Yes please.

The struggle is real. 🤷‍♂️

Keep an eye out for our presentations. 🕴️

Listen to this guy.

Paper link here: gangw.cs.illinois.edu/mitre2…. We disclosed our results to the surveyed company’s, @MITREattack and CITD, and will be also be presenting these results at ATTACKCon 5.0 this Fall.

To understand how @MITREattack is used in commercial endpoint detection products, @avirkud4 led an analysis of the ATT&CK technique annotations in the @carbonb1ack, @splunk, @elastic, and Sigma rulesets.

Upcoming at @USENIXSecurity’24 — In (academic) systems security research, name checking @MITREattack has been the “peer review armor” of choice for a lot of work recently. But do these papers understand what ATT&CK is(n’t)? What about commercial products?

Traditionally in ML, building models is the central activity and evaluation is a bit of an afterthought. But the story of ML over the last decade is that models are more general-purpose and more capable. General purpose means you build once but have to evaluate everywhere. Increasing capability means taking on more realistic tasks in higher-stakes domains, so benchmarks have to be far more complex and thoughtful, and in many cases even the most careful benchmarks simply aren't enough. So both the quantity and quality of evaluations has to increase. But status hierarchies change slowly in any research field, including ML. Most researchers' dream is to build the next transformer. That's a lottery with incredibly low odds. I suspect that researchers who focus on evaluation and understanding will have a much easier time making impactful contributions and standing out, despite the traditionally lower status of this type of work. (Obviously oversimplifying a bit to make a point; there's a lot more to ML than model building and evaluation.)

Every person who you mentor is a unique individual, and none of them are you. Mentoring isn’t about sharing what you would do, but exploring what’s best for them to do.

Woooooo great job @MuhammadAdilIn1 !!!

Tomorrow morning in Session 9C (9am, Bayview AB) — system auditing research may not be sexy, but it has *exploded* since 2015. Come watch @MuhammadAdilIn1 and I break it all down for you in our data provenance SoK, “History is a vast early warning system!”

Excited to announce that our *data provenance* SoK, "History is a Vast Early Warning System: Auditing the Provenance of System Intrusions," has been conditionally accepted to @IEEESSP #Oakland23. Before finalizing the camera-ready paper, we need your help!

A great ride with @MuhammadAdilIn1 @wajihulhasan @AliThespy @AdamBatesOrg and other collaborators to @NDSSSymposium! #NDSS22 It's eye-opening when @wajihulhasan first showed me that configurations can be as crazy as part of attack vectors by presenting CVE-2016-7790 in CS 523.