Peer-Reviewed Publications from NortonLifeLock Research Group
In Proceedings of the 27th USENIX Security Symposium (USENIX 2018)
In this paper, we collect seven datasets, including the largest corpus of code-signing certificates, and we combine them to analyze the revocation process from end to end. Effective revocations rely on three roles: (1) discovering the abusive certificates, (2) revoking the certificates effectively, and (3) disseminating the revocation information for clients. We assess the challenge for discovering compromised certificates and the subsequent revocation delays. We show that erroneously setting revocation dates causes signed malware to remain valid even afterthe certificate has been revoked. We also report failures in disseminating the revocations, leading clients to continue trusting the revoked certificates.
In Proceedings of the Interactive Data Exploration and Analytics Workshop (IDEA 2018)
We enable security incident responders to dispatch multiple similar security incidents at once through an intuitive user interface. The heart of our algorithm is a visualized hierarchical clustering technique that enables responders to identify the appropriate level of cluster granularity at which to dispatch multiple incidents.
In Proceedings of the 25th ACM Conference on Computer and Communications Security (ACM CCS 2018)
In Proceedings of the 8th ACM Conference on Data and Application Security and Privacy (CODASPY 2018)
Fuzzy hashing algorithms are a cheap and convenient way to find similarity in files. We evaluate how various of these algorithms perform for various tasks in binary analysis.
IEEE Transactions on Visualization and Computer Graphics (TVCG), 24(1), 2018, Presented at the 2017 IEEE Conference on Visual Analytics Science and Technology (VAST), 2017
We present VIGOR, a novel interactive visual analytics system, for exploring and making sense of graph query results. VIGOR contributes an exemplar-based interaction technique and a feature-aware subgraph result summarization. Through a collaboration with Symantec, we demonstrate how VIGOR helps tackle real-world cybersecurity problems.
In Proceedings of the The Network and Distributed System Security Symposium (NDSS 2018)
In Proceedings of the 21st International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2018)
In Proceedings of the 24th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD 2018)
We proposed a weakly supervised multi-label learning approach, based on the idea of collaborative embedding. It provides a flexible framework to conduct efficient multi-label classification at both transductive and inductive mode by coupling the process of reconstructing missing features and weak label assignments in a joint optimisation framework.
In Proceedings of the 15th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2018)