Ransomware, scams, cryptojacking: A data-driven approach to systems security - Dr. Amin Kharraz

Organized cybercrime occurs in different forms and has become more frequent and consequential. How do we quickly, accurately, and comprehensively identify these threats? How can we reduce the attack surface and improve defensive agility? The necessary steps to make meaningful progress and answer these questions require integrating 1) a variety of scientifically rigorous empirical methods including user studies, machine learning, and code analysis to translate an abstract concept into quantifiable information, and 2) data-driven approaches to enhance the agility of defenders to respond to these attacks. In this talk, I will highlight the contribution of empirical methods to systems security with three examples from my work. I present systems to uncover and explore three large-scale adversarial activities including ransomware, online scams, and in-browser covert cryptomining. I illustrate how data-driven approaches offer empirical techniques to study contemporary security incidents by exposing underlying aspects of these threats, leading to more effective defensive techniques and security models that are more closely aligned with today’s cybersecurity landscape.