Kevin Alejandro Roundy

Kevin has been a researcher at Symantec Research Labs since graduating with a Ph.D. from the University of Wisconsin in 2012. As a graduate student, he developed tools by which obfuscated malware could be analyzed both with detailed static analysis techniques and dynamic instrumentation. Since joining Symantec, Kevin has collaboratively developed threat-detection tools that have widely deployed. He has also worked in Endpoint Detection and Response, on risk modeling. Additional areas of current interest include human-centric security and privacy paradigms. In his time with SRL, Kevin has authored several research publications and patents. Kevin has a background in Machine Learning and Database systems, and did his undergraduate work at Brigham Young University.

Selected Academic Papers

  • Collaborative and Privacy-Preserving Machine Teaching via Consensus Optimization
    Yufei Han, Yuzhe Ma, Christopher Gates, Kevin A. Roundy and Yun Shen
    To appear at the 2019 International Joint Conference on Neural Networks (IJCNN)

    In this work, we define a collaborative and privacy-preserving machine teaching paradigm with multiple distributed teachers. The focus is to find strategies to organize distributed agents to jointly select a compact subset of data that can be used to train a global model. The global model should achieve nearly the same performance as if the central learner had access to all the data, but the central learner only has access to the selected subset, and each agent only has access to their own data. The goal of this research is to find good strategies to train global models while giving some control back to agents.

  • A Field Study of Computer-Security Perceptions Using Anti-Virus Customer-Support Chats
    Mahmood Sharif, Kevin A. Roundy, Matteo Dell'Amico, Christopher Gates, Daniel Kats, Lujo Bauer, Nicolas Christin
    In Proceedings of the 2019 Conference on Human Factors in Computing Systems (CHI 2019)

    To identify needs for improvement in security products, we study security concerns raised in Norton Security customer support chats. We found that many consumers face technical support scams and are susceptible to them. Findings also show the value of customer support centers in that 96% of customers that reach out for support in relation to scams have not paid the scammers.

  • Making Machine Learning Forget
    Saurabh Shintre, Kevin Roundy, and Jasjeet Dhaliwal
    In Proceedings of the 2019 ENISA Annual Privacy Forum (APF 2019)

    We specifically analyze how the “right-to-be-forgotten” provided by the European Union General Data Protection Regulation can be implemented on current machine learning models and which techniques can be used to build future models that can forget. This document also serves as a call-to-action for researchers and policy-makers to identify other technologies that can be used for this purpose.

  • VIGOR: Interactive Visual Exploration of Graph Query Results
    Robert Pienta, Fred Hohman, Alex Endert, Acar Tamersoy, Kevin Roundy, Chris Gates, Shamkant Navathe, Duen Horng Chau
    IEEE Transactions on Visualization and Computer Graphics (TVCG), 24(1), 2018, Presented at the 2017 IEEE Conference on Visual Analytics Science and Technology (VAST), 2017

    We present VIGOR, a novel interactive visual analytics system, for exploring and making sense of graph query results. VIGOR contributes an exemplar-based interaction technique and a feature-aware subgraph result summarization. Through a collaboration with Symantec, we demonstrate how VIGOR helps tackle real-world cybersecurity problems.

  • Hierarchical Incident Clustering for Security Operation Centers
    David Silva, Matteo Dell’Amico, Michael Hart, Kevin A. Roundy, Daniel Kats
    In Proceedings of the Interactive Data Exploration and Analytics Workshop (IDEA 2018)

    We enable security incident responders to dispatch multiple similar security incidents at once through an intuitive user interface. The heart of our algorithm is a visualized hierarchical clustering technique that enables responders to identify the appropriate level of cluster granularity at which to dispatch multiple incidents.

  • Smoke Detector: Cross-Product Intrusion Detection With Weak Indicators
    Kevin A. Roundy, Acar Tamersoy, Michael Spertus, Michael Hart, Daniel Kats, Matteo Dell'Amico, Robert Scott
    In Proceedings of the Annual Computer Security Applications Conference (ACSAC 2017)

    Smoke Detector significantly expands upon limited collections of hand-labeled security incidents by framing event data as relationships between events and machines, and performing random walks to rank candidate security incidents. Smoke Detector significantly increases incident detection coverage for mature Managed Security Service Providers.

  • Large-Scale Identification of Malicious Singleton Files
    Bo Li, Kevin Roundy, Chris Gates, Yevgeniy Vorobeychik
    In Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (CODASPY)

    94% of the software files that Symantec saw in a 1-year dataset appeared only once on a single machine. We examine the primary reasons for which both benign and malicious software files appear as singletons, and design a classifier to distinguish between these two classes of singleton software files.

  • Predicting Cyber Threats with Virtual Security Products
    Shang-Tse Chen, Yufei Han, Duen Horng Chau, Christopher Gates, Michael Hart, Kevin A. Roundy
    In Proceedings of the 33th Annual computer Security Applications Conference (ACSAC 2017)

    We set out to predict which security events and incidents a security product would have detected had it been deployed, based on the events produced by other security products that were in place. We discovered that the problem is tractable, and that some security products are much harder to model than others, which makes them more valuable.

  • Automatic Application Identification from Billions of Files
    Kyle Soska, Chris Gates, Kevin Roundy, and Nicolas Christin
    In Proceedings of the 23rd SIGKDD Conference on Knowledge Discovery and Data Mining (KDD 2017)

    Mapping binary files into software packages enables malware detection and other tasks, but is challenging. By combining installation data with file metadata that we summarize into sketches, from millions of machines and billions of files, we can use efficient approximate clustering techniques to map files to applications automatically and reliably.

  • Generating Graph Snapshots from Streaming Edge Data
    Sucheta Soundarajan, Acar Tamersoy, Elias B. Khalil, Tina Eliassi-Rad, Duen Horng Chau, Brian Gallagher, Kevin Roundy
    In Proceedings of the 25th International World Wide Web Conference (WWW), 2016

    We study the problem of determining the proper aggregation granularity for a stream of time-stamped edges. To this end, we propose ADAGE and demonstrate its value in automatically finding the appropriate aggregation intervals on edge streams for belief propagation to detect malicious files and machines.