Igino Corona
search externally:   Google Scholar,   Springer,   CiteSeer,   Microsoft Academic Search,   Scirus ,   DBlife


Igino Corona received the M.Sc. Degree in Electronic Engineering from the University of Cagliari, in October 2006. In his MSc thesis (in Italian), he discussed the design and the implementation (in Python and C++ programming languages) of an anomaly-based, unsupervised Intrusion Detection System for the analysis of the HTTP traffic. The Clusit Association rewarded this work as one of the best Italian research thesis on computer system security. Since February 2007, he is a Ph.D. Student in Computer Science and a member of the Pattern Recognition and Applications Group (Dept. of Electrical and Electronic Engineering). In the period January/June 2009 he worked with the research group headed by Prof. Wenke Lee, Georgia Institute of Technology, Altlanta, USA) as a visiting PhD student. During such a period, Igino Corona and Roberto Perdisci developed Flux Buster, an advanced system which is able to detect fast flux service networks by means of passive analysis of DNS traffic in large networks.

In march 2010 Igino Corona received the PhD degree in Electronic and Computer Engineering from the University of Cagliari, with the following dissertation: "Detection of web-based attacks".

Research interests at-large involve all aspects of computer security. In particular, most of interest regards the detection of security violations:

  • Web Intrusion Detection
  • Ideation, development, and testing of advanced Intrusion Detection Systems (IDS)
  • Anomaly Detection paradigm to spot both known and unknown threats
  • Pattern Recognition techniques to create IDS based on machine learning
  • Multiple Classifier Systems to enhance the reliability and the robustness of IDS
  • Learning in Adversarial Environment to provide for a reliable IDS training using real time traffic

In order to ease the comparison of experimental results and allow security administrators to better protect their machines, most of programs ideated and developed by Igino Corona will be offered with open-source licence. Currently, the following tools are available:

  • HMM-Web: a framework to the detection of web attacks

On the other hand, the following tools are currently being developed/improved/documented (they will be available soon):

  • D1gg3r: high-performance, active probing and detection of fast flux domain names
  • Web Guardian: an anomaly-based Web Intrusion Protection system


demonstration video
flag Detection of server side web attacks
as author at  Spotlights Session,