I study cybercrime using data-driven methods to analyze, characterize, and measure the infrastructure and modus operandi used by criminal activities on the Internet. In particular, I focus on collection, analysis, and semantic characterization of cyber threat intelligence that comes in many shapes and forms (e.g., natural language, network traffic, system audit logs). The ultimate goal is to learn insights that will inform decisions on building robust defense against online criminal activities that involve threats such as ransomware, exploit kits, and botnets. To achieve these goals, I find graph theory and analytics, machine learning (deep learning), longitudinal analysis, and causality inference to be the natural methods. I also study the training and deployment of cyber threat classification/prediction systems in adversarial settings.
