Publications

Peer-Reviewed Publications from NortonLifeLock Research Group

Academic Papers - 2019

pdf
BakingTimer: Privacy Analysis ofServer-Side Request Processing Time

In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC 2019)
We propose a new history sniffing technique based on timing the execution of server-side request processing code. This method is capable of retrieving partial or complete user browsing history, and it does not require any permission.

pdf
ATTACK2VEC: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks

In Proceedings of the 28th USENIX Security Symposium (USENIX 2019)
We present ATTACK2VEC, a system that uses temporal word embeddings to model how attack steps are exploited in the wild, and track how they evolve.

pdf
A Field Study of Computer-Security Perceptions Using Anti-Virus Customer-Support Chats

In Proceedings of the 2019 Conference on Human Factors in Computing Systems (CHI 2019)
To identify needs for improvement in security products, we study security concerns raised in Norton Security customer support chats. We found that many consumers face technical support scams and are susceptible to them. Findings also show the value of customer support centers in that 96% of customers that reach out for support in relation to scams have not paid the scammers

pdf
Utility-Driven Graph Summarization

In Proceedings of the 45th International Conference on Very Large Database (VLDB 2019)
In this work, we present a novel approach to summarize a complex graph driven by the objective of maximizing the utility of the calculated graph summary. Subsequently, we propose a utility-driven summarization algorithm, that allows a user to query a graph summary with a specified utility value.

pdf
Making Machine Learning Forget

In Proceedings of the 2019 ENISA Annual Privacy Forum (APF 2019)
We specifically analyze how the “right-to-be-forgotten” provided by the European Union General Data Protection Regulation can be implemented on current machine learning models and which techniques can be used to build future models that can forget. This document also serves as a call-to-action for researchers and policy-makers to identify other technologies that can be used for this purpose.

pdf
ATTACK2VEC: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks

In Proceedings of the 28th USENIX Security Symposium (USENIX 2019)
We present ATTACK2VEC, a system that uses temporal word embeddings to model how attack steps are exploited in the wild, and track how they evolve.

pdf
The Case of Adversarial Inputs for Secure Similarity Approximation Protocols

In Proceedings of the 4th IEEE European Symposium on Security and Privacy (EuroS&P 2019)

pdf
Waves of Malice: A Longitudinal Measurement of the Malicious File Delivery Ecosystem on the Web

In Proceeding of the 14th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2019)
We present a longitudinal measurement of malicious file distribution on the Web.

pdf
Looking from the Mirror: Evaluating IoT Device Security through Mobile Companion Apps

In Proceedings of the 28th USENIX Security Symposium (USENIX 2019)

pdf
IoT Security and Privacy Labels

In Proceedings of the ENISA Annual Privacy Forum (APF 2019)
We devise a concise, informative IoT labelling scheme to convey high-level security and privacy facts about an IoT device to the consumers so as to raise their security and privacy awareness.

pdf
Collaborative and Privacy-Preserving Machine Teaching via Consensus Optimization

In Proceedings of the 2019 International Joint Conference on Neural Networks (IJCNN 2019)
In this work, we define a collaborative and privacy-preserving machine teaching paradigm with multiple distributed teachers. The focus is to find strategies to organize distributed agents to jointly select a compact subset of data that can be used to train a global model. The global model should achieve nearly the same performance as if the central learner had access to all the data, but the central learner only has access to the selected subset, and each agent only has access to their own data. The goal of this research is to find good strategies to train global models while giving some control back to agents.

pdf
Secure and Utility-Aware Data Collection with Condensed Local Differential Privacy

To appear in IEEE Transactions on Dependable and Secure Computing (TDSC)

pdf
Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control

In Proceedings of the 14th ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2019)
We evaluate both the information presented to users and the actual tracking implemented through cookies; we find that the GDPR has impacted website behavior in a truly global way, both directly and indirectly. On the other hand, we find that tracking remains ubiquitous.

pdf
Entrust: Regulating Sensor Access by Cooperating Programs via Delegation Graph

In Proceedings of the 28th USENIX Security Symposium (USENIX 2019)

pdf
Bootstrapping a Natural Language Interface to a Cyber Security Event Collection System using a Hybrid Translation Approach

In Proceedings of the 17th Machine Translation Summit (MT Summit XVII)
We present a system that can be used to generate Elasticsearch (database) query strings for English-speaking cyberthreat hunters, security analysts or responders (agents) using a natural language interface.

Related News

Secure systems map

Secure Systems

Central to trust in an increasingly digital world is the ability to detect and prevent attacks in modern (and not so modern) information systems. This research includes building secure software, supporting forensics, malware analysis, browser/web/network security, and information-centric security.

LEARN MORE
Man entering credit card details on tablet

Privacy, Identity, and Trust

Consumers and corporations are driven to engage in a digital world that they cannot adequately trust. We are developing paradigms to enable online commerce and facilitate machine learning in ways that provide privacy and protect user identities, by leveraging such concepts as local differential privacy, federated machine learning, identity brokering, and blockchain technology.

LEARN MORE
machine learning image

Robust and Fair Machine Learning, Data Mining, and Artificial Intelligence

The tremendous growth in the learning capacity of Machine Learning methods has yet to be met with a corresponding growth in our ability to understand these models. Equally troubling, our ability to build robust machine learning models has not kept pace with research in adversarial attacks against machine learning. As we increasingly hand over decision making to automated machine learning and AI systems, we must find ways that the life-altering decisions made by these systems can be audited for fairness, safety, robustness to adversaries, and the preservation of privacy of any personally identifiable information over which they operate.

LEARN MORE