Peer-Reviewed Publications from NortonLifeLock Research Group

Academic Papers - 2018

The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI

In Proceedings of the 27th USENIX Security Symposium (USENIX 2018)
In this paper, we collect seven datasets, including the largest corpus of code-signing certificates, and we combine them to analyze the revocation process from end to end. Effective revocations rely on three roles: (1) discovering the abusive certificates, (2) revoking the certificates effectively, and (3) disseminating the revocation information for clients. We assess the challenge for discovering compromised certificates and the subsequent revocation delays. We show that erroneously setting revocation dates causes signed malware to remain valid even afterthe certificate has been revoked. We also report failures in disseminating the revocations, leading clients to continue trusting the revoked certificates.

Hierarchical Incident Clustering for Security Operation Centers

In Proceedings of the Interactive Data Exploration and Analytics Workshop (IDEA 2018)
We enable security incident responders to dispatch multiple similar security incidents at once through an intuitive user interface. The heart of our algorithm is a visualized hierarchical clustering technique that enables responders to identify the appropriate level of cluster granularity at which to dispatch multiple incidents.

Tiresias: Predicting Security Events Through Deep Learning

In Proceedings of the 25th ACM Conference on Computer and Communications Security (ACM CCS 2018)

Beyond Precision and Recall: Understanding Uses (and Misuses) of Similarity Hashes in Binary Analysis

In Proceedings of the 8th ACM Conference on Data and Application Security and Privacy (CODASPY 2018)
Fuzzy hashing algorithms are a cheap and convenient way to find similarity in files. We evaluate how various of these algorithms perform for various tasks in binary analysis.

VIGOR: Interactive Visual Exploration of Graph Query Results

IEEE Transactions on Visualization and Computer Graphics (TVCG), 24(1), 2018, Presented at the 2017 IEEE Conference on Visual Analytics Science and Technology (VAST), 2017
We present VIGOR, a novel interactive visual analytics system, for exploring and making sense of graph query results. VIGOR contributes an exemplar-based interaction technique and a feature-aware subgraph result summarization. Through a collaboration with Symantec, we demonstrate how VIGOR helps tackle real-world cybersecurity problems.

Mind your Own Business: A Longitudinal Study of Threats and Vulnerabilities in Enterprises

In Proceedings of the The Network and Distributed System Security Symposium (NDSS 2018)

Before Toasters Rise Up: A View Into the Emerging IoT Threat Landscape

In Proceedings of the 21st International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2018)

Multi-label Learning with Highly Incomplete Data via Collaborative Embedding

In Proceedings of the 24th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD 2018)
We proposed a weakly supervised multi-label learning approach, based on the idea of collaborative embedding. It provides a flexible framework to conduct efficient multi-label classification at both transductive and inductive mode by coupling the process of reconstructing missing features and weak label assignments in a joint optimisation framework.

Spearphishing Malware: Do we really know the unknown?

In Proceedings of the 15th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2018)

Related News

Secure Systems Map

Systems Security: Internet of Things, Mobile, Cloud, Virtualization

There is a continual need for security systems of many kinds, including traditional endpoints, mobile devices, cloud, IoT and virtual hosts. The continual evolution of these computing platforms results in new threats, but also in opportunities to better secure these systems. Furthermore, widespread deployment of trusted hardware brings new opportunities, but also a set of hardware-level threats that are not easily mitigated. The escalating cost of data breaches continues to make defending sensitive data a priority, and enterprises are becoming increasingly open to adopting new classes of defenses and encryption-based solutions to prevent serious breaches.

Woman watching large screen with stocks on it

Risk Measurement and Mitigation

Cyber incidents are unavoidable. As digitalization marches on, online security weak spots proliferate while digital footprints become more prominent. The endless stream of digital assets is even more lucrative to an evolving set of well-equipped and skillful attackers. A combination of risk analytics and risk prediction can help improve security posture by taking appropriate counter measures. Risk analytics can identify the key actors that correlate with and cause the risk. Risk prediction can forecast the elements in the ecosystem that will be attacked or infected.

Child using tablet device

Social Good

Where possible, we want to investigate how existing technology and/or telemetry could be used to address key issues pertaining to vulnerable populations. In addition, we want to develop new techniques to try and solve specific problems in the areas of abuse, scams, and child online safety.