Speaker: Zhou Li, Research Scientist at RSA Labs
Title: Hunting Cyber Crime: From Code to Infrastructure
Abstract: The technological progress in today’s Internet not only fosters a booming industry, but also offers new opportunities to criminals. In recent years, cyber attacks are getting more sophisticated, being launched in a larger scale and leading to worse consequences. Detection based on code signatures, an approach still dominating security market, is seen less and less effective nowadays. In this talk, I will present several my works regarding cyber crime hunting. Instead of code analysis, my works focus on how attackers’ infrastructure is set up and how they run the operations. These aspects are largely overlooked by the existing approach, but turn out to be very indicative, as shown in my research. In particular, I will talk about how malicious online advertisements, dedicated malicious servers and large-scale JavaScript injections can be spotted following this direction. I will also talk about my recent work at RSA Labs on detecting communities of malicious domains from enterprise logs, which has been integrated into RSA’s SIEM products and testified by many customers.
Bio: Zhou Li is a research scientist at RSA Labs. His research cover web security, cyberfraud measurement and vulnerability discovery. Before joining RSA Labs, he worked as a Research Assistant at Indiana University Bloomington from 2009 to 2013 and as a Research Intern at Microsoft Research Silicon Valley in 2011. He received B.S. degree and M.S. degree in Computer Science from Wuhan University, China, and obtained Ph.D. degree in Computer Science from Indiana University Bloomington. Zhou has published over 20 research papers and many were in top security conferences including IEEE S&P, Usenix Security and CCS. His work was reported by many media outlets like New York Times, The Register, and etc.