School of Computing and Information Sciences
Amin Kharraz, Ph.D., is an assistant professor in the School of Computing and Information Sciences at Florida International University. An overarching theme of his research is to enable evaluating security and privacy implications of emerging technologies and build solutions to discover them in a scalable and reliable manner. He is the founder of the Secure Systems Lab (SecLab) at FIU where he focuses on building systems to study security problems including evasive malware attacks, web and browser security, social engineering, and cyber crime. Amin’s work has helped to develop techniques to protect users from important security problems, including ransomware, and guide the design of new defense systems. His research has been distinguished with a best paper award at the Web Conference (WWW) in 2019. He regularly serves in the Program Committees of top security conferences.
Organized cybercrime occurs in different forms and has become more frequent and consequential. How do we quickly, accurately, and comprehensively identify these threats? How can we reduce the attack surface and improve defensive agility? The necessary steps to make meaningful progress and answer these questions require integrating 1) a variety of scientifically rigorous empirical methods including user studies, machine learning, and code analysis to translate an abstract concept into quantifiable information, and 2) data-driven approaches to enhance the agility of defenders to respond to these attacks.
In this talk, I will highlight the contribution of empirical methods to systems security with three examples from my work. I present systems to uncover and explore three large-scale adversarial activities including ransomware, online scams, and in-browser covert cryptomining. I illustrate how data-driven approaches offer empirical techniques to study contemporary security incidents by exposing underlying aspects of these threats, leading to more effective defensive techniques and security models that are more closely aligned with today’s cybersecurity landscape.