If you made any changes in Pure these will be visible here soon.

Personal profile


“The real voyage of discovery consists not in seeking new landscapes but in having new eyes.” - Marcel Proust

Research profile

Luca Allodi is an Assistant Professor in the Security Group of the Eindhoven University of Technology (TU/e). His research focuses on vulnerability laws, with a strong accent on attackers’ behavior and strategies, seeking quantitative answers to the economics of vulnerability exploitation and the management of cyber risk. His research looks for technical, economic, and strategic factors that drive vulnerability exploitation ‘in the wild’. To this aim, he investigates the dynamic optimization problems the attacker solves when engineering a new attack, the underground markets in which the attackers operate, the technology they employ, and the rates at which attacks are delivered to the final users. This research draws from several field, including computer security, economics, risk analysis, and criminology.

Luca is currently working on new ways to integrate security metrics with cyber attacks economics; in particular, he is interested in understanding if analysis of new trends in cybercrime attacks (APTs, black markets, botnet rentals...) can be exploited to improve current metrics for security.

Academic background

Luca Allodi obtained his PhD in 2015 from the University of Trento, Italy, with a thesis entitled: "Risk-based Vulnerability Management. Exploiting the economic nature of the attacker to build sound and measurable vulnerability mitigation strategies". Whilst studying for his MSc, he became interested in Social Network Dynamics, the diffusion of information within networks, and the different roles of nodes. He is also an acknowledged authoring member of the First.org SIG Team for the upcoming CVSS v3 framework (the worldwide standard-de-facto for vulnerability assessment)

Fingerprint Dive into the research topics where Luca Allodi is active. These topic labels come from the works of this person. Together they form a unique fingerprint.

Network Recent external collaboration on country level. Dive into details by clicking on the dots.

Research Output

  • 218 Citations
  • 21 Conference contribution
  • 5 Article
  • 4 Paper
  • 1 Chapter

Measuring the accuracy of software vulnerability assessments: experiments with students and professionals

Allodi, L., Cremonini, M., Massacci, F. & Shim, W., 1 Mar 2020, In : Empirical Software Engineering. 25, 2, p. 1063-1094 32 p.

Research output: Contribution to journalArticleAcademicpeer-review

Open Access
  • 16 Downloads (Pure)

    The need for new antiphishing measures against spear-phishing attacks

    Allodi, L., Chotza, T., Panina, E. & Zannone, N., 1 Mar 2020, In : IEEE Security and Privacy. 18, 2, p. 23-34 12 p., 8852647.

    Research output: Contribution to journalArticleAcademicpeer-review

  • CARONTE: crawling adversarial resources over non-trusted, high-profile environments

    Campobasso, M., Burda, P. & Allodi, L., 1 Jun 2019, Proceedings - 4th IEEE European Symposium on Security and Privacy Workshops, EUROS and PW 2019. Piscataway: Institute of Electrical and Electronics Engineers, p. 433-442 10 p. 8802484

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

  • 1 Downloads (Pure)

    Characterizing the redundancy of DarkWeb .onion services

    Burda, P., Boot, C. & Allodi, L., 26 Aug 2019, Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES 2019. New York: Association for Computing Machinery, Inc, 10 p. 19. (ACM International Conference Proceeding Series).

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

  • Cognitive triaging of phishing attacks

    van der Heijden, A. & Allodi, L., 6 May 2019, Proceedings of the 28th USENIX Security Symposium. Usenix Association, p. 1309-1326 18 p.

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademic

    Open Access
  • 2 Citations (Scopus)
    31 Downloads (Pure)


    Cyberattacks Crime and Defenses

    1/09/15 → …


    Networks and security

    1/09/17 → …