Symantec Research Labs

Sandeep Bhatkar is a technical director at Symantec Research Labs (SRL) in Mountain View, CA. He holds a Ph.D. degree in Computer Science from Stony Brook University and a Bachelor's degree in Computer Science from Indian Institute of Technology, Bombay. His research interests are broadly in the areas of software security, programming languages, and machine learning. At SRL, he led research projects in the cyber security area, with the focus on applying machine learning techniques for automated malware analysis and detection. His research resulted in successful contribution to a number of Symantec's internal tools and commercial product technologies such as Sonar, Disarm, Cynic, and Synapse. More recently, he is developing data analytics and visualization techniques to detect insider threats and targeted attacks.

Selected academic papers:

• MutantX-S: Scalable Malware Clustering Based on Static Features
  X Hu, S Bhatkar, K Griffin, KG Shin, Usenix 2013
  
  
• Data Space Randomization
  Sandeep Bhatkar (Symantec Research Labs) and R. Sekar (Stony Brook University); Proceedings of the 5th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2008), July 2008
  

Leyla Bilge is a research engineer in Symantec Research Labs since 2012. She obtained her Ph.D in December 2011 from Eurecom which is based in south of France. The topic of her PhD thesis is Network-based Botnet Detection. In her thesis, she proposed three different network-based botnet detection schemes one of which is Exposure.

Her research interests embrace most of the computer security problems with special focus on DNS-based malware detection systems, malware analysis,reverse-engineering and big data analysis. Currently, she conducts large-scale data analysis on security data feeds to find novel malware detection systems and discover unrevealed facts about cyber threats. She is working on the development of a malicious domains detection system which performs passive DNS analysis on big collections of DNS data produced by real users. In addition, she is involved in the Symantec's World Wide Intelligence Network Environment project.

Selected academic papers:

• Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services
  P Kotzias, L Bilge, J Caballero, Proceedings of the USENIX Security Symposium (2016)
  
  
• The Dropper Effect: Insights into Malware Distribution with Downloader Graph Analytics
  BJ Kwon, J Mondal, J Jang, L Bilge, T Dumitras, 22nd ACM SIGSAC Conference on Computer and Communications (CCS2015)
  

Matteo Dell'Amico works at Symantec Research Labs since 2014. Matteo received his Ph.D. in Computer Science in 2008 at the University of Genoa (Italy); between 2008 and 2014 he worked at EURECOM (France). His current research is focused on the design of scalable algorithms and system for data-intensive systems.

Matteo's research interests touch distributed systems and security; he investigated topics such as peer-to-peer systems, reputation systems, distributed backup and storage, recommender systems, scheduling, password security.

Selected academic papers:

• NG-DBSCAN: Scalable Density-Based Clustering for Arbitrary Data
  Alessandro Lulli, University of Pisa, Italy; Matteo Dell’Amico, Symantec Research Labs, France; Pietro Michiardi, EURECOM, Campus SophiaTech, France; Laura Ricci, University of Pisa, Italy
  
  
• PSBS: Practical Size-Based Scheduling
  M Dell'Amico, D Carra, P Michiardi, IEEE Transactions on Computers (2016)

Dr. Petros Efstathopoulos is a Sr Technical Director at Symantec Research Labs in Culver City, CA. He holds Ph.D. And M.Sc. degrees in Computer Science from the University of California, Los Angeles (UCLA) and a B.Sc. degree in Electrical and Computer Engineering from the National Technical University of Athens, Greece (NTUA). During his Ph.D. he worked on the Asbestos operating system, which introduced decentralized information flow control to contain the effects of bugs and provide improved security.

Dr. Efstathopoulos has worked on the design and implementation of a variety of computer systems, including operating systems and kernel development, storage and file systems, security, distributed systems, virtualization, and systems networking. Since joining Symantec Research Labs in 2009 he focused particularly on next-generation storage/backup systems, portable storage security, network security and privacy. As a member of SRL he has authored multiple research papers and numerous patents. He is currently leading the Symantec Research Labs team in Europe.

Harbormaster: Policy Enforcement for Containers Mingwei Zhang, Daniel Marino, Petros Efstathopoulos. In Proceedings of the 7th IEEE International Conference on Cloud Computing Technology and Science (CloudCom'15)

Building a High-performance Deduplication System Fanglu Guo, Petros Efstathopoulos, 2011 USENIX Annual Technical Conference (USENIX ATC ’11), Conference Best Paper Award

Selected academic papers:

• Harbormaster: Policy Enforcement for Containers
  Mingwei Zhang, Daniel Marino, Petros Efstathopoulos. In Proceedings of the 7th IEEE International Conference on Cloud Computing Technology and Science (CloudCom'15)
  
  
• Building a High-performance Deduplication System
  Fanglu Guo, Petros Efstathopoulos, 2011 USENIX Annual Technical Conference (USENIX ATC ’11), Conference Best Paper Award.

Dr. Christopher Gates joined the SRL team in Culver City, CA in September of 2014. He received a PhD in Computer Science from Purdue University, advised by Professor Ninghui Li, and was an active member of CERIAS, a cross-departmental program focused on cyber security. Prior to pursuing his PhD, he worked as a Senior Software Engineer at a startup in NYC. Dr. Gates' research interests are in system security and machine learning. One recent focus of his research in the domain of mobile apps is how to effectively use machine learning to generate a measure of 'risk' for an app. This work also touches on usability of such risk indicators and how to more effectively communicate information to users who ultimately consume and act on such an indicator.

Selected academic papers:

• Large-Scale Identification of Malicious Singleton Files
  Bo Li, University of Michigan; Chris Gates, Symantec Research Labs; Kevin Roundy, Symantec Research Labs; Yevgeniy Vorobeychik, Vanderbilt University

Yufei works as a principal research engineer in the SRL Team in Sophia-Antipolis. He received his Ph.D diploma in Computer Science from Chinese Academy of Sciences, Beijing, China in 2010, where his research focused on machine learning and pattern recognition. Before joining Symantec, he was a researcher at INRIA (French Institute for Research in Computer Science and Automation), conducting machine learning research for intelligent transportation system.

Yufei has extensive background in various machine learning techniques, including semi-supervised classification, clustering, and probabilistic graph models for Bayesian inference. He has applied these techniques in transportation (traffic modeling) and fault diagnosis for mechanical defects of transportation systems. Most recently, he took part in the BigFoot project (FP7), funded by the European Community's Seventh Framework Programme (FP7). His work in this porject included developping time series forecasting for processing large-scale smart grid data and semi-supervised feature selection for security applications of Symantec.

Selected academic papers:

• Partially Supervised Graph Embedding for Positive Unlabelled Feature Selection
  by Yufei Han and Yun Shen, IJCAI 2016
  
  
• Content-Agnostic Malware Detection in Heterogeneous Malicious Distribution Graph
  I M Alabdulmohsin, Y Han, Y Shen, X Zhang: CIKM 2016

Michael Hart is a technical director who has made significant contributions to Symantec across many different product lines since joining in 2011. He developed a linguistically motivated, machine learning driven, zero history URL reputation technique that is currently leveraged by Managed Security Services and MessageLabs, which blocks tens of millions of spam emails each month. He contributed to the fundamental technology that drives Symantec DLP's VML technology and provided a crucial update to the detection rules used for HIPAA policy violations with a novel technique that automatically extracts medical terminology. He developed many critical features for the Data Insight 4.0 release, including social network analysis for file user activity to identify anomalous behavior that may be indicative of insider activity. He has 8 referred academic publications in security and machine learning, 11 patents submitted, 3 granted, and a member of the NSA Enduring Security Framework Insider Threat working group. His research interests lie in the intersection of machine learning, natural language processing and security.

Selected academic papers:

• PhorceField: A Phish-Proof Password Ceremony
  Michael Hart, Claude Castille, Manoj Harpalani, Jonathan Toohill, and Rob Johnson (Stony Brook University); Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC 2011), Orlando, Florida, December, 2011

CW Hobbs is lab systems engineer at Symantec Research Labs, managing and preparing the SRL computer systems, and helping with benchmarking and QA tasks. CW majored in Physics and Psychology at Grinnell College, and did graduate work in Computer Science at the University of Iowa.

At Iowa, he was a research assistant in the Department of Physiology and Biophysics of the College of Medicine, where he was able to buy and manage one of the first VAX-11/780 systems sold. After graduate school, CW joined Digital’s VMS Engineering group as one of the original members of the VAXcluster engineering team. He later joined Digital’s small advanced development group quartered at CERN in Geneva, Switzerland. At CERN he helped prototype and test computing systems which were used for LEP and LHC – and his office was three doors down the hall from Tim Berners-Lee’s office during the birth and early days of the World Wide Web.

Daniel Kats joined the SRL team in Culver City, CA in March of 2016. He received a B. Sc. from the University of Toronto with a specialist in Computer Science and a Minor in Mathematics. He then went on to receive an M. Sc. in Computer Science from the University of Toronto, advised by Professor Eyal de Lara, a member of the systems and networking group. His graduate work focused on the Linux virtualization subsystem and hardware passthrough. At Symantec Research Labs, Daniel has worked on cloud system architecture and security, anomaly detection, and the intersection of machine learning and privacy.

Selected academic papers:

• Cross-Product Intrusion Detection With Weak Indicators
  Kevin Roundy, Acar Tamersoy, Michael Hart, Daniel Kats (Symantec Research Labs); Robert Scott, Michael Spertus (Symantec); Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC 2017)

Dr. Ashwin Kayyoor is a Senior Principal Researcher at Symantec Research Labs. He obtained his Ph.D. in Computer Science from University of Maryland, College Park under the guidance of Prof. Amol Deshpande and Prof. Jimmy Lin. The title of his Ph.D. thesis was "Minimizing Resource Consumption through Workload Consolidation in Large-scale Distributed Data Platforms."

His research interests include designing and building scalable systems for large-scale data analytics. He also enjoys applying machine learning, NLP and graph theoretical concepts to solve data science problems and in general large-scale data management systems problems. To date, he has published several research papers in top tier conferences and filed numerous patents in the area of data analytics, storage and security.

Previously, through several internships and research opportunities, he has worked on problems that span a variety of research areas such as data markets, information extraction, e-mail security, artificial intelligence, parallel computing, ML, NLP and graph analytics.

Daniel Marino joined the SRL Core Research team in Culver City, CA in 2011. He received a Ph.D. in Computer Science from UCLA and a B.A. in Computer Science and Mathematics from UC Berkeley. Prior to joining Symantec, Dr. Marino worked as a consultant building custom business software and also completed internships at Microsoft Research and IBM Research.

Dr. Marino's research falls broadly into the area of Programming Languages and Systems. He has experience in designing a variety of static and dynamic program analyses, type systems to enforce security policies, and compiler and hardware optimizations that simplify the memory model exposed to programmers of concurrent systems. His more recent interests include analyzing large data sets and assessing the security and performance of mobile apps.

Selected academic papers:

• A Safety-First Approach to Memory Models
  Abhayendra Singh, Satish Narayanasamy, Daniel Marino, Todd Millstein, Madanlal Musuvathi; IEEE Micro Top Picks, Volume 33, Number 3, May/June 2013
  
  
• Detecting Deadlock in Programs with Data-Centric Synchronization
  Daniel Marino, Christian Hammer, Julian Dolby, Mandana Vaziri, Frank Tip, Jan Vitek; International Conference on Software Engineering (ICSE), May 2013

Dr. Susanta Nanda is a Researcher at Symantec Research Labs in Culver City, CA. He received his Bachelor's degree in Computer Science and Engineering from Indian Institute of Technology, Kanpur, in 2000, his Master’s degree in Computer Science from Stony Brook University in 2004, and his Ph.D. in Computer Science from Stony Brook University in 2007. Prior to graduate school from 2000 to 2002 he worked for the Database Systems research department at Bell Labs. He has also worked as a research intern at IBM Watson Research Center.

His Ph.D. research developed of techniques and tools related to intrusion detection/prevention, attack signature generation, operating system level virtualization, disaster recovery, and binary analysis and instrumentation.

His research interests include software security, virtualization technologies, and data protection. His current research focuses on technologies to improve end-point security and management. He has developed a patent-pending technology that protects end-points from leaking sensitive user data from web-browser transactions and that prevents malicious browser downloads from permanently damaging end-points.

Selected academic papers:

• Execution Trace-Driven Automated Attack Signature Generation
  Susanta Nanda and Tzi-cker Chiueh (Symantec Research Labs); Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC 2008), Anaheim, CA, December 2008
  
  
• Large scale malware collection: lessons learned
  Susanta Nanda and Tzi-cker Chiueh (Symantec Research Labs); Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC 2008), Anaheim, CA, December 2008

Johann Roturier, Ph.D., works as a principal research engineer in the SRL Team in Dublin. He completed his PhD thesis in 2007, which investigated the impact of controlled language rules on various characteristics of machine-translated documentation. Between 2007 and 2010, his work focused on the evaluation, deployment and integration of new language and translation technologies (such as Controlled Language and Machine Translation) within existing authoring and localisation workflows. During that time, he took part in standardization activities via an OASIS technical committee. Over the last three years, he has served on numerous program committees for Computational Linguistics and Machine Translation conferences. He has also recently become a member of the editorial board of the Machine Translation journal. His work includes projects with external government agencies, businesses, universities, and open-source communities.

Selected academic papers:

• Foreebank: Syntactic Analysis of Customer Support Forums
  R Kaljahi, J Foster, J Roturier, C Ribeyre, T Lynn, J Le Roux, Conference on Empirical Methods in Natural Language Processing (EMNLP)
  
  
• Localizing Apps: A practical guide for translators and translation students
  J Roturier, Routledge 
  

Kevin completed a Ph.D. at the University of Wisconsin in May 2012, and began his career at Symantec Research Labs immediately afterwards. The title of his dissertation is “Hybrid Analysis and Control of Malware”, which describes tools he built that bring static and dynamic analysis to bear on defensive malware. Since joining Symantec, Kevin has collaborated on the creation of several new threat-detection engines using a variety of techniques, which include relationship mining, scalable clustering, efficient rule-processing engines, and risk modeling. Kevin has a background in Machine Learning and Database systems, and did his undergraduate work at Brigham Young University. He is a native of Ithaca, New York.

Selected academic papers:

• Large-Scale Identification of Malicious Singleton Files
  By Bo Li, University of Michigan; Chris Gates, Symantec Research Labs; Kevin Roundy, Symantec Research Labs; Yevgeniy Vorobeychik, Vanderbilt University.


• Generating Graph Snapshots from Streaming Edge Data
  S Soundarajan, A Tamersoy, E B Khalil, T Eliassi-Rad, D H Chau, B Gallagher, K A Roundy, International Conference on World Wide Web (WWW 2016, ACM 2016, ISBN 978-1-4503-4144-8)

Dr. Yun Shen is a Researcher at Symantec Research Labs. Dr. Shen received his Ph.D. in Computer Science from University of Hull, UK in 2005, where his research focused on indexing and retrieval of distributed XML data. He received his Bachelor’s degree in Computer Science from Sichuan University, China in 2000.

Dr. Shen is currently involved in the BIGFOOT project, funded by the European Community's Seventh Framework Programme (FP7). Before joining Symantec, he was a researcher in the HP Labs Bristol, working on privacy enhancing technologies and Cloud Computing infrastructure. Prior to this, he conducted research on intelligence analysis supported by government funding in the University of Bristol. He has published papers in international journals and conferences.

Selected academic papers:

• Partially Supervised Graph Embedding for Positive Unlabelled Feature Selection
  by Yufei Han and Yun Shen, IJCAI 2016
  
  
• Insights into rooted and non-rooted Android mobile devices with behavior analytics
  Y Shen, N Evans, A Benameur, Proceedings of the 31st Annual ACM Symposium on Applied Computing

Saurabh Shintre is currently employed as a Principal Researcher at Symantec Research Labs. His research interests lie in the domains of cryptography, web and network security, and machine learning. Before joining Symantec, he received his PhD in computer security from Carnegie Mellon University (CyLab) on information-theoretic analyses of side-channel attacks.

Darren Shou is a senior director of the global research labs at Symantec. In this role, Shou is responsible for transforming research ideas into product, developing the technology vision, driving innovation and growing technical leadership. Symantec Research Labs (SRL) has researched and developed numerous innovations across all of Symantec’s business areas that have collectively impacted hundreds of millions of Symantec customers. Shou oversaw the development of the security analytics platform, the Worldwide Intelligence Network Environment, that enabled an open innovation ecosystem for cyber-security data sharing. Recognized by various government agencies, like the National Science Foundation, it preceded Symantec’s Unified Security Platform. Other research labs innovations have won product of the year awards, acclaim from industry analysts, and an NSA honorable mention. Shou also oversaw the development of the DISARM technology, a transformational security capability that protects against 0-day active content threats. And he led the initial research and development of the advanced persistent threat detection and cyber-insurance technology enablement initiatives.

Previously he was responsible for driving open collaboration initiatives to advance research, encourage innovation, and cultivate the next generation of technology leaders. Darren earlier served as a manager of the enterprise security group and was responsible for developing the enterprise OEM business. Prior to joining Symantec Darren was a program manager at Microsoft. He is also a member of several academic advisory boards.

Mr. Shou has a Bachelor’s degree in Computer Engineering and Computer Science from the University of Southern California.

Selected academic papers:

• Toward a Standard Benchmark for Computer Security Research: The Worldwide Intelligence Network Environment (WINE)
  Tudor Dumitras and Darren Shou (Symantec Research Labs); Proceedings of the First EuroSys Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (EuroSys BADGERS 2011), Salzburg, Austria, April 2011

David works as a software engineer with Symantec's Shared Engineering Services EMEA. He completed is graduation in computer sciences in 2007, same year when he joined the multinational Cision AB where he worked for almost 4 years in several software projects related with business and communication intelligence. In January 2012 he joined Symantec research group to work on the European Commission funded project – ACCEPT (Automated Community Content Editing Portal).

Selected academic papers:

• The ACCEPT Post-Editing environment: a flexible and customisable online tool to perform and analyse machine translation post-editing
  Johann Roturier, Linda Mitchell and David Silva. 2013. Published in: In Proceedings of MT Summit XIV Workshop on Post-editing Technology and Practice. Nice, France.

Yuqiong Sun received his Ph.D. from the Pennsylvania State University, advised by Dr. Trent Jaeger. His research interests span various topics in system and network security, including trusted computing, virtualization security, cloud platform security, intrusion detection systems, software defined networking and etc..

In particular, his thesis work focused on cloud computing security. He investigated security issues in current IaaS cloud platform design and explore new cloud architectures to mitigate those security issues. Prior to joining Symantec Research Labs, he has worked at IBM T.J. Watson Research Center.

Selected academic papers:

• A Novel Statistical Pre-Processing Model for Rule-Based Machine Translation System
  Y. Sun, S. O’Brien, M. O’Hagan, and F. Hollowood; Proceedings of the 14th Annual conference of the European Association for Machine Translation, 27-28 May 2010, Saint-Raphaël, France. ed.Viggo Hansen and François Yvon; 8pp.
  
  
• Mining the Correlation Between Human and Automatic Evaluation at Sentence Level
  Y. Sun; LREC 2010: proceedings of the seventh international conference on Language Resources and Evaluation, 17-23 May 2010, Valletta, Malta; pp.1726-1730.

Pierre-Antoine Vervier is currently a Senior Research Engineer at Symantec Research Labs. He obtained his Master's degree in Computer Science in 2010 from the University of Liège (Belgium). He obtained his Ph.D. from Telecom ParisTech (France) in 2014 on a topic related to the security of the Internet routing infrastructure.

Pierre-Antoine joined Symantec Research Labs in 2010. Between 2010 and 2013 he was involved in the European project VIS-SENSE. His research work has mainly been related to computer networks security. During his Ph.D. he designed and maintained for several years a real-time data collection and analysis infrastructure called SpamTracer for the study of attacks against the Internet routing (BGP hijacks). He is also actively working on the mining of large datasets for security intelligence and attack investigation.

Selected academic papers:

• Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks
  P-A Vervier, O Thonnard, M Dacier, Network and Distributed System Security (NDSS) Symposium (2015)
  
  
• SpamTracer: How stealthy are spammers?
  Pierre-Antoine Vervier and Olivier Thonnard (Symantec Research Labs); TMA 2013, 5th IEEE International Traffic Monitoring and Analysis Workshop, in conjunction with INFOCOM 2013, 19 April 2013, Turin, Italy

As Senior Director of Symantec Research Labs (SRL) Worldwide, Brian Witten is responsible for leading all research and development by SRL. Brian joined Symantec Research Labs 12 years ago and created Symantec Research Labs Europe along with several new technologies now used in Symantec's enterprise and Norton consumer offerings. Throughout his time at Symantec, Brian has led product engineering teams that helped build and deliver award winning mobile, cloud, and desktop products including Symantec Endpoint Protection (SEP.cloud) and Norton Mobile Security. Brian's work at Symantec directly contributed to embedding security into over one billion Internet of Things (IOT) devices. Over the past 20 years, Brian has helped build security into countless things ranging from spacecraft to consumer electronics, critical infrastructure, and other systems now used in banks, hospitals and manufacturing companies around the world. Prior to joining Symantec, Brian worked at the Defense Advanced Research Projects Agency (DARPA), the U.S. military's central research and development organization where he managed an R&D investment portfolio of more than $150 million in U.S. and international efforts. Prior to DARPA, Brian served as an officer in the US Air Force.

Selected academic papers:

• Detecting Known and New Salting Tricks in Unwanted Emails
  Andre Bergholz, Gerhard Paass, Frank Reichartz, Siehyun Strobel (Fraunhofer IAIS, Germany); Marie-Francine Moens (Katholieke Universitiet, Belgium); and Brian Witten (Symantec Research Labs); Proceedings of International Conference on Email and Anti-Spam (CEAS), Mountain View, CA, August 2008
  
  
• RapidUpdate: Peer-Assisted Distribution of Security Content
  Denis Serenyi and Brian Witten (Symantec Research Labs); Proceedings of the 7th International Workshop on Peer-to-Peer Systems (IPTPS 2008), Tampa Bay, FL, February 2008