Speaker: Leylya Yumer (Symantec Research Labs, EU)
Title: Improving System Security with Big Data AnalysisLeylya Yumer is a research engineer in Symantec Research Labs since 2012. She obtained her Ph.D in December 2011 from Eurecom which is based in south of France. The topic of her PhD thesis is Network-based Botnet Detection. In her thesis, she proposed three different network-based botnet detection schemes one of which is Exposure.
Her research interests embrace most of the computer security problems with special focus on DNS-based malware detection systems, malware analysis, reverse-engineering and big data analysis. Currently, she conducts large-scale data analysis on security data feeds to find novel malware detection systems and discover unrevealed facts about cyber threats. She is working on the development of a malicious domains detection system which performs passive DNS analysis on big collections of DNS data produced by real users. In addition, she is involved in the Symantec's World Wide Intelligence Network Environment project.
In this talk, I will present our research on using Big Data techniques for understanding how security fails in the field. First, I will describe the WINE analytics platform. WINE is available to academic researchers and allows them to conduct experiments at scale. WINE also provides access to security telemetry collected by Symantec on 11 million hosts worldwide and updated continuously. Second, I will explain how we used WINE to show that zero-day attacks, which exploit software vulnerabilities before their public disclosure, go on undetected for 312 days on average. The duration of zero-day attacks had remained an open question for more than a decade because these attacks are rare events that are unlikely to be observed in honeypots or in lab experiments. We also showed that, after disclosure, the volume of attacks exploiting these vulnerabilities increases by up to 5 orders of magnitude and that the attacks continue for more than 4 years after the disclosure.