Dmi.unisa.it

PATTERN RECOGNITION AND APPLICATIONSGROUP AT THE UNIVERSITY OF CAGLIARI F. Roli, G. Giacinto, L. Didaci, G. Fumera, G.L. MarcialisDept. of Electrical and Electronic Engineering, Univ. of CagliariPiazza d’Armi, 09123 Cagliari, Italy {roli, giacinto, luca.didaci, fumera, marcialis}@diee.unica.it In this contribution the research activities carried out during the years 2008–2010by the Pattern Recognition and Applications Group at the University of Cagliariare presented. They were focused on adversarial classification problems on thetheoretical side, and on the following applications related to computer securityand multi-media data analysis: intrusion detection in computer networks, bio-metric authentication, spam filtering, and content-based image retrieval.
The Pattern Recognition and Applications (PRA) Group (http://prag.
diee.unica.it) was established at the University of Cagliari in 1996. Itsaim is to address fundamental issues for the development of future patternrecognition systems, in the context of real applications. The PRA group iscurrently made up by the following people: Professors: Fabio Roli (group’s head).
Associate Professors: Giorgio Giacinto.
Assistant Professors: Luca Didaci, Giorgio Fumera, Gian Luca Mar-cialis.
Post-docs: Davide Ariu, Battista Biggio, Igino Corona, Ignazio Pillai,Ajita Rattani.
PhD students: Zahid Akhtar, Luca Piras, Riccardo Satta.
Research fellows: Pietro Coli, Gian Luca Fadda, Daniele Muntoni, GabrieleMurgia, Maurizio Pili, Marco Ristori, Nicola Sirena, Roberto Tronci.
Since 1996 the PRA group focussed on two methodological issues related to statistical pattern recognition: multiple classifier systems (MCS) and clas-sification reliability [13]. In particular, in the field of MCSs we gave severalcontributions related to design methods [29] and to the analysis of classifiercombining rules [14]. Moreover, since 2000 the PRA group co-organisedwith the Center for Vision, Speech and Signal Processing of the Universityof Surrey (UK) the International Workshop on Multiple Classifiers Systems(http://www.diee.unica.it). Nine editions have been held so far: threeeditions in Cagliari, and six in UK, USA, Prague, Iceland and Egypt. We alsoworked on the development of pattern recognition techniques in several appli-cation fields: classification of remote-sensing images [16], biometric authenti-cation [7, 30], content-based image retrieval [17], intrusion detection in com-puter networks [18], text categorisation and spam filtering [15]. Since 1996to date the PRA group established cooperations with several international re-search groups on the above topics, and hosted several visiting professors andstudents.
The research activities of the PRA group are funded by contracts and grants from private firms and government agencies. In 2007 we also established theAmbient Intelligence Laboratory (AmI Lab, http://prag.diee.unica.it/amilab) at the Technology Park of Pula (Cagliari). The AmI Lab is fundedby Sardegna Ricerche (http://www.sardegnaricerche.it/), an agency ofRegional Administration of Sardinia, whose main aim is to promote technol-ogy transfer. The AmI Lab is currently involved on applied research activitiesrelated to content-based image retrieval and biometric authentication, exploit-ing the results achived on the same research topics by the PRA group. Demoand prototypes of the systems developed at the AmI Lab are available in theweb site http://prag.diee.unica.it/amilab.
In the years 2008–2010 our research activities have been focussed on meth- ods and applications of computer security, biometric authentication and content-based image retrieval, which are described in the following sections.
During the years 2008–2010 the PRA group addressed the issue of develop- ing a general theory and novel design methods for pattern recognition in adver-sarial environments, which involve applications like biometric identity recog-nition and verification, intrusion detection in computer networks and spam fil-tering. Our works on these topics are described in section 2.1. We also workedon the development of pattern recognition systems in two specific applications:network intrusion detection (section 2.2) and spam filtering (section 2.3).
Pattern Recognition and Applications Group at the University of Cagliari Pattern recognition techniques are now intensively applied in security appli- cations like biometric verification tasks, intrusion detection in computer net-works and spam filtering. They are faced as two-class classification problems,where the goal is to discriminate between malicious and legitimate samples(e.g., impostor and genuine users, intrusive and legitimate network packets).
Such tasks are characterised by the presence of an intelligent and adaptive ad-versary who may modify his samples to get them misclassified as legitimate.
For instance, a very accurate fingerprint verification system may be evaded byusing fake fingerprints. Similarly, hackers usually camouflage their attacks inorder to evade intrusion detection systems (IDSs), for instance by adjustingthe characteristics of their packets analysed by IDSs. Analogously, spammersusually modify their emails (for instance, by misspelling words) to misleadstatistical text classifiers used in many spam filters. One of the consequencesis that in adversarial classification tasks pattern recognition systems may un-dergo a quick performance degradation at operation phase, due to adversarialattacks. The intrinsic adversarial nature of these tasks makes them substan-tially different from standard classification problems. However, current patternrecognition theory and design methods do not take into account such adver-sarial nature. Therefore, although pattern recognition could provide a crucialtechnological background in these applications, it does not yet exhibit the ro-bustness and reliability which is necessary for a widespread adoption. A strongeffort is thus needed to develop a general, unified theoretical framework andnovel design methods for pattern recognition in adversarial environments. Theissue of adversarial classification has not been systematically addressed in theliterature yet. Only few works in the machine learning literature dealt with theproblem of developing a formal framework, but they are very limited and basedon unrealistic and restrictive assumptions. The majority of works focused in-stead on very specific issues, in particular identifying potential vulnerabilitiesof a given classification algorithm in a specific application, studying the corre-sponding attacks and countermeasures.
Since 2008 we have started to address some of the fundamental issues of pattern recognition in adversarial environments, namely the evaluation of clas-sifier’s performance under attack, and the design of classifiers that are morerobust to attacks. Our contributions are summarised in the rest of this section.
Without focusing on a specific application or on a given kind of classifier, in [4] and [3] we analytically investigated two possible defence strategies againstadversarial attacks. Adding features to a given feature set, or classifiers to agiven ensemble, are common strategies used in spam filters and IDSs to coun-teract new attacks. In [4] we showed that they may improve robustness, byforcing the adversary to spend a higher effort to evade the system. In [3] we considered the randomisation of some parameters of the classifier’s deci-sion function as a possible way to prevent the adversary from gaining enoughknowledge on the classifier, up to evading it. This can be useful in tasks wherethe adversary is able to get some feedback from the classifier. In both workswe used a spam filtering task as a case study. However, despite some inter-esting results, we used an analytical framework (proposed by other authors)whose unrealistic assumptions did not allow us to derive practical guidelinesfor a real and effective implementation of the considered defence strategies.
In [5] we considered the issue of evaluating the performance degradation of classifiers under attack (i.e., their robustness), at design phase. Robustness toattacks is fundamental in adversarial environments, besides other performancerequirements common to traditional classification problems like classificationaccuracy (without attacks) and computational efficiency. We proposed a ro-bustness measure for classifiers with Boolean features, given by the expectedvalue of the minimum number of features to be modified in malicious sam-ples to get them misclassified as legitimate. The underlying rationale is thatthe higher the number of features to be modified for evading the classifier, thehigher the effort for the adversary.
In [6] we investigated the use of well known randomisation-based MCS construction methods, like bagging and the random subspace method (RSM).
We empirically showed that they result in a more uniform distribution of thefeature weights of linear base classifiers, with respect to a single classifier.
Keeping weights as much uniform as possible was suggested by other authorsas a defence strategy against attacks based on exploiting some knowledge onthe classifier’s decision function.
The Web-based architecture is the most frequently used in software deploy- ments. The results of a recent study by the X-Force team show that more than50% of vulnerabilities discovered during the first half of 2009 affected Webapplications. In order to detect attacks against web applications, we developedtwo anomaly-based detection techniques based on HMM [8, 25, 10]. The useof HMM is motivated by the fact that requests to web applications are pro-vided in terms of sequences of tokens, each token being a pair of “keys” and“values”. By modelling sequences related to normal activity of web servers,it is possible to detect anomalous sequences that can be related to attacks. Inaddition, as attackers aim at evading anomaly-based systems by crafting theirattacks so that the related traffic is quite similar to normal traffic, the proposedsolutions allows reducing the risk of this kind of attacks by resorting to anensemble-based architecture.
Pattern Recognition and Applications Group at the University of Cagliari The two detection systems that we have developed are based on the analysis of the traffic at different semantic levels. In particular, one detection systems isbased on modelling the requests toward a web server by analyzing the packetsat the network level, while the other detection system analyze the requests atthe host server, i.e., by analyzing the text string that is processed by the webserver. At the network level, the HMM models the sequences of bytes in thepayload. For a variety of attacks, this detection mechanism is quite effective,as attacks usually exhibit different byte sequences. On the other hand, someattacks may be undetected, as the semantic is not taken into account and attacksthat are based on crafting some special text sequences may be quite similar tolegitimate sequences at the byte level. On the other hand, the architectureof the host-based detector is designed on the detailed knowledge of the webapplications running on the web server. It is made up of an ensemble of HMM,each HMM being dedicated to the analysis of subsets of requests. The twodetectors can be seen as complementary detection mechanism. In particular,the host-based detector requires the access to the web server that process therequests, thus requiring some extra computational time. In addition, the designphase is more complex than the one of the network detector. On the other hand,the network-level detector can be used to protect an entire array of servers, orjust a single server in those cases in which the access to the web server andits logic is not possible (e.g., an ISP which is interested in detecting malicioustraffic on hosted web servers). In order to improve detection and increase thedifficulty for an attacker to evade detection, we used an ensemble of HMMsfor each task, where diversity in detection is achieved by changing the trainingparameters. The reported experimental results show the effectiveness of theproposed approach w.r.t. other similar techniques in the literature. In particularthey are effective in producing very false alarm rates, and in making it difficultfor an attacker to evade detection.
As a joint work with the Information Security Centre at the Georgia Insti- tute of Technology , we contributed to the development of Flux Buster (http://dnsrecon.gtisc.gatech.edu/), a system that is able to accurately detectand characterize fast flux service networks. The detection of flux networks iscarried out by a passive analysis of Recursive DNS (RDNS) traffic traces col-lected from multiple large networks. This kind of analysis enable the detectionof malicious flux service networks in-the-wild, i.e., as they are accessed byusers who fall victims of malicious content. Since the amount of RDNS trafficis often overwhelming, we devised a number of prefiltering rules that aim atidentifying DNS queries to potential fast-flux domain names. This prefilteringstage is able to reduce the volume of the monitored DNS traffic to a tractableamount without discarding information about domain names actually relatedto malicious flux services. Once information has been collected for a certainepoch E (e.g., one day), we perform a more fine-grain analysis. First, we apply a clustering process to the domain names collected during E, and we grouptogether domain names that are related to each other. Once the monitored do-main names have been grouped, we classify these clusters of domains and therelated monitored resolved IP addresses as either being part of a malicious fluxservice network or not.
Pattern recognition techniques, and in particular text categorization meth- ods, have been used in spam filtering since about a decade ago. Our interest inspam filtering started in 2004, when spammers introduced a new trick to evadespam filters, known as image spam. At that time, spam filters only analysedthe emails’ textual content. Spammers thus started embedding the spam mes-sage into attached images to make text-based detection ineffective. Moreover,they often obfuscated the embedded text to prevent it from being read by OCRtools. This raised the issue of analysing also visual characteristics of attachedimages, by the use of computer vision and pattern recognition techniques, tokeep filters effective.
Our first contribution was an investigation of the possibility and the effec- tiveness of detecting image spam by applying text categorization techniquesboth to the text in the e-mail’s body and to the text extracted by OCR toolsfrom attached images, if any [15]. This approach proved to be effective on im-ages containing clean text. We then investigated the possibility of recognisingspam images containing text obfuscated using different artefacts to make OCRtools ineffective [1, 2]. The goal was to explicitly detect the presence of suchartefacts, as an indication of an adversarial attempt to evade OCR.
Another related problem is that spam filters need to be frequently re-trained to be effective, since spammers keep modifying their emails in order to evadethem. In [35], we exploited the use of active learning and semi-supervisedlearning techniques to simplify the problem of hand-labelling huge amountsof emails to create suitable data sets for updating the filters. Indeed, by us-ing these techniques, it is possible for a user to label only few representativeemails, and then to automatically propagate the given labels to those unla-belled emails which are quite similar (in terms of their content) to the la-belled ones. The proposed method was proved to be effective in improvingthe self-training procedure of the widespread open source SpamAssassin filter(http://spamassassin.apache.org/).
As by-products of our work, we developed two plug-ins against image spam for SpamAssassin (http://prag.diee.unica.it/pra/eng/research/doccategorisation/spamfiltering/products). One is based on a textclassifier applied to the text extracted from attached images by OCR tools. Theother one is based on low-level image analysis. We also developed a tool to Pattern Recognition and Applications Group at the University of Cagliari generate artificial spam images with different kinds of text obfuscation tech-niques, and a tunable degree of obfuscation (http://prag.diee.unica.it/pra/eng/research/doccategorisation/spamfiltering/prototypes/),which allows one to carry out extensive experiments on image spam detection.
The term “biometrics” refers to physiological or behavioural characteristics which allow to univocally identify people. This is a very active research fieldsince several years, but still exhibits many open issues. Our effort in this fieldhas been to advance the state-of-the-art about three relevant issues, describedin the following sections.
The automatic vitality detection of a fingerprint has become an important issue in personal verification systems based on this biometric. It has beenshown that fake fingerprints made using materials like gelatine or silicon candeceive commonly used sensors.
Recently, the extraction of vitality features from fingerprint images has been proposed to address this problem. Among others, static and dynamic featureshave been separately studied so far. Their respective merits are thus not yetclear, especially because reported results were often obtained with differentsensors and using small data sets which could have obscured relative merits,due to potential small sample-size issues. We compared some static and dy-namic features by experiments on a larger data set, extracted from the sameoptical sensor [7]. We used fingerprint stamps made using liquid silicon rub-ber. Experimental results showed the relative merits of these features and theperformance improvement achievable by using them together.
We also proposed a novel feature to detect the “liveness” of fingerprint im- ages. It was derived from the image power spectrum, and pointed out thedifference between “live” and “fake” images in terms of high frequency infor-mation loss. Preliminary results on a large data set showed the effectivenessof the proposed measurement. This activity has been recently conducted incooperation with the Scientific Investigation Office of Arma dei Carabinieri(RaCIS), which led to a software tool for supporting dactyloscopist in theirmanual analysis of latent fingerprints, with a preliminary sub-tool devoted tothe detection of fake latent fingerprints [23].
Finally, we leaded the organization of the First International Fingerprint Liveness Detection Competition 2009 LivDet09 [19] (http://prag.diee.
unica.it/LivDet09), with Prof. Stephanie Schuckers (Biometric Signal Labfrom Clarkson University, USA), which has been hosted at the 11th Interna-tional Conference of Image Analysis and Processing [20].
Performances of biometric recognition systems can degrade quickly when the input biometric traits exhibit substantial variations compared to the tem-plates collected during the enrolment stage of system’s users. On the otherhand, a lot of new unlabelled biometric data, which could be exploited to adaptthe system to input data variations, are made available during the system op-eration over time. This research deals with adaptive biometric systems thatcan improve with use by exploiting unlabelled data. After a critical reviewof previous works on adaptive biometric systems, the use of semi-supervisedlearning methods for the development of adaptive biometric systems has beenaddressed. Two examples of adaptive biometric recognition systems based onsemi-supervised learning are presented along the chapter, and the concept ofbiometric co-training has been introduced for the first time.
The main results of this activity are two. One is the proposal of novel ap- proaches for the template update in biometric verification systems by usingfingerprint and face: the so-called graph-mincut algorithm, approaches fortemplate editing and replacement, template co-update [11, 12]. the other isa experimental analysis of off-line and online approaches to template update,showing pros and cons of each method [28].
Multi-modal verification systems using serial fusionand score selection This research involves the following activities: 1 Investigation of a serial biometric system [24]. Systems characterized by the serial combination of multiple biometrics can allow a good trade-offbetween verification time, performance and acceptability, but have beenpoorly investigated so far. Among the other issues, it is not clear howto set the processing chain (e.g., whether the first-stage system shouldbe the most accurate or the fastest one). Finding the best sequence isindeed not easy since it requires to perform further experiments to set theacceptance thresholds and to assess the overall system performance onthe possible sequences. Moreover, no work correlated the performanceand the verification time in order to investigate such a combination. Inthis research, we investigated this issue by proposing (i) a serial schemewith a novel decision criterion for multi-modal biometric systems, (ii) asimple mathematical model for the design stage of the proposed scheme.
2 An experimental comparison among several methods for performing multi-modal fusion of fingerprint matchers [21]. This investigation fo-cused on the matching score-level combination. In particular the follow-ing approaches have been considered: fusion of optical and capacitive Pattern Recognition and Applications Group at the University of Cagliari sensors, fusion of multiple matchers, and fusion of multiple impressionsof the same fingers. We found that significant performance improvementcan be obtained by appropriately combining these approaches, withoutthe need of complex fusion rules. This study was aimed to assess towhich extent multi-modal fusion of fingerprint verification systems canbe exploited for obtaining high-level performance.
3 Development of a framework based on the concept of “group-specific fu- sion” of ancillary information, also called “soft-biometrics”, with mainbiometric systems [22]. Soft biometrics are characterized by a low dis-criminant power. Although they cannot be used for verification aims,they can give significant information to increase the evidence about theidentity of the subject to be authenticated. Our working hypothesis isthat soft biometrics can be useful only for small groups of users, highlycharacterized by a certain feature over the user population (as blond hairin a population of black hair, etc.). Therefore, a framework to inte-grate soft biometrics with main biometric has been developed, and in-vestigated in the specific case of a face verification system where hairand skin colour are considered as soft biometrics. Experimental resultsclearly pointed out the performance improvement over the populationwhere such soft biometrics are applied according to the framework.
4 We also worked on the development of methods for combining differ- ent biometric matchers at the score level [31–34]. In particular, we de-veloped mechanisms based on “dynamic selection” and “dynamic com-bination” that are aimed at dynamically computing the most effectivecombination parameters for each test pattern. In particular, “dynamic se-lection” is a particular case of “dynamic combination”, as it is obtainedwhen all the combination weights are set to 0, except for the weight re-lated to the selected matcher, which is set to 1. Different mechanismshave been deployed to perform the dynamic computation of the com-bination parameters, and performances have been assessed on publiclyavailable datasets.
Relevance feedback for content-based image retrieval User interaction is a key element in content-based image retrieval systems.
These systems rely on the extraction of low-level features from images, andthe assessment of similarity is performed in feature spaces. As the semanticcontent of images is usually loosely related with the feature values, especiallywhen the image database contains a large number of different semantic topics,it is easy to see that images that are near each other in the feature space maybe conceptually different from the user’s point of view. In other words, thesearch for similar images in the feature space returns images with similar vi- sual content rather than images with similar semantic content. In order to drivethe search of image retrieval system, the user can be asked to provide a judge-ment on the results, the so-called relevance feedback. The exploitation of theusers’ feedback can be carried out by learning mechanisms which modify thesimilarity metric in account for the relevant and non-relevant images providedby the user.
The relevance feedback techniques developed by our group are based on nearest-neighbour information [26]. The underlying assumption is that twoimages that are judged to be similar by a given user, should also exhibit similarvisual content w.r.t. some features. At the same time, a relevant image shouldalso exhibit a visual content ‘dissimilar’ to images that the user judged as be-ing non-relevant. Accordingly, we developed a relevance index associated tothe nearest relevant image, and to the nearest non-relevant image. This indexis then used to rank the images. In our experiments, we showed that this in-dex allows outperforming other techniques based on classification algorithms(e.g., SVM). It is worth noting that classification algorithms need the tuningof learning parameters, and a careful design as typically the user labels a fewdozen images, and thus training sets are small, while the proposed techniquehas no parameter to tune.
As the images can be represented in different low-level feature spaces, some weighting mechanisms can be used to emphasize those feature spaces whereimages that are relevant to the user are represented as near points. To this end,we devised a weighting mechanism tailored to the nearest-neighbor relevancefeedback technique that provided an improvement in performance if comparedwith other state-of-the-art weighting mechanisms.
Finally, in order to address the problem of small training set size, we pro- posed a mechanism to artificially create new relevant patterns in the featurespace [27]. These points are created in areas of the feature space where pointsrelated to relevant images are likely to lie. In some experimental setup, it turnedout that the artificial generation of new patterns in one feature space providedimprovement in performance larger than that produced by combing differentfeature spaces.
These algorithms have been implemented in a proof-of-concept tool within the ‘Sardegna DistrICT Lab’ (see the Introduction). This tool actually runs indesktop mode, and will be soon available for public testing as a web-based ap-plication (http://prag.diee.unica.it/amilab/?q=video/imagehunter).
[1] B. Biggio, G. Fumera, I. Pillai, and F. Roli (2007). Image spam filtering using visual in- formation. 14th Int. Conf. on Image Analysis and Processing, 105–110, IEEE Comp. Soc.
[2] B. Biggio, G. Fumera, I. Pillai, and F. Roli (2008). Improving image spam filtering using image text features. 5th Conf. on Email and Anti-Spam (CEAS 2008).
Pattern Recognition and Applications Group at the University of Cagliari [3] B. Biggio, G. Fumera, and F. Roli (2008). Adversarial pattern classification using mul- tiple classifiers and randomisation. 12th Joint IAPR Int. Workshop on Structural andSyntactic Pattern Recognition (SSPR 2008). Springer, LNCS Vol. 5342, 500–509.
[4] B. Biggio, G. Fumera, and F. Roli (2009). Evade hard multiple classifier systems.
O. Okun and G. Valentini (eds.), Supervised and Unsupervised Ensemble Methods andTheir Applications. Springer, Studies in Computational Intelligence, Vol. 245, 15–38.
[5] B. Biggio, G. Fumera, and F. Roli (2009). Multiple classifier systems for adversarial classification tasks. Proc. 8th Int. Workshop on Multiple Classifier Systems, Springer,LNCS Vol. 5519, 132–141.
[6] B. Biggio, G. Fumera, and F. Roli (in press). Multiple classifier systems under attack.
Proc. 9th Int. Workshop on Multiple Classifier Systems (MCS 2010).
[7] Coli, P., Marcialis, G.L., Roli, F. (2008). Fingerprint silicon replicas: static and dynamic features for vitality detection using an optical capture device. International Journal ofImage and Graphics 8(4) 495–512.
[8] I. Corona, G. Giacinto, F. Roli (2008). Intrusion Detection in Computer Systems using Multiple Classifer Systems. In: O. Okun and G. Valentini (eds.), Supervised and Unsu-pervised Ensemble Methods and Their Applications, 91–114. Springer-Verlag.
[9] I. Corona, G. Giacinto, C. Mazzariello, F. Roli, C. Sansone (2009). Information fusion for computer security: State of the art and open issues. Information Fusion 10, 274–284.
[10] I. Corona, D. Ariu, G. Giacinto (2009). HMM-Web: a framework for the detection of attacks against Web applications. Proc. IEEE ICC 2009, Dresden, Germany, 14/06/2009.
[11] Didaci, L., Marcialis, G.L., Roli, F. (2009). Modelling FRR of Biometric Verification Systems using the Template Co-update Algorithm. Proc. 3rd IAPR/IEEE Int. Conf. onBiometrics (ICB 2009). Springer, LNCS Vol. 5558, 765–774.
[12] Didaci, L., Marcialis, G.L., Roli, F. (in press). Adaptive Multibiometric Systems. In: Bhanu, B., Govindaraju, V. (eds.), Multibiometrics for Human Identification, CambridgeUniversity Press.
[13] Fumera, G., Roli, F., Giacinto, G. (2000). Reject Option with Multiple Thresholds. Pattern [14] Fumera, G., Roli, F. (2005). A Theoretical and Experimental Analysis of Linear Combin- ers for Multiple Classifier Systems. IEEE Trans. Patt. An. Mach. Int. 27(6) 942–956.
[15] Fumera, G., Pillai, I., Roli, F. (2006). Spam filtering based on the analysis of text infor- mation embedded into images. Journal of Machine Learning Research 7 (special issue onMachine Learning in Computer Security) 2699–2720.
[16] Giacinto, G., Roli, F., Bruzzone, L. (2000) Combination of Neural and Statistical Al- gorithms for Supervised Classification of Remote-Sensing Images. Pattern RecognitionLetters 21 (5) 385–397.
[17] Giacinto, G., Roli, F. (2008). Instance-Based Relevance Feedback in Image Retrieval using Dissimilarity Spaces. In.: Perner, P. (ed.), Case-Based Reasoning for signals andimages, 419–436. Springer.
[18] Giacinto, G., Perdisci, R., Del Rio, M., Roli, F. (2008) Intrusion detection in computer networks by a modular ensemble of one-class classifiers. Information Fusion 9(1) 69–82.
[19] Marcialis, G.L., Roli, F., Schuckers, S. (2009). Liveness Detection Competition 2009.
Biometric Technology Today, 17(3) 7–9.
[20] Marcialis, G.L., Lewicke, A., Tan, B., Coli, P., Grimberg, D., Congiu, A., Tidu, A., Roli, F., Schuckers, S. (2009). First International Fingerprint Liveness Detection Competition.
Proc. 14th Int. Conf. Image Analysis and Processing (ICIAP 2009). Springer, LNCSVol. 5716, 12–23.
[21] Marcialis, G.L., Roli, F., Didaci, L. (2009). Personal identity verification by serial fusion of fingerprint and face matchers Pattern Recognition 42(11) 2807–2817.
[22] Marcialis, G.L., Roli, F., Muntoni, D. (2009). Group-specific face verification using soft biometrics. Journal of Visual Languages and Computing, 20(2) 101–109.
[23] Marcialis, G.L., Roli, F., Coli, P., Delogu, G. (2010). A Fingerprint Forensic Tool for Criminal Investigations. In Li, C.-T. (ed.), Handbook of Research on ComputationalForensics, Digital Crime and Investigation: Methods and Solutions, IGI, 23–52.
[24] Marcialis, G.L., Roli, F., Didaci, L. (in press). Multimodal fingerprint verification by score-level fusion: an experimental investigation. J. of Intelligent and Fuzzy Systems.
[25] R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, W. Lee (2009). McPAD: A Multiple Classifier System for Accurate Payload-based Anomaly Detection. Comp. Networks 53, 864–881.
[26] L. Piras, G. Giacinto (2009). Neighborhood-Based Feature Weighting for Relevance Feedback in Content-Based Retrieval. In: Proc. 10th International Workshop on ImageAnalysis for Multimedia Interactive Services (WIAMIS 2009), London, UK, 238–241.
[27] L. Piras, G. Giacinto (in press). K-Nearest Neighbors Directed Synthetic Images Injec- tion. In: Proc. 11th Int. Workshop on Image Analysis for Multimedia Interactive Services(WIAMIS 2010).
[28] Rattani, A., Marcialis, G.L., Roli, F. (2009). An experimental analysis of the relation- ship between biometric template update and the Doddington’s Zoo in face verification.
Proc. IEEE/IAPR Int. Conf. on Image Analysis and Processing (ICIAP 2009), 429–437.
Springer LNCS Vol. 5716.
[29] Roli, F., Giacinto, G. (2002). Design of Multiple Classifier Systems. In: Bunke, H., Kan- del, A. (eds.), Hybrid Methods in Pattern Recognition, World Scientific Publishing.
[30] Roli, F., Didaci, L., Marcialis, G.L. (2008). Adaptive biometric systems that can improve with use. In: Ratha, N., Govindaraju, V. (eds.), Advances in Biometrics: Sensors, Systemsand Algorithms, Springer, 447–471.
[31] R. Tronci, G. Giacinto, F. Roli (2008). Combination of experts by classifiers in similarity score spaces. In: Proc. Joint IAPR Int. Workshop on Struct. and Syntactical Patt. Rec. andStatistical Techniques in Patt. Rec. (S+SSPR08). Springer, LNCS Vol. 5342, 821–830.
[32] R. Tronci, G. Giacinto, F. Roli (2008). Dynamic score combination of binary experts.
In: Proc. 19th International Conference on Pattern Recognition (ICPR 2008), Tampa(Florida, USA), IEEE Computer Society Press.
[33] R. Tronci, G. Giacinto, F. Roli (2009). Designing multiple biometric systems: measures of ensemble effectiveness. Engineering Applications of Artificial Intelligence 22, 66–78.
[34] R. Tronci, G. Giacinto, F. Roli (2009). Dynamic Score Combination: A Supervised and Unsupervised Score Combination Method In: Proc. Int. Conf. on Machine Learning andData Mining in Pattern Recognition (MLDM 2009). Springer LNCS Vol. 5632, 163–177.
[35] J.-M. Xu, G. Fumera, F. Roli, and Z.-H. Zhou. Training spamassassin with active semi- supervised learning. Sixth Conference on Email and Anti-Spam (CEAS), MountainView, CA, USA, 16/07/2009.

Source: http://www.dmi.unisa.it/GIRPR2010/8.%20DIEE%20Cagliari.pdf