A5064912041- Advanced Malware Detection Techniques
- Spam and Phishing Detection
- Network Security and Intrusion Detection
- Internet Traffic Analysis and Secure E-voting
- User Authentication and Security Systems
- Cryptographic Implementations and Security
- Security and Verification in Computing
- FinTech, Crowdfunding, Digital Finance
- Blockchain Technology Applications and Security
- Web Data Mining and Analysis
- Physical Unclonable Functions (PUFs) and Hardware Security
- Chaos-based Image/Signal Encryption
- Video Analysis and Summarization
- Digital Humanities and Scholarship
- Crime, Illicit Activities, and Governance
- Digital and Cyber Forensics
- Cryptography and Data Security
- Cybercrime and Law Enforcement Studies
- Web Application Security Vulnerabilities
- Privacy, Security, and Data Protection
- Cryptography and Residue Arithmetic
- Misinformation and Its Impacts
- Advanced Steganography and Watermarking Techniques
- Advanced Bandit Algorithms Research
- Artificial Intelligence in Games
Google (Switzerland)
2023-2024
Google (United States)
2016-2024
University of Wuppertal
2021
University of California, Santa Barbara
2012-2017
University of California System
2014
JavaScript is used by web developers to enhance the interactivity of their sites, offload work users' browsers and improve sites' responsiveness user-friendliness, making pages feel behave like traditional desktop applications. An important feature JavaScript, ability combine multiple libraries from local remote sources into same page, under namespace. While this enables creation more advanced applications, it also allows for a malicious provider steal data other scripts page itself. Today,...
Ransomware is a type of malware that encrypts the files infected hosts and demands payment, often in crypto-currency like Bitcoin. In this paper, we create measurement framework use to perform large-scale, two-year, end-to-end ransomware payments, victims, operators. By combining an array data sources, including binaries, seed ransom victim telemetry from infections, large database bitcoin addresses annotated with their owners, sketch outlines burgeoning ecosystem associated third-party...
In this paper, we present the first longitudinal measurement study of underground ecosystem fueling credential theft and assess risk it poses to millions users. Over course March, 2016--March, 2017, identify 788,000 potential victims off-the-shelf keyloggers; 12.4 million phishing kits; 1.9 billion usernames passwords exposed via data breaches traded on blackmarket forums. Using dataset, explore what degree stolen passwords---which originate from thousands online services---enable an...
Malicious web pages that use drive-by download attacks or social engineering techniques to install unwanted software on a user's computer have become the main avenue for propagation of malicious code. To search pages, first step is typically crawler collect URLs are live Internet. Then, fast prefiltering employed reduce amount need be examined by more precise, but slower, analysis tools (such as honey clients). While effective, these require substantial resources. A key reason encounters...
Mobile applications are part of the everyday lives billions people, who often trust them with sensitive information.These users identify currently focused app solely by its visual appearance, since GUIs most popular mobile OSes do not show any trusted indication origin.In this paper, we analyze in detail many ways which Android can be confused into misidentifying an app, thus, for instance, being deceived giving information to a malicious app.Our analysis platform APIs, assisted automated...
Malware remains one of the most significant security threats on Internet.Antivirus solutions and blacklists, main weapons defense against these attacks, have only been (partially) successful.One reason is that cyber-criminals take active steps to bypass defenses, for example, by distributing constantly changing (obfuscated) variants their malware programs, quickly churning through domains IP addresses are used exploit code botnet commands.We analyze core tasks authors achieve be successful:...
The contentious battle between web services and miscreants involved in blackhat search engine optimization malicious advertisements has driven the underground to develop increasingly sophisticated techniques that hide true nature of sites. These cloaking hinder effectiveness security crawlers potentially expose Internet users harmful content. In this work, we study spectrum target browser, network, or contextual cues detect organic visitors. As a starting point, investigate capabilities ten...
To protect Android users, researchers have been analyzing unknown, potentially-malicious applications by using systems based on emulators, such as the Google's Bouncer and Andrubis. Emulators are go-to choice because of their convenience: they can scale horizontally over multiple hosts, be reverted to a known, clean state in matter seconds. Emulators, however, fundamentally different from real devices, previous research has shown how it is possible automatically develop heuristics identify...
The "Right to be Forgotten" is a privacy ruling that enables Europeans delist certain URLs appearing in search results related their name. In order illuminate the effect this has on information access, we conducted retrospective measurement study of 3.2 million were requested for delisting from Google Search over five years. Our analysis reveals countries and anonymized parties generating largest volume requests (just 1,000 requesters generated 16% requests); news, government, social media,...
To make cryptographic processors more resilient against side-channel attacks, engineers have developed various countermeasures. However, the effectiveness of these countermeasures is often uncertain, as it depends on complex interplay between software and hardware. Assessing a countermeasure’s using profiling techniques or machine learning so far requires significant expertise effort to be adapted new targets which makes those assessments expensive. We argue that including cost-effective...
Exploiting recent advances in monitoring technology and the drop of its costs, authoritarian oppressive regimes are tightening grip around virtual lives their citizens. Meanwhile, dissidents, oppressed by these regimes, organizing online, cloaking activity with anti-censorship systems that typically consist a network anonymizing proxies. The censors have become well aware this, they systematically finding blocking all entry points to networks. So far, been quite successful. We believe that,...
Traffic monetization is a crucial component of running most for-profit online businesses. One its latest incarnations cryptocurrency mining, where website instructs the visitor's browser to participate in building ledger (e.g., Bitcoin, Monero) exchange for small reward same currency. In essence, this practice trades user's electric bill (or battery level) cryptocurrency. With user consent, can be legitimate funding source - example, UNICEF has collected over 27k charity donations on...
Domain names play a critical role in cybercrime, because they identify hosts that serve malicious content (such as malware, Trojan binaries, or scripts), operate command-and-control servers, carry out some other the network infrastructure. To defend against Internet attacks and scams, operators widely use blacklisting to detect block domain IP addresses. Existing blacklists are typically generated by crawling suspicious domains, manually automatically analyzing collecting information from...
A crucial part of a cyber-criminal's job is to balance the risks and rewards his every action. For example, an expert spammer will tune bot's email-sending rate achieve good throughput with acceptable risk being detected. Then, such cyber-criminal has choose how launder money he made spamming, have consider many options (money mules, Bitcoin, etc.) that offer different returns risks. Although understanding these trade-offs coming as close possible their optimum what discriminates winners...
Malware is one of the key threats to online security today, with applications ranging from phishing mailers ransomware and trojans. Due sheer size variety malware threat, it impractical combat as a whole. Instead, governments companies have instituted teams dedicated identifying, prioritizing, removing specific families that directly affect their population or business model. The identification prioritization most disconcerting (known hunting) time-consuming activity, accounting for more...
Scams -- fraudulent schemes designed to swindle money from victims have existed for as long recorded history. However, the Internet's combination of low communication cost, global reach, and functional anonymity has allowed scam volumes reach new heights. Designing effective interventions requires first understanding context: how scammers potential victims, earnings they make, any bottlenecks durable interventions. In this short paper, we focus on these questions in context cryptocurrency...
The task of content-type detection -- which entails identifying the data encoded in an arbitrary byte sequence is critical for operating systems, development, reverse engineering environments, and a variety security applications. In this paper, we introduce Magika, novel AI-powered tool. Under hood, Magika employs deep learning model that can execute on single CPU with just 1MB memory to store model's weights. We show achieves average F1 score 99% across over hundred content types test set...