Symantec's WINE System for Repeatable, Data-Intensive Experiments in Cyber Security

Friday, March 16, 2012 - 11:15am - 12:15pm

Computer Science - Seminar Event

Location: Torgerson 2150

 

Dr. Tudor Dumitras
Senior Research Engineer
Symantec Research Labs
 
Abstract:
 
The Worldwide Intelligence Network Environment (WINE) is a platform,
developed at Symantec Research Labs (SRL), for conducting data intensive
experiments in cyber security. We have built WINE focusing on the
challenges for aggregating multiple terabyte-size data feeds, which
Symantec uses in its day-to-day operations, and for supporting
open-ended experiments at scale. WINE also enables the reproduction of
prior experimental results, by archiving the reference data sets that
researchers use and by recording information on the data collection
process and on the experimental procedures employed.
 
The need for such a platform arose from SRL’s program for sharing field
data, collected by Symantec on millions of hosts worldwide, with
researchers in academia. For example, WINE includes historical
information on unknown binaries found on the Internet—providing unique
insights into the origins and prevalence of zero-day attacks—as well as
telemetry from Symantec’s anti-virus products—indicating the
effectiveness of defensive mechanisms (e.g., security patches,
anti-virus signatures). In addition to cyber security, the WINE data is
relevant to research in machine learning, mobile computing, software
reliability, storage systems, and visual analytics. In this talk, I will
also discuss the challenges for sharing sensitive data and for
establishing a rigorous benchmark for cyber security.
 
Bio:
 
Tudor Dumitraș is a senior research engineer at Symantec Research Labs
(SRL), currently building the Worldwide Intelligence Network Environment
(WINE). Tudor's prior research focused on improving the dependability of
large-scale distributed systems (addressing operator errors during
software upgrades), of enterprise systems (addressing the predictability
of fault-tolerant middleware), and of embedded systems (addressing soft
errors in networks-on-chip). He received the 2011 A. G. Jordan Award,
from the ECE Department at Carnegie Mellon University, for an
outstanding Ph.D. thesis and for service to the community, the 2009 John
Vlissides Award, from ACM SIGPLAN, for showing significant promise in
applied software research, and the Best Paper Award at ASP-DAC'03. Tudor
holds a Ph.D. degree from Carnegie Mellon University. 
 

Contact: T. M. Murali
Email: murali@cs.vt.edu
Phone: 5402318534

Website

View Full Calendar ->