Publications

Peer-Reviewed Publications from NortonLifeLock Research Group

PREVIOUS YEARS

Academic Papers - 2017

Aware: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings

Giuseppe Petracca, Ahmad-Atamli Reineh, Yuqiong Sun, Jens Grossklags and Trent Jaeger

In Proceedings of the 26th USENIX Security Symposium (Aug 2017)

Automatic Application Identification from Billions of Files

Kyle Soska, Chris Gates, Kevin A. Roundy, and Nicolas Christin

In Proceedings of the 23rd SIGKDD Conference on Knowledge Discovery and Data Mining (KDD 2017)
Mapping binary files into software packages enables malware detection and other tasks, but is challenging. By combining installation data with file metadata that we summarize into sketches, from millions of machines and billions of files, we can use efficient approximate clustering techniques to map files to applications automatically and reliably.

Lean On Me: Mining Internet Service Dependencies From Large-Scale DNS Data

Matteo Dell'Amico, Leyla Bilge, Ashwin Kayyoor, Petros Efstathopoulos, and Pierre-Antoine Vervier

In Proceedings of the 33th Annual computer Security Applications Conference (ACSAC 2017)
To assess the security risk for a given entity, and motivated by the effects of recent service disruptions, we perform a large-scale analysis of passive and active DNS datasets including more than 2.5 trillion queries in order to discover the dependencies between websites and Internet services.

Mini-Batch Spectral Clustering

Yufei Han, Maurizio Filippone

In Proceedings of the 2017 International Joint Conference on Neural Networks (IJCNN 2017)
This paper proposes a practical approach to learn spectral clustering based on adaptive stochastic gradient optimization. Crucially, the proposed approach recovers the exact spectrum of Laplacian matrices in the limit of the iterations, and the cost of each iteration is linear in the number of samples. Extensive experimental validation on data sets with up to half a million samples demonstrate its scalability and its ability to outperform state-of-the-art approximate methods to learn spectral clustering for a given computational budget.

RiskTeller: Predicting the Risk of Cyber Incidents

Leyla Bilge, Yufei Han, and Matteo Dell'Amico

In Proceedings of the 24th ACM Conference on Computer and Communications Security (ACM SIGSAC 2017)

Large-Scale Identification of Malicious Singleton Files

Bo Li, Kevin Roundy, Chris Gates, Yevgeniy Vorobeychik

In Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (CODASPY)
94% of the software files that Symantec saw in a 1-year dataset appeared only once on a single machine. We examine the primary reasons for which both benign and malicious software files appear as singletons, and design a classifier to distinguish between these two classes of singleton software files.

Smoke Detector: Cross-Product Intrusion Detection With Weak Indicators

Kevin A. Roundy, Acar Tamersoy, Michael Spertus, Michael Hart, Daniel Kats, Matteo Dell'Amico, and Robert Scott

In Proceedings of the Annual Computer Security Applications Conference (ACSAC 2017)
Smoke Detector significantly expands upon limited collections of hand-labeled security incidents by framing event data as relationships between events and machines, and performing random walks to rank candidate security incidents. Smoke Detector significantly increases incident detection coverage for mature Managed Security Service Providers.

Predicting Cyber Threats with Virtual Security Products

Shang-Tse Chen, Yufei Han, Duen Horng Chau, Christopher Gates, Michael Hart, Kevin A. Roundy

In Proceedings of the 33th Annual computer Security Applications Conference (ACSAC 2017)
We set out to predict which security events and incidents a security product would have detected had it been deployed, based on the events produced by other security products that were in place. We discovered that the problem is tractable, and that some security products are much harder to model than others, which makes them more valuable.

Marmite: Spreading Malicious File Reputation Through Download Graphs

Gianluca Stringhini, Yun Shen, Yufei Han, and Xiangliang Zhang

In Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC 2017)
We presented Marmite, a system that can detect malicious files by leveraging a global download graph and label propagation with Bayesian confidence.

VIEW 2016 PUBLICATIONS

Related News

Secure Systems

Central to trust in an increasingly digital world is the ability to detect and prevent attacks in modern (and not so modern) information systems. This research includes building secure software, supporting forensics, malware analysis, browser/web/network security, and information-centric security.

LEARN MORE

Robust and Fair Machine Learning, Data Mining, and Artificial Intelligence

The tremendous growth in the learning capacity of Machine Learning methods has yet to be met with a corresponding growth in our ability to understand these models. Equally troubling, our ability to build robust machine learning models has not kept pace with research in adversarial attacks against machine learning. As we increasingly hand over decision making to automated machine learning and AI systems, we must find ways that the life-altering decisions made by these systems can be audited for fairness, safety, robustness to adversaries, and the preservation of privacy of any personally identifiable information over which they operate.

LEARN MORE

Woman watching large screen with stocks on it

Risk Measurement and Mitigation

Cyber incidents are unavoidable. As digitalization marches on, online security weak spots proliferate while digital footprints become more prominent. The endless stream of digital assets is even more lucrative to an evolving set of well-equipped and skillful attackers. A combination of risk analytics and risk prediction can help improve security posture by taking appropriate counter measures. Risk analytics can identify the key actors that correlate with and cause the risk. Risk prediction can forecast the elements in the ecosystem that will be attacked or infected.

LEARN MORE