Proceedings of the Symposium on Recent Advances in Intrusion Detection (RAID)
    Gold Coast, Queensland, Australia, September 2007
  • Static Detection of Vulnerabilities in x86 Executables
    Marco Cova, Viktoria Felmetsger, Greg Banks, Giovanni Vigna
    Proceedings of the Annual Computer Security Applications Conference (ACSAC)
    Miami, FL, USA, December 2006
  • SNOOZE: toward a Stateful NetwOrk prOtocol fuzZEr
    Greg Banks, Marco Cova, Viktoria Felmetsger, Kevin Almeroth, Richard Kemmerer, Giovanni Vigna
    Proceedings of the Information Security Conference (ISC)
    Samos, Greece, August 2006
  • LinSTAT: An Intrusion Detection System for Linux
    Marco Cova Master dissertation
    Università di Bologna
    December 2003

Before defecting to the field of security, I delved in the problem of emergent semantics at FBK (then called ITC-irst). Some of my work appears in the articles listed below.

  • Language Games: Solving the Vocabulary Problem in Multi-Case-Base Reasoning
    Paolo Avesani, Conor Hayes, Marco Cova
    Proceedings of the 6th International Conference on Case-Based Reasoning (ICCBR)
    Chicago, IL, USA, August 2005
  • Language Games: Learning Shared Concepts among Distributed Information Agents
    Conor Hayes, Paolo Avesani, Marco Cova
    Proceedings of the 1st IJCAI workshop on Multi-Agent Information Retrieval and Recommender Systems
    Edinburgh, Scotland, July 2005
  • Learning Contextualized Weblog Topics Paolo Avesani, Marco Cova, Conor Hayes, Paolo Massa
    Proceedings of the 2nd WWW workshop on the Weblogging Ecosystem: Aggregation, Analysis and Dynamics
    Chiba, Japan, May 2005
  • Shared Lexicon for Distributed Annotations on the Web Paolo Avesani, Marco Cova
    Proceedings of the 14th International World Wide Web Conference (WWW)
    Chiba, Japan, May 2005
  • A Service Oriented Architecture for Advertising Games (short paper)
    Paolo Avesani, Marco Cova, Roberto Tiella, Arun Sharma
    Proceedings of the 2nd International Conference on Service Oriented Computing (ICSOC)
    New York City, NY, USA, November 2004