We use cookies on this site. By browsing our site you agree to our use of cookies. Close this message Find out more

Home > Information Security home > Events > ISG Research Seminar 13 March 2014
More in this section Events articles

ISG Research Seminar 13 March 2014

13/03/2014 (11:00-12:00)

Contact: Lorenzo Cavallaro


Speaker: Leylya Yumer (Symantec Research Labs, EU)

Title: Improving System Security with Big Data Analysis

Leylya Yumer is a research engineer in Symantec Research Labs since 2012.  She obtained her Ph.D in December 2011 from Eurecom which is based in south of France. The topic of her PhD thesis is Network-based Botnet Detection. In her thesis, she proposed three different network-based botnet detection schemes one of which is Exposure.

Her research interests embrace most of the computer security problems with special focus on DNS-based malware detection systems, malware analysis, reverse-engineering and big data analysis. Currently, she conducts large-scale data analysis on security data feeds to find novel malware detection systems and discover unrevealed facts about cyber threats. She is working on the development of a malicious domains detection system which performs passive DNS analysis on big collections of DNS data produced by real users. In addition, she is involved in the Symantec's World Wide Intelligence Network Environment project.


In this talk, I will present our research on using Big Data techniques for understanding how security fails in the field. First, I will describe the WINE analytics platform. WINE is available to academic researchers and allows them to conduct experiments at scale. WINE also provides access to security telemetry collected by Symantec on 11 million hosts worldwide and updated continuously. Second, I will explain how we used WINE to show that zero-day attacks, which exploit software vulnerabilities before their public disclosure, go on undetected for 312 days on average. The duration of zero-day attacks had remained an open question for more than a decade because these attacks are rare events that are unlikely to be observed in honeypots or in lab experiments. We also showed that, after disclosure, the volume of attacks exploiting these vulnerabilities increases by up to 5 orders of magnitude and that the attacks continue for more than 4 years after the disclosure. 


Comment on this page

Did you find the information you were looking for? Is there a broken link or content that needs updating? Let us know so we can improve the page.

Note: If you need further information or have a question that cannot be satisfied by this page, please call our switchboard on +44 (0)1784 434455.

This window will close when you submit your comment.

Add Your Feedback