ISI Directory

Jeremy Abramson, Ph.D.

Senior Computer Scientist, Lead Scientist

Education

Ph.D., Computer Science, University of Southern California
M.S., Computer Science, University of Southern California
B.S., Computer Science, University of California, Davis

Bio

Dr. Abramson is a Research Computer Scientist in the Networking and Cybersecurity Division at USC's Information Sciences Institute, and a lecturer in USC's Data Science Program.  He's currently focused on data-driven approaches to cybersecurity, threat-actor attribution, OSINT and sports analytics.  He's previously done work on spearphishing detection and mitigation, embedded device security (specifically software attestation approaches to supply-chain vetting), resilient reconfigurable and high-performance computingperformance prediction/modeling, and mobile networking.  Other professional interests include linked data applications, novel biometric/behavioral authentication and natural language generation.

He created the curriculum for Data Science 510: Principles of Programming for Data Science, and has taught the course for many years.  It is a “core” introductory data science course in the Data Science program.  In addition to providing incoming Data Science Program students with the background they’ll need for the rest of their coursework, the class has become very popular with non-technical graduate students looking to apply data-driven methods to their research.

Dr. Abramson has also created the curriculum for two sports analytics classes.  He currently teaches a graduate sports analytics course for Masters of Business Analytics students in the Anderson School of Management at UCLA. Previously, he taught an undergraduate special topics course in sports analytics in USC’s Information Technology program.

Dr. Abramson is especially passionate about STEM education and increasing representation of underrepresented groups in data science and sports analytics.  He was awarded UCLA Professional Development award to pursue sports analytics curricula as a method of improving STEM representation for underrepresented groups.

If you’d like to work with Dr. Abramson, please note he is currently not hiring student workers.  If you are a Ph.D. student or if you would like to potentially work with him under a directed research, please take a look at the current research projects, and send him an email.

Research Summary

The Data Driven Cybersecurity @ ISI group is looking for talented researchers to assist with the following projects:

Social Graph Analysis and Attribution of Software Exploit Contributors Using GitHub: 
Attribution of threat actors is an increasingly important and difficult problem. One potential mitigation is the early detection of potential threat actors via analysis of open-source intelligence (OSINT). This project will analyze the social graph of users who contribute to, follow, star, and otherwise interact with proof-of-concept CVE implementations and other relevant potentially malicious (e.g. software vulnerability) repositories.  These social graphs will be analyzed to see if potential “black hat” threat actors have networks that differ from their “white hat” counterparts.  If successful, such a project could help speed the discovery of dangerous threat actors, as well as aiding in linking threat actor personas on the internet.
Integration of Frame Semantics to Cyber Ontologies
Cyber ontologies such as STIX and ATT&CK can represent complex relationships between cyber threat actors, attacks and infrastructure.  While such representations are conducive to interoperability between systems, they are often unwieldy for human cyber analysts to deal with directly.  Conversely, Natural language generation (NLG) frameworks like FrameNet represent language in a structured manner, but frame specifications are often not specific enough for specialized domains (such as cyber security).  Leveraging and combining the semantic structure of both forms can create a tool that can translate cyber threat data in standard interoperable formats (such as STIX) to human-readable reports, via existing NLG frameworks.  Working on a project such as this provides an opportunity for significant impact, as the fusion of these two structures could greatly increase both the adoption and the utility of cyber threat ontologies.
Social Network Expansion: Construction of a human-subject spearphishing experiment:
Social Network Expansion (SNE) aims to explore the relationship between various factors of “cost” in creating social networking personas, and these personas’ efficacy in connecting and interacting with a target populace.  A more complete understanding of this relationship between required adversarial complexity/resources and connection/interaction efficacy will enhance our ability to detect and mitigate a number of threats, including (but not limited to) spearphishing, persona hijacking and the spread of fake news.
Textual, Structural and Semantic Analysis of Phishing Datasets
Phishing attacks – both specifically and broadly targeted – are an increasingly dangerous vector for malice. Because of the textual and semantic similarities between potentially malicious and benign emails, detection of subtle phishing attacks can be difficult. This project aims to provide a high-level textual and structural analysis of different phishing datasets to determine what features in a conversational chain may be useful in increasing detection of phishing attacks. Students will work on textual extraction of features (intent, sentiment, tone, etc.) and analysis of externally verifiable content (company affiliation, etc.)
Detecting Malware Campaign Lifecycles from Behavioral Analysis:
This project aims to detect and coalesce families of malware articles and campaigns by analyzing their behavior and interactions with the outside world. Features such as network activity, system component interactions and others can be used to cluster malware articles and determine the duration of malware campaigns otherwise thought to be independent. Students will work on Exploration of open-source malware API contents (e.g. VirusTotal), construction of malware behavioral data set, generation of similarity metrics (network traffic access patterns, system interactions, etc.) and analysis and clustering of malware articles and campaigns.

Note that we are not currently hiring for student working positions.  If you are a Ph.D. student or interested in a directed research, please contact Dr. Jeremy Abramson (abramson at ISI dot edu) with the following information:

Name
Year of study (3rd year, MS student, etc.)
Degree program (Computer Science, Data Science, etc.)
Project(s) that you want to work on (note: you will only work on one project at a time, but you can specify a preference list)
Number of units of DR requested (if applicable)
A current resume

Thank you so much, and looking forward to working with you!