Publications

Peer-Reviewed Publications from NortonLifeLock Research Group

PREVIOUS YEARS

Academic Papers - 2019

BakingTimer: Privacy Analysis ofServer-Side Request Processing Time

Iskander Sanchez-Rola, Davide Balzarotti, and Igor Santos

In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC 2019)
We propose a new history sniffing technique based on timing the execution of server-side request processing code. This method is capable of retrieving partial or complete user browsing history, and it does not require any permission.

ATTACK2VEC: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks

Yun Shen, Gianluca Stringhini

In Proceedings of the 28th USENIX Security Symposium (USENIX 2019)
We present ATTACK2VEC, a system that uses temporal word embeddings to model how attack steps are exploited in the wild, and track how they evolve.

A Field Study of Computer-Security Perceptions Using Anti-Virus Customer-Support Chats

Mahmood Sharif, Kevin A. Roundy, Matteo Dell'Amico, Christopher Gates, Daniel Kats, Lujo Bauer, Nicolas Christin

In Proceedings of the 2019 Conference on Human Factors in Computing Systems (CHI 2019)
To identify needs for improvement in security products, we study security concerns raised in Norton Security customer support chats. We found that many consumers face technical support scams and are susceptible to them. Findings also show the value of customer support centers in that 96% of customers that reach out for support in relation to scams have not paid the scammers

Utility-Driven Graph Summarization

K. Ashwin Kumar, Petros Efstathopoulos

In Proceedings of the 45th International Conference on Very Large Database (VLDB 2019)
In this work, we present a novel approach to summarize a complex graph driven by the objective of maximizing the utility of the calculated graph summary. Subsequently, we propose a utility-driven summarization algorithm, that allows a user to query a graph summary with a specified utility value.

Making Machine Learning Forget

Saurabh Shintre, Kevin A. Roundy, and Jasjeet Dhaliwal

In Proceedings of the 2019 ENISA Annual Privacy Forum (APF 2019)
We specifically analyze how the “right-to-be-forgotten” provided by the European Union General Data Protection Regulation can be implemented on current machine learning models and which techniques can be used to build future models that can forget. This document also serves as a call-to-action for researchers and policy-makers to identify other technologies that can be used for this purpose.

ATTACK2VEC: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks

Yun Shen, Gianluca Stringhini

The Case of Adversarial Inputs for Secure Similarity Approximation Protocols

Evgenios M. Kornaropoulos, Petros Efstathopoulos

In Proceedings of the 4th IEEE European Symposium on Security and Privacy (EuroS&P 2019)

Waves of Malice: A Longitudinal Measurement of the Malicious File Delivery Ecosystem on the Web

Colin C. Ife, Yun Shen, Steven J. Murdoch, and Gianluca Stringhini

In Proceeding of the 14th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2019)
We present a longitudinal measurement of malicious file distribution on the Web.

Looking from the Mirror: Evaluating IoT Device Security through Mobile Companion Apps

Xueqiang Wang, Yuqiong Sun, Susanta Nanda and XiaoFeng Wang

In Proceedings of the 28th USENIX Security Symposium (USENIX 2019)

IoT Security and Privacy Labels

Yun Shen, Pierre-Antoine Vervier

In Proceedings of the ENISA Annual Privacy Forum (APF 2019)
We devise a concise, informative IoT labelling scheme to convey high-level security and privacy facts about an IoT device to the consumers so as to raise their security and privacy awareness.

Collaborative and Privacy-Preserving Machine Teaching via Consensus Optimization

Yufei Han, Yuzhe Ma, Christopher Gates, Kevin A. Roundy and Yun Shen

In Proceedings of the 2019 International Joint Conference on Neural Networks (IJCNN 2019)
In this work, we define a collaborative and privacy-preserving machine teaching paradigm with multiple distributed teachers. The focus is to find strategies to organize distributed agents to jointly select a compact subset of data that can be used to train a global model. The global model should achieve nearly the same performance as if the central learner had access to all the data, but the central learner only has access to the selected subset, and each agent only has access to their own data. The goal of this research is to find good strategies to train global models while giving some control back to agents.

Secure and Utility-Aware Data Collection with Condensed Local Differential Privacy

Mehmet Emre Gursoy, Acar Tamersoy, Stacey Truex, Wenqi Wei, and Ling Liu

To appear in IEEE Transactions on Dependable and Secure Computing (TDSC)

Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control

Iskander Sanchez-Rola, Matteo Dell'Amico, Platon Kotzias, Davide Balzarotti, Leyla Bilge, Pierre-Antoine Vervier, and Igor Santos

In Proceedings of the 14th ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2019)
We evaluate both the information presented to users and the actual tracking implemented through cookies; we find that the GDPR has impacted website behavior in a truly global way, both directly and indirectly. On the other hand, we find that tracking remains ubiquitous.

Entrust: Regulating Sensor Access by Cooperating Programs via Delegation Graph

Giuseppe Petracca, Yuqiong Sun, Ahmad-Atamli Reineh, Jens Grossklags, Patrick McDaniel and Trent Jaeger

In Proceedings of the 28th USENIX Security Symposium (USENIX 2019)

Bootstrapping a Natural Language Interface to a Cyber Security Event Collection System using a Hybrid Translation Approach

Johann Roturier, Brian Schlatter, David Silva

In Proceedings of the 17th Machine Translation Summit (MT Summit XVII)
We present a system that can be used to generate Elasticsearch (database) query strings for English-speaking cyberthreat hunters, security analysts or responders (agents) using a natural language interface.

VIEW 2018 PUBLICATIONS

Related News

Secure Systems

Central to trust in an increasingly digital world is the ability to detect and prevent attacks in modern (and not so modern) information systems. This research includes building secure software, supporting forensics, malware analysis, browser/web/network security, and information-centric security.

LEARN MORE

Man entering credit card details on tablet

Privacy, Identity, and Trust

Consumers and corporations are driven to engage in a digital world that they cannot adequately trust. We are developing paradigms to enable online commerce and facilitate machine learning in ways that provide privacy and protect user identities, by leveraging such concepts as local differential privacy, federated machine learning, identity brokering, and blockchain technology.

LEARN MORE

Robust and Fair Machine Learning, Data Mining, and Artificial Intelligence

The tremendous growth in the learning capacity of Machine Learning methods has yet to be met with a corresponding growth in our ability to understand these models. Equally troubling, our ability to build robust machine learning models has not kept pace with research in adversarial attacks against machine learning. As we increasingly hand over decision making to automated machine learning and AI systems, we must find ways that the life-altering decisions made by these systems can be audited for fairness, safety, robustness to adversaries, and the preservation of privacy of any personally identifiable information over which they operate.

LEARN MORE