SlideShare a Scribd company logo

[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!

Marcus Botacin
Marcus Botacin

My talk at the USENIX Enigma 2023 discussing challenges and pitfalls in malware research. I discuss 5 aspects to change, from diversity of research work to reproducibility crisis.

Technology
1 of 25
Download to read offline
5 Marcus Botacin Texas A&M University, USA @MarcusBotacin Why Is Our Security Research Failing? Five Practices to Change! ENIGMA 2023, SECURITY AND PRIVACY IDEAS THAT MATTER JAN 24-26, 2023, SANTA CLARA, CA 1 1
Everybody Complains About Security Research 2
Outside Academia Complaints 1. “The scientific way of defining requirements is too strict for real world use” 2. “Early-stage research is useless in the sense of not being close to transitioning to practical use.” 3. “Cybersecurity is failing due to ineffective technology” 4. “Universities failing at cybersecurity education” 3
Academic Complaints Herley and P. C. van Oorschot about the JASON report: “The science seems under-developed in reporting experimental results, and consequently in the ability to use them. The research community does not seem to have developed a generally accepted way of reporting empirical studies so that people could reproduce the work” 4
Let’s Suppose Security Research is Broken 5
Study: Challenges & Pitfalls in Malware Research 6
1 2 3 4 5 Goals and Roadmap ● Not to point fingers. ● I also make mistakes. ● Teach some lessons. ● Learn from others’ mistakes. ● Learn from our own mistakes. 1. Study Types. 2. When to start looking to the industry. 3. When to stop looking to the industry. 4. Guidelines and Standards. 5. Reproducibility. 7
1. Focusing too much on a single study type 8
The Most Common Research Types ● Engineering Solutions are more than 50% of all published papers. ● Only a few papers relied on previous measurements and observational studies. ● It suggests researchers have been taking ad-hoc project decisions. 9
A new malware research method Solution Proposal: Integrate Science and Engineering methods 10
The Most Common Research Types ● Engineering Solutions are more than 50% of all published papers. ● Only a few papers relied on previous measurements and observational studies. ● It suggests researchers have been taking ad-hoc project decisions. 11
2. Not looking at the industry when needed. 12
● Distributed Threadless Malware Systems Architectures ● Multi-core processors are prevalent (>99%) ● Literature is limited in multi-core examples (<1%) ● Prototypes can be single-core. ● Multi-core threats must be researched. 13 ● VANILLA: Layers and Layers of Attacks
Malware Detection Approaches ● Majority of academic studies using ML rather than signatures. ● Industry uses both. ● Signatures still relevant. ● Should we stop researching signatures? 14
3. Looking too much at the industry and market. 15
Goodware Sources ● Goodware samples are used as ground truth for ML models. ● Crawling software repositories allows getting popular software. ● Some binaries might be trojanized. ● A few studies filter out trojanized binaries. ● ML models might be biased! 16
Antivirus Labels 17 ● The problem of heterogeneous AV labels has been known for a long. ● Comparisons are not fair because labels are not easily comparable. ● AVClass
4. Not developing standards and guidelines. 18
Dataset Sizes ● No guideline and not practical standard. ● Researchers adopting ad-hoc decisions. ● Anchor bias: the median is ever-growing. ● How much is enough? ● Contradictory verdicts: 900K vs. 1M samples. 19 Dataset Size Median
5. We have a reproducibility crisis! 20
Networks: Where Datasets Come From? ● The Human Aspect: Datasets are made private via Non-Disclosure Agreements (NDAs) 21
Networks: Where Datasets Come From? ● The Technological Aspect: Malware analyses might not be reproducible due to payloads and C&Cs being sinkholed at any time. 22
Moving Forward 23
Call to Action ● Researchers: ○ Diversify the types of conducted studies. ● Reviewers and Program Committees: ○ Develop evaluation guidelines. ● The Field: ○ Focus on representativity rather than quantity. ● Venues and CFPs: ○ Ask for more diversified studies. ○ Be clear on requesting representative datasets. 24
5 ENIGMA 2023, SECURITY AND PRIVACY IDEAS THAT MATTER JAN 24-26, 2023, SANTA CLARA, CA 25 Why Is Our Security Research Failing? Five Practices to Change! Thank you! Contact: botacin@tamu.edu or @MarcusBotacin My Website: marcusbotacin.github.io Marcus Botacin Texas A&M University, USA @MarcusBotacin

Recommended

Considerations and challenges in building an end to-end microbiome workflow
Considerations and challenges in building an end to-end microbiome workflowConsiderations and challenges in building an end to-end microbiome workflow
Considerations and challenges in building an end to-end microbiome workflow
Eagle Genomics
 
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
Edge AI and Vision Alliance
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
Ahmed Banafa
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Mahdi_Fahmideh
 
Trends in Information Management
Trends in Information ManagementTrends in Information Management
Trends in Information Management
Alexander Deucalion
 
A Model for Encryption of a Text Phrase using Genetic Algorithm
A Model for Encryption of a Text Phrase using Genetic AlgorithmA Model for Encryption of a Text Phrase using Genetic Algorithm
A Model for Encryption of a Text Phrase using Genetic Algorithm
ijtsrd
 
Software Defect Prediction Using Local and Global Analysis
Software Defect Prediction Using Local and Global AnalysisSoftware Defect Prediction Using Local and Global Analysis
Software Defect Prediction Using Local and Global Analysis
Editor IJMTER
 
Avoiding Invasive Surveillance, Ensuring Trust: ENSURING TRUST UNED’S AvEx
Avoiding Invasive Surveillance, Ensuring Trust: ENSURING TRUST UNED’S AvExAvoiding Invasive Surveillance, Ensuring Trust: ENSURING TRUST UNED’S AvEx
Avoiding Invasive Surveillance, Ensuring Trust: ENSURING TRUST UNED’S AvEx
EADTU
 

Recommended

Considerations and challenges in building an end to-end microbiome workflow
Considerations and challenges in building an end to-end microbiome workflowConsiderations and challenges in building an end to-end microbiome workflow
Considerations and challenges in building an end to-end microbiome workflow
Eagle Genomics
 
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
Edge AI and Vision Alliance
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
Ahmed Banafa
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Mahdi_Fahmideh
 
Trends in Information Management
Trends in Information ManagementTrends in Information Management
Trends in Information Management
Alexander Deucalion
 
A Model for Encryption of a Text Phrase using Genetic Algorithm
A Model for Encryption of a Text Phrase using Genetic AlgorithmA Model for Encryption of a Text Phrase using Genetic Algorithm
A Model for Encryption of a Text Phrase using Genetic Algorithm
ijtsrd
 
Software Defect Prediction Using Local and Global Analysis
Software Defect Prediction Using Local and Global AnalysisSoftware Defect Prediction Using Local and Global Analysis
Software Defect Prediction Using Local and Global Analysis
Editor IJMTER
 
Avoiding Invasive Surveillance, Ensuring Trust: ENSURING TRUST UNED’S AvEx
Avoiding Invasive Surveillance, Ensuring Trust: ENSURING TRUST UNED’S AvExAvoiding Invasive Surveillance, Ensuring Trust: ENSURING TRUST UNED’S AvEx
Avoiding Invasive Surveillance, Ensuring Trust: ENSURING TRUST UNED’S AvEx
EADTU
 
Detecting Misuses of Security APIs: A Systematic Review
Detecting Misuses of Security APIs: A Systematic ReviewDetecting Misuses of Security APIs: A Systematic Review
Detecting Misuses of Security APIs: A Systematic Review
CREST @ University of Adelaide
 
Machine Learning Misconceptions
Machine Learning MisconceptionsMachine Learning Misconceptions
Machine Learning Misconceptions
Health Catalyst
 
Mukha ng research methodology
Mukha ng research methodologyMukha ng research methodology
Mukha ng research methodology
GAMALI Roper
 
Threat Modeling in the Cloud
Threat Modeling in the CloudThreat Modeling in the Cloud
Threat Modeling in the Cloud
Paige Cruz
 
Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"
Stephen Allan Weitzman
 
5 tactics for practical privacy protection
5 tactics for practical privacy protection5 tactics for practical privacy protection
5 tactics for practical privacy protection
Amber Macintyre
 
Supply Chain management with Demand Forecasting of Covid-19 Vaccine using Blo...
Supply Chain management with Demand Forecasting of Covid-19 Vaccine using Blo...Supply Chain management with Demand Forecasting of Covid-19 Vaccine using Blo...
Supply Chain management with Demand Forecasting of Covid-19 Vaccine using Blo...
Md. Mahfujur Rahman
 
The FAIR data movement and 22 Feb 2023.pdf
The FAIR data movement and 22 Feb 2023.pdfThe FAIR data movement and 22 Feb 2023.pdf
The FAIR data movement and 22 Feb 2023.pdf
Alan Morrison
 
Witdom overview 2016
Witdom overview 2016Witdom overview 2016
Witdom overview 2016
Elsa Prieto
 
When the AIs failures send us back to our own societal biases
When the AIs failures send us back to our own societal biasesWhen the AIs failures send us back to our own societal biases
When the AIs failures send us back to our own societal biases
Clément DUFFAU
 
malicious-use-of-ai.pptx
malicious-use-of-ai.pptxmalicious-use-of-ai.pptx
malicious-use-of-ai.pptx
warlord56
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of security
siswarren
 
The Innovation Commercialization Process: A Case Study
The Innovation Commercialization Process: A Case StudyThe Innovation Commercialization Process: A Case Study
The Innovation Commercialization Process: A Case Study
Cheryl Tulkoff
 
RESEARCH PROJECTSelect a topic of your choosing in the area of.docx
RESEARCH PROJECTSelect a topic of your choosing in the area of.docxRESEARCH PROJECTSelect a topic of your choosing in the area of.docx
RESEARCH PROJECTSelect a topic of your choosing in the area of.docx
gholly1
 
BENCHMARKS FOR EVALUATING ANOMALY-BASED INTRUSION DETECTION SOLUTIONS
BENCHMARKS FOR EVALUATING ANOMALY-BASED INTRUSION DETECTION SOLUTIONSBENCHMARKS FOR EVALUATING ANOMALY-BASED INTRUSION DETECTION SOLUTIONS
BENCHMARKS FOR EVALUATING ANOMALY-BASED INTRUSION DETECTION SOLUTIONS
IJNSA Journal
 
Benchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection SolutionsBenchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
IJNSA Journal
 
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
Willy Marroquin (WillyDevNET)
 
Review Questions What is the difference between a threat agent and a t.pdf
Review Questions What is the difference between a threat agent and a t.pdfReview Questions What is the difference between a threat agent and a t.pdf
Review Questions What is the difference between a threat agent and a t.pdf
vkawtia
 
IRJET- Breast Cancer Prediction using Deep Learning
IRJET- Breast Cancer Prediction using Deep LearningIRJET- Breast Cancer Prediction using Deep Learning
IRJET- Breast Cancer Prediction using Deep Learning
IRJET Journal
 
Case Cyber Security.docx
Case Cyber Security.docxCase Cyber Security.docx
Case Cyber Security.docx
studywriters
 
Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024
Marcus Botacin
 
Near-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless MalwareNear-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless Malware
Marcus Botacin
 

More Related Content

Similar to [Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!

Machine Learning Misconceptions
Machine Learning MisconceptionsMachine Learning Misconceptions
Machine Learning Misconceptions
Health Catalyst
 
The FAIR data movement and 22 Feb 2023.pdf
The FAIR data movement and 22 Feb 2023.pdfThe FAIR data movement and 22 Feb 2023.pdf
The FAIR data movement and 22 Feb 2023.pdf
Alan Morrison
 
RESEARCH PROJECTSelect a topic of your choosing in the area of.docx
RESEARCH PROJECTSelect a topic of your choosing in the area of.docxRESEARCH PROJECTSelect a topic of your choosing in the area of.docx
RESEARCH PROJECTSelect a topic of your choosing in the area of.docx
gholly1
 
BENCHMARKS FOR EVALUATING ANOMALY-BASED INTRUSION DETECTION SOLUTIONS
BENCHMARKS FOR EVALUATING ANOMALY-BASED INTRUSION DETECTION SOLUTIONSBENCHMARKS FOR EVALUATING ANOMALY-BASED INTRUSION DETECTION SOLUTIONS
BENCHMARKS FOR EVALUATING ANOMALY-BASED INTRUSION DETECTION SOLUTIONS
IJNSA Journal
 
Benchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection SolutionsBenchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
IJNSA Journal
 
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
Willy Marroquin (WillyDevNET)
 
Review Questions What is the difference between a threat agent and a t.pdf
Review Questions What is the difference between a threat agent and a t.pdfReview Questions What is the difference between a threat agent and a t.pdf
Review Questions What is the difference between a threat agent and a t.pdf
vkawtia
 

Similar to [Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change! (20)

Detecting Misuses of Security APIs: A Systematic Review
Detecting Misuses of Security APIs: A Systematic ReviewDetecting Misuses of Security APIs: A Systematic Review
Detecting Misuses of Security APIs: A Systematic Review
 
Machine Learning Misconceptions
Machine Learning MisconceptionsMachine Learning Misconceptions
Machine Learning Misconceptions
 
Mukha ng research methodology
Mukha ng research methodologyMukha ng research methodology
Mukha ng research methodology
 
Threat Modeling in the Cloud
Threat Modeling in the CloudThreat Modeling in the Cloud
Threat Modeling in the Cloud
 
Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"Adequate directions for use "In the Age of AI and Watson"
Adequate directions for use "In the Age of AI and Watson"
 
5 tactics for practical privacy protection
5 tactics for practical privacy protection5 tactics for practical privacy protection
5 tactics for practical privacy protection
 
Supply Chain management with Demand Forecasting of Covid-19 Vaccine using Blo...
Supply Chain management with Demand Forecasting of Covid-19 Vaccine using Blo...Supply Chain management with Demand Forecasting of Covid-19 Vaccine using Blo...
Supply Chain management with Demand Forecasting of Covid-19 Vaccine using Blo...
 
The FAIR data movement and 22 Feb 2023.pdf
The FAIR data movement and 22 Feb 2023.pdfThe FAIR data movement and 22 Feb 2023.pdf
The FAIR data movement and 22 Feb 2023.pdf
 
Witdom overview 2016
Witdom overview 2016Witdom overview 2016
Witdom overview 2016
 
When the AIs failures send us back to our own societal biases
When the AIs failures send us back to our own societal biasesWhen the AIs failures send us back to our own societal biases
When the AIs failures send us back to our own societal biases
 
malicious-use-of-ai.pptx
malicious-use-of-ai.pptxmalicious-use-of-ai.pptx
malicious-use-of-ai.pptx
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of security
 
The Innovation Commercialization Process: A Case Study
The Innovation Commercialization Process: A Case StudyThe Innovation Commercialization Process: A Case Study
The Innovation Commercialization Process: A Case Study
 
RESEARCH PROJECTSelect a topic of your choosing in the area of.docx
RESEARCH PROJECTSelect a topic of your choosing in the area of.docxRESEARCH PROJECTSelect a topic of your choosing in the area of.docx
RESEARCH PROJECTSelect a topic of your choosing in the area of.docx
 
BENCHMARKS FOR EVALUATING ANOMALY-BASED INTRUSION DETECTION SOLUTIONS
BENCHMARKS FOR EVALUATING ANOMALY-BASED INTRUSION DETECTION SOLUTIONSBENCHMARKS FOR EVALUATING ANOMALY-BASED INTRUSION DETECTION SOLUTIONS
BENCHMARKS FOR EVALUATING ANOMALY-BASED INTRUSION DETECTION SOLUTIONS
 
Benchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection SolutionsBenchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
 
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
 
Review Questions What is the difference between a threat agent and a t.pdf
Review Questions What is the difference between a threat agent and a t.pdfReview Questions What is the difference between a threat agent and a t.pdf
Review Questions What is the difference between a threat agent and a t.pdf
 
IRJET- Breast Cancer Prediction using Deep Learning
IRJET- Breast Cancer Prediction using Deep LearningIRJET- Breast Cancer Prediction using Deep Learning
IRJET- Breast Cancer Prediction using Deep Learning
 
Case Cyber Security.docx
Case Cyber Security.docxCase Cyber Security.docx
Case Cyber Security.docx
 

More from Marcus Botacin

More from Marcus Botacin (20)

Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024Machine Learning by Examples - Marcus Botacin - TAMU 2024
Machine Learning by Examples - Marcus Botacin - TAMU 2024
 
Near-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless MalwareNear-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless Malware
 
GPThreats-3: Is Automated Malware Generation a Threat?
GPThreats-3: Is Automated Malware Generation a Threat?GPThreats-3: Is Automated Malware Generation a Threat?
GPThreats-3: Is Automated Malware Generation a Threat?
 
[HackInTheBOx] All You Always Wanted to Know About Antiviruses
[HackInTheBOx] All You Always Wanted to Know About Antiviruses[HackInTheBOx] All You Always Wanted to Know About Antiviruses
[HackInTheBOx] All You Always Wanted to Know About Antiviruses
 
Hardware-accelerated security monitoring
Hardware-accelerated security monitoringHardware-accelerated security monitoring
Hardware-accelerated security monitoring
 
How do we detect malware? A step-by-step guide
How do we detect malware? A step-by-step guideHow do we detect malware? A step-by-step guide
How do we detect malware? A step-by-step guide
 
Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022
Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022
Among Viruses, Trojans, and Backdoors:Fighting Malware in 2022
 
Extraindo Caracterı́sticas de Arquivos Binários Executáveis
Extraindo Caracterı́sticas de Arquivos Binários ExecutáveisExtraindo Caracterı́sticas de Arquivos Binários Executáveis
Extraindo Caracterı́sticas de Arquivos Binários Executáveis
 
On the Malware Detection Problem: Challenges & Novel Approaches
On the Malware Detection Problem: Challenges & Novel ApproachesOn the Malware Detection Problem: Challenges & Novel Approaches
On the Malware Detection Problem: Challenges & Novel Approaches
 
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...
 
Near-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless MalwareNear-memory & In-Memory Detection of Fileless Malware
Near-memory & In-Memory Detection of Fileless Malware
 
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
Does Your Threat Model Consider Country and Culture? A Case Study of Brazilia...
 
Integridade, confidencialidade, disponibilidade, ransomware
Integridade, confidencialidade, disponibilidade, ransomwareIntegridade, confidencialidade, disponibilidade, ransomware
Integridade, confidencialidade, disponibilidade, ransomware
 
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
An Empirical Study on the Blocking of HTTP and DNS Requests at Providers Leve...
 
On the Security of Application Installers & Online Software Repositories
On the Security of Application Installers & Online Software RepositoriesOn the Security of Application Installers & Online Software Repositories
On the Security of Application Installers & Online Software Repositories
 
UMLsec
UMLsecUMLsec
UMLsec
 
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
The Internet Banking [in]Security Spiral: Past, Present, and Future of Online...
 
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
Análise do Malware Ativo na Internet Brasileira: 4 anos depois. O que mudou?
 
Towards Malware Decompilation and Reassembly
Towards Malware Decompilation and ReassemblyTowards Malware Decompilation and Reassembly
Towards Malware Decompilation and Reassembly
 
Reverse Engineering Course
Reverse Engineering CourseReverse Engineering Course
Reverse Engineering Course
 

Recently uploaded

Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Paige Cruz
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
SOFTTECHHUB
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
DianaGray10
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
Wonjun Hwang
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 

Recently uploaded (20)

Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Navigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiNavigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi Daparthi
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 

[Usenix Enigma\ Why Is Our Security Research Failing? Five Practices to Change!

  • 1. 5 Marcus Botacin Texas A&M University, USA @MarcusBotacin Why Is Our Security Research Failing? Five Practices to Change! ENIGMA 2023, SECURITY AND PRIVACY IDEAS THAT MATTER JAN 24-26, 2023, SANTA CLARA, CA 1 1
  • 2. Everybody Complains About Security Research 2
  • 3. Outside Academia Complaints 1. “The scientific way of defining requirements is too strict for real world use” 2. “Early-stage research is useless in the sense of not being close to transitioning to practical use.” 3. “Cybersecurity is failing due to ineffective technology” 4. “Universities failing at cybersecurity education” 3
  • 4. Academic Complaints Herley and P. C. van Oorschot about the JASON report: “The science seems under-developed in reporting experimental results, and consequently in the ability to use them. The research community does not seem to have developed a generally accepted way of reporting empirical studies so that people could reproduce the work” 4
  • 5. Let’s Suppose Security Research is Broken 5
  • 6. Study: Challenges & Pitfalls in Malware Research 6
  • 7. 1 2 3 4 5 Goals and Roadmap ● Not to point fingers. ● I also make mistakes. ● Teach some lessons. ● Learn from others’ mistakes. ● Learn from our own mistakes. 1. Study Types. 2. When to start looking to the industry. 3. When to stop looking to the industry. 4. Guidelines and Standards. 5. Reproducibility. 7
  • 8. 1. Focusing too much on a single study type 8
  • 9. The Most Common Research Types ● Engineering Solutions are more than 50% of all published papers. ● Only a few papers relied on previous measurements and observational studies. ● It suggests researchers have been taking ad-hoc project decisions. 9
  • 10. A new malware research method Solution Proposal: Integrate Science and Engineering methods 10
  • 11. The Most Common Research Types ● Engineering Solutions are more than 50% of all published papers. ● Only a few papers relied on previous measurements and observational studies. ● It suggests researchers have been taking ad-hoc project decisions. 11
  • 12. 2. Not looking at the industry when needed. 12
  • 13. ● Distributed Threadless Malware Systems Architectures ● Multi-core processors are prevalent (>99%) ● Literature is limited in multi-core examples (<1%) ● Prototypes can be single-core. ● Multi-core threats must be researched. 13 ● VANILLA: Layers and Layers of Attacks
  • 14. Malware Detection Approaches ● Majority of academic studies using ML rather than signatures. ● Industry uses both. ● Signatures still relevant. ● Should we stop researching signatures? 14
  • 15. 3. Looking too much at the industry and market. 15
  • 16. Goodware Sources ● Goodware samples are used as ground truth for ML models. ● Crawling software repositories allows getting popular software. ● Some binaries might be trojanized. ● A few studies filter out trojanized binaries. ● ML models might be biased! 16
  • 17. Antivirus Labels 17 ● The problem of heterogeneous AV labels has been known for a long. ● Comparisons are not fair because labels are not easily comparable. ● AVClass
  • 18. 4. Not developing standards and guidelines. 18
  • 19. Dataset Sizes ● No guideline and not practical standard. ● Researchers adopting ad-hoc decisions. ● Anchor bias: the median is ever-growing. ● How much is enough? ● Contradictory verdicts: 900K vs. 1M samples. 19 Dataset Size Median
  • 20. 5. We have a reproducibility crisis! 20
  • 21. Networks: Where Datasets Come From? ● The Human Aspect: Datasets are made private via Non-Disclosure Agreements (NDAs) 21
  • 22. Networks: Where Datasets Come From? ● The Technological Aspect: Malware analyses might not be reproducible due to payloads and C&Cs being sinkholed at any time. 22
  • 24. Call to Action ● Researchers: ○ Diversify the types of conducted studies. ● Reviewers and Program Committees: ○ Develop evaluation guidelines. ● The Field: ○ Focus on representativity rather than quantity. ● Venues and CFPs: ○ Ask for more diversified studies. ○ Be clear on requesting representative datasets. 24
  • 25. 5 ENIGMA 2023, SECURITY AND PRIVACY IDEAS THAT MATTER JAN 24-26, 2023, SANTA CLARA, CA 25 Why Is Our Security Research Failing? Five Practices to Change! Thank you! Contact: botacin@tamu.edu or @MarcusBotacin My Website: marcusbotacin.github.io Marcus Botacin Texas A&M University, USA @MarcusBotacin