Liwei Ren, Scientific Advisor, Trend Micro

Liwei, you're Scientific Advisor at Trend Micro. Could you tell our readers a bit about your role, and what an average day looks like?

I have multiple responsibilities. Internally, I work with a few R&D teams as an adviser for developing novel security technologies powered by mathematical models and advanced algorithms, and I also help introduce cutting-edge technologies to the company through continuous follow-ups and technology evaluation in relevant fields. I visit other R&D centers in Taipei and Nanjing a few times a year for collaborative projects. During the visit, I always conduct a few seminars at Trend University (an internal education program) to share the most recent technologies since I am based in Silicon Valley. In addition, I own an interesting research project in the area of byte-wise approximate matching that aims at building a framework for byte-wise file matching, searching and clustering.Externally, I reach out to both academic and industrial communities to help establish thought leadership for Trend Micro. That is done by conducting academic seminars at universities, speaking at academic/industrial conferences, and exchanging ideas with academic researchers or industrial experts.

My typical day could be pretty boring… I may start a new day by communicating via email with the co-workers in China, UK or Taiwan for the current research projects. Then I would review some news sent from our news bank to follow up with the most recent security news. I may have a meeting with a co-worker who works with me for the current research project that I own. I would read a few industrial white papers or academic papers in various fields of security, or I may write a proposal for filing a patent… I may prepare a PPT for my next external presentation that happens a few times a year. When I have spare time, I would write a few academic papers that I never get done. 🙂 In the evening, once in a while, I may attend a few technical meet-ups organized by Silicon Valley professionals.

Your PhD was in Mathematics; what first drove you to work in digital forensics?

What drove me was my interest in e-discovery, which is a security field near digital forensics. I have been studying e-discovery in the past few years. There are a few mathematical problems in e-discovery that invite my interest, for example, the problem of near de-duplicate, and predictive coding technique.

At DFRWS you presented a theoretic framework for evaluating similarity digesting tools. Could you briefly outline your presentation for our readers?

This presentation is an effort to unify the description of what byte-wise similarity is all about. It is done by providing a mathematical model to describe byte-wise similarity rigorously. A framework based on this model defines similarity in a uniform format so that it gets easier and clearer for us to evaluate various similarity digesting algorithms in terms of pros & cons. Three existing open source tools {ssdeep, sdhash , TLSH} are evaluated under this theoretical framework. The results agree with what I evaluated via data experiment.

TLSH, sdhash and ssdeep are all open source solutions. In your opinion, how do open source tools and solutions in general compare with their commercial counterparts?

I am not aware of any commercial tools for similarity digesting. I am sure there must be some, however, I never evaluated one. As to open source solutions in general, some are very good and some may have annoying bugs that seem to take forever to fix. An open source solution takes many years to arrive at maturity. So one needs cautious evaluation prior to adopting one in products or solutions. Hence, one needs to balance between cost and rapid software development. For critical components in products where I was the architect, I prefer to use commercial software APIs mainly for their stability and support unless the open source software is stable and great.

You also conduct research into big data analysis, which was a topic that came up frequently at DFRWS. In your opinion, what can digital forensics investigators and tool developers do to address the challenges of big data triage and analysis in investigations?

Yes, big data analysis will absolutely be an important practice in the security industry for years to come. For example, a few security startups in Silicon Valley are building next generation SIEM systems based on big data analytics. Yet a few other security companies are applying big data analytics to provide more effective solutions against APT attacks. As to the area of digital forensics, I believe big data analysis can play an important role as well. In the era of cloud computing & big data, the volume of data under investigation may be tremendous, the traditional approaches may take a longer time or just be impossible to carry on. Novel approaches or tools must be developed to overcome the challenges; big data analytics is a rescue. However, the capability of building big data analytics based investigation tools depends on how deeply the developers understand the underlying problems in the big data environment, and how fluently they are able to use mathematical models to describe the problems so that analytical solutions will follow.

What trends do you see currently in forensic computing, and what new challenges do you envisage in the future?

I am not an expert yet in forensic computing so I cannot speak about the trends… however, I do see novel challenges caused by new computing platforms such as clouds, mobile devices and even IoT. Actually, I am using e-discovery as a reference… I am more comfortable talking about e-discovery.

Finally, what do you do in your spare time?

I spend most of my spare time with family, especially with my son for his after-school activities. My family travels a lot in summer time, for example, visiting other countries and US national parks, or camping a few times in state parks in California. I engage in a few local communities as well. As an experienced entrepreneur, I have been invited by local startups or incubators frequently to share my knowledge of building a hi-tech company.

Liwei Ren is a mathematician and entrepreneur, and currently holds the position of Scientific Advisor at Trend Micro, who develop digital security solutions worldwide. Liwei has twenty-three US patents and is a frequent speaker at conferences and seminars in academia and industry.

Forensic Focus interviewed Liwei at DFRWS, the annual Digital Forensics Research Workshop, which took place in Dublin from the 23rd-26th of March. The next workshops will be held in Philadelphia in August 2015, and Switzerland in March 2016. You can find out more and register here.

Leave a Comment