Scarecrow: Deactivating Evasive Malware via Its Own Evasive Logic
- Jialong Zhang
- Zhongshu Gu
- et al.
- DSN 2020
Marc Ph. Stoecklin is a Principal RSM and head of Security Research Department at IBM Research Europe in Zurich, Switzerland. He is responsible for the AI for Cybersecurity Operations research activities at IBM, with a particular focus on applying artificial intelligence (AI) and machine learning technologies to automated threat management (detection, investigation, response) in hybrid, multi-cloud, and enterprise settings. Fields of activities include advanced threat detection, security advisors, cyber reasoning, active defense, big data analytics, and security visualization. Marc holds a PhD degree in Computer, Communication and Information sciences from École Polytechnique Fédérale de Lausanne (EPFL), Switzerland.
Marc leads the research efforts behind IBM's AI-powered security operations offerings (incl. Watson for Cyber Security and QRadar Advisor with Watson, as well as applications on IBM Cloud Pak for Security) and is one of the creators of the concepts and algorithms leveraged in the products. Moreover, he has contributed to several security technologies that IBM has open sourced, incl. Kestrel threat hunting language and Sysflow.
Marc is the tech lead of IBM's COVID-19 technology taskforce activity related to Contact Tracing and Health Certificates. As part of this effort, IBM Digital Health Pass (IDHP) was developed and designed with key contributions from several researchers from the Zurich Security Research department. IDHP is actively used, for example, in the State of New York (Excelsior Pass) with over 1M passes issued in the first two months.
Moreover, Marc continuously analyzes the impact of emerging technologies on the cyber security posture of organizations (incl. the misuse and weaponization of AI by cyber attackers [BlackHat '18]) and serves as scientific board member of the CEPS taskforce on AI and Cybersecurity.
In 2006, Marc joined IBM Research as a research intern and subsequently research scientist on the AURORA project. In this project, he contributed to the design and development of a flow-based network traffic monitoring and anomaly detection system, which has been productized by IBM Tivoli in 2009. He developed several behavior-based anomaly detection components for AURORA traffic monitoring system. In 2011, Marc joined the Global Security Analysis Lab (GSAL) at the IBM T.J. Watson Research Center in Hawthorne, NY where he participated in the development of the IBM Cyber Security Analytics and Intelligence research platform. In 2012, Marc became a Research Staff Member of the Cloud and Security Group in the Industry & Cloud Solutions department at IBM Research – Zurich, where he continued to deepen his focus on Cyber Security Analytics on the network level, both in traditional IT and industrial control systems (ICS( networks. From 2014 to 2019, Marc lead the Cognitive Cyber Security Intelligence team at the IBM T.J. Watson Research Center in Yorktown Heights, NY. In 2019, Marc became the head of the Security Department at IBM Research Europe in Zurich as well as manager of the Security Solutions group.