{"689123":{"#nid":"689123","#data":{"type":"event","title":"Ph.D. Dissertation Defense - Mingxuan Yao","body":[{"value":"\u003Cp\u003E\u003Cstrong\u003ETitle\u003C\/strong\u003E\u003Cem\u003E:\u0026nbsp; From Evidence to Remediation: Automated Forensic Pipelines for Proactive Cyberthreats Intervention\u003C\/em\u003E\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003ECommittee:\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003EDr. Brendan Saltaformaggio, ECE, Chair, Advisor\u003C\/p\u003E\u003Cp\u003EDr. Frank Li, ECE\u003C\/p\u003E\u003Cp\u003EDr. Saman Zonouz, ECE\u003C\/p\u003E\u003Cp\u003EDr. Christopher Kruegel, UCSB\u003C\/p\u003E\u003Cp\u003EDr. Giovanni Vigna, UCSB\u003C\/p\u003E","summary":"","format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003ETraditional cyber forensics is reactive: investigators collect evidence after an incident, address a single case, and leave adversaries free to redeploy. This dissertation introduces the evidence-to-remediation paradigm, a proactive forensic science that extracts comprehensive evidence from a single reported incident and generates remediation strategies that scale across entire platforms. I demonstrate this paradigm through three systems. MARSEA conducts the first large-scale study of malware abusing web applications as command-and-control infrastructure; deployed on 10,000 samples, it revealed 893 malware in 97 families abusing 29 web applications and enabled the takedown of 50% of malicious content. VADER targets Dead Drop Resolver malware that encodes C\u0026amp;C addresses as manipulated payloads on benign platforms; by extracting de-manipulation recipes from binaries, it enables providers to proactively scan for unknown dead drops, uncovering 57.1% additional dead drops across 100,000 samples and achieving 94.4% removal. COCO generalizes the paradigm to blockchain fraud, tracing entire campaigns from a single report; applied to 157 fraud contracts, it uncovered over 1.28 million associated contracts linked to 91 Deceptive Creator Wallets responsible for around $2.09 billion in illicit profits, leading to collaboration with the U.S. FBI and Etherscan. Together, these systems establish a generalizable framework that shifts cyber forensics from reactive investigation to automated, evidence-driven intervention at ecosystem scale.\u003C\/p\u003E","format":"limited_html"}],"field_summary_sentence":[{"value":"From Evidence to Remediation: Automated Forensic Pipelines for Proactive Cyberthreats Intervention "}],"uid":"28475","created_gmt":"2026-03-22 20:13:42","changed_gmt":"2026-03-22 20:15:18","author":"Daniela Staiculescu","boilerplate_text":"","field_publication":"","field_article_url":"","field_event_time":{"event_time_start":"2026-04-06T14:00:00-04:00","event_time_end":"2026-04-06T16:00:00-04:00","event_time_end_last":"2026-04-06T16:00:00-04:00","gmt_time_start":"2026-04-06 18:00:00","gmt_time_end":"2026-04-06 20:00:00","gmt_time_end_last":"2026-04-06 20:00:00","rrule":null,"timezone":"America\/New_York"},"location":"Room C0903, CODA","extras":[],"related_links":[{"url":"https:\/\/gatech.zoom.us\/my\/mingxuanyao","title":"Zoom link"}],"groups":[{"id":"434381","name":"ECE Ph.D. Dissertation Defenses"}],"categories":[],"keywords":[{"id":"100811","name":"Phd Defense"},{"id":"1808","name":"graduate students"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[{"id":"1788","name":"Other\/Miscellaneous"}],"invited_audience":[{"id":"78771","name":"Public"}],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[],"email":[],"slides":[],"orientation":[],"userdata":""}}}