Peer-Reviewed Publications from NortonLifeLock Research Group
In Proceedings of the 2015 Conference on Empirical Methods in Natural Language Processing (EMNLP 2015)
We present a new treebank of English and French technical forum content which has been annotated for grammatical errors and phrase structure. This double annotation allows us to empirically measure the effect of errors on parsing performance. While it is slightly easier to parse the corrected versions of the forum sentences, the errors are not the main factor in making this kind of text hard to parse.
In Proceedings of the Passive and Active Measurement Conference (PAM), New York, 2015. A study aiming to measure accurately how widespread third-party tracking is online, and hopefully raise the public awareness to its potential privacy risks.
IEEE 23rd International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems
Published by Routledge
In Proceedings of the 22nd ACM Conference on Computer and Communications Security (ACM SIGSAC 2015)
We introduce the downloader-graph abstraction, which captures the download activity on end hosts, and we explore the growth patterns of benign and malicious graphs.
In Proceedings of the 17th International Conference on Enterprise Information Systems (ICEIS 2015)
The data which knowledge workers need to conduct their work is stored across an increasing number of repositories and grows annually at a significant rate. It is therefore unreasonable to expect that knowledge workers can efficiently search and identify what they need across a myriad of locations where upwards of hundreds of thousands of items can be created daily. This paper describes a system which can observe user activity and train models to predict which items a user will access in order to help knowledge workers discover content.
In Proceedings of the 19th International Conference on Financial Cryptography and Data Security (FC 2015)
Considering the taxonomy of Standard Industry Classification (SIC) codes, the organization sizes and the public profiles of individuals as potential risk factors, we design case-control studies to calculate odds ratios reflecting the degree of association between the identified risk factors and the receipt of targeted attack.
In Proceedings of the 7th IEEE International Conference on Cloud Computing Technology and Science (CloudCom'15) We present Harbormaster, a system that improves the security of running Docker containers on shared infrastructure. Harbormaster enforces policies on container management operations, allowing administrators to implement the principle of least privilege.
2015 Network and Distributed Systems Security (NDSS) Symposium
In this paper, we analyse 18 months of data collected by SpamTracer, an infrastructure specifically built to answer that question: are intentional stealthy BGP hijacks routinely taking place on the Internet? The identification of what we believe to be more than 2,000 malicious hijacks leads to a positive answer.
In Proceedings of the 24th USENIX Security Symposium (USENIX Security 2015) We propose a novel methodology to automatically identify malware development cases.
In Proceedings of the IEEE 4th International Congress on Big Data (BigData Congress 2015)
The ROLLUP primitive allows summarizing complex and large datasets. We develop an efficient implementation for Apache Pig.
In Proceedings of the 12th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2015)
We present the results of a long-term study of ransomware attacks that have been observed in the wild between 2006 and 2014.
In Proceedings of the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015)
A method for scalable password strength checking reflecting the effort that state-of-the-art attackers would need to guess them.
In Proceedings of the 36th IEEE Symposium on Security and Privacy (SP ‘15)
In Proceedings of the 13th ACM International Symposium on Mobility Management and Wireless Access (MobiWac 2015)
We analyzed security focused applications as well as BYOD solutions that check for evidence that a device is “rooted”.
IEEE Transactions on Cloud Computing, 2015
HFSP is a scheduler for Hadoop inpired by the FSP algorithm. Like FSP, HFSP improves the scheduling both in terms of service time and fairness.
18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2015)
In this paper, we explore the misuse and abuse of the IP blackspace, a portion of the Internet IP address space that should not be used. We show that the IP blackspace is sometimes mistakenly used to host web services, such as, websites. We also show that cybercriminals exploit the blackspace to host malicious servers and launch attacks.
In Proceedings of the 2015 IEEE International Conference on Big Data (IEEE BigData 2015)
We use distributed and scalable clustering techniques to cluster text data based on the edit distance metric.