Projects
Selected Research Projects & Applied Innovation
My work spans applied cybersecurity research, industry-aligned system building, and long-term foundational research, with a strong focus on malware detection and analysis, autonomous security operations, threat detection and threat intelligence, IoT security, and cyber-physical system resilience.
Agentic Malware Analysis, Detection & Next-Generation SOC (Recent Focus)
My recent work centers on Agentic Malware Analysis and Detection and the design of a Next-Generation Agentic Security Operations Center (Agentic SOC). This includes the use of LLMs and autonomous AI agents for binary malware analysis, behavioral summarization, threat correlation, and automated investigation workflows.
These efforts aim to reduce analyst workload, improve detection of evasive and zero-day threats, and enable autonomous yet human-governed SOC operations, translating cutting-edge research into deployable, enterprise-scale security capabilities.
Next-Generation SOC Capabilities for Proactive, Intelligence-Driven Defense
Modern enterprises face highly targeted, low-noise attacks that bypass traditional controls and overwhelm security teams with volume and complexity. The following capabilities are designed to reduce dwell time, improve analyst efficiency, and enable proactive defense, forming a cohesive roadmap toward an Agentic, Intelligence-Driven SOC.
Advanced Malicious Email Attachment Defense
Email remains the most reliable initial access vector for attackers. This work delivers enterprise-grade malicious attachment detection that integrates seamlessly into secure email gateways and SOC pipelines. By combining a unified detection model with file-type–specific intelligence, this work achieves high accuracy while maintaining low computational overhead—critical for high-volume enterprise environments.
Unlike traditional sandbox-heavy solutions, this work uses optimized static analysis at byte level to rapidly identify threats and precisely highlight malicious code regions, significantly reducing analyst triage and investigation time. This capability directly supports faster containment, lower false positives, and improved SOC productivity, with proven accuracy of up to 97% across common enterprise document formats.
CISO value: Reduced phishing risk, faster incident response, and lower operational cost without sacrificing detection depth.
Automated Threat Intelligence & Hunting from SOC Telemetry
SOC teams often struggle to extract actionable intelligence from massive volumes of EDR and audit logs. This work transforms raw alerts into high-level threat narratives by automatically correlating events, extracting context, and mapping attack progression using NLP-driven analytics and graph-based correlation.
This work eliminates the need for complex manual queries by enabling intuitive threat exploration and hunting, allowing analysts to rapidly identify attack chains, recurring adversary behaviors, and systemic weaknesses. This capability enhances threat visibility, investigation speed, and situational awareness, making it ideal for Tier-2/3 SOC operations and MDR platforms.
CISO value: Faster threat hunting, improved SOC signal-to-noise ratio, and better strategic visibility into adversary behavior.
Intelligent IOC Prioritization to Eliminate Analyst Fatigue
Threat intelligence teams are overwhelmed by IOC volume, often spending critical time on low-value indicators. This work introduces an intelligent IOC scoring and prioritization engine that ranks indicators based on relevance, confidence, and contextual relationships derived from large-scale threat intelligence sources.
By surfacing high-impact, high-confidence IOCs, this work enables SOC and CTI teams to focus resources where they matter most—improving detection quality while reducing burnout and wasted effort. The system integrates cleanly with existing TI platforms and SOC workflows, supporting scalable, automated intelligence operations.
CISO value: Higher ROI from threat intelligence investments and more effective use of limited security talent.
Proactive APT Detection, Prediction, and Attribution
Advanced Persistent Threats pose the greatest strategic risk to enterprises and national infrastructure due to their stealthy, multi-stage, and long-lived nature. This work is a proactive APT analysis and attribution capability designed to correlate fragmented alerts into coherent attack campaigns, predict future attacker actions, and attribute activity to known APT groups.
This work clusters and de-duplicates alerts, predicts next-stage APT behavior, and maps observed and predicted activity to MITRE ATT&CK TTPs, enriched with CVE-to-ATT&CK mappings. This enables SOCs not only to detect ongoing campaigns but also to anticipate attacker intent and pre-emptively harden defenses. Evaluated on real-world datasets, this work demonstrates 97.3% attribution accuracy with low false positives, making it suitable for high-stakes environments.
CISO value: Reduced dwell time, improved strategic threat understanding, and proactive defense against nation-state and targeted threats.
Strategic Impact: Toward an Agentic, Intelligence-Driven SOC
Together, these capabilities form the foundation of a Next-Generation Agentic SOC—one that moves beyond reactive alert handling to autonomous monitoring, intelligent correlation, predictive analysis, and analyst-assisted decision-making. This approach enables organizations to scale security operations, stay ahead of advanced threats, and build a resilient cyber defense posture aligned with modern enterprise and national security needs.
Internet of Things (IoT) Security & Cyber-Physical Systems
Automatic IoT Security Testbed
Designed and developed an automatic IoT security and privacy testing platform to assess vulnerabilities in state-of-the-art consumer and enterprise IoT devices. The testbed supports Wi-Fi, ZigBee, and Bluetooth, and integrates penetration testing, fuzzing, static and dynamic analysis, along with attack and defense modeling.
The long-term vision is to enable open testing, security benchmarking, and certification of IoT devices, supporting industry and regulatory needs.
PIT: Comprehensive IoT Security Analysis Framework
Developed PIT, a modular and extensible framework for multi-layer IoT security assessment, combining penetration testing, fuzzing, static and dynamic analysis, and exploitation engines. PIT has been evaluated on real-world IoT deployments, uncovering critical vulnerabilities including buffer overflows, DoS, and injection flaws, demonstrating tangible business and operational risk.
Privacy-Preserving IoT Device Detection
Proposed a privacy-preserving technique for identifying vulnerable IoT devices behind NAT in smart home environments. This work is particularly relevant for telecommunications operators, enabling risk-aware network protection without violating user privacy.
IoT Device Identification & Anomaly Detection
Applied machine learning-based identification and anomaly detection to detect unauthorized or rogue IoT devices in enterprise networks, supporting asset visibility, policy enforcement, and risk reduction.
Advanced-Intelligent Anomaly Detection System
In Cyber-Physical Systems (CPS), security defenses are largely perimeter- and endpoint-based, making them ineffective against zero-day attacks, insider threats, novel malware, and post-compromise manipulation. This research proposes an Intelligent Anomaly Detection System (IADS) that goes beyond traditional network-centric IDS by using machine learning–based behavioral analysis of field sensor data collected from historians or data acquisition servers. By detecting deviations in operational behavior rather than known signatures, the IADS enables early identification of stealthy and previously unknown attacks, even after an adversary has breached the CPS environment.
Decentralized Access Control for IoT
Designed a lightweight, decentralized authentication and authorization framework for IoT systems that addresses scalability, single points of failure, and resource constraints, enabling device-level decision-making and secure M2M communication.
Critical Infrastructure, WSNs & Dependable Systems (Foundational Work)
Cyber-Physical & Critical Infrastructure Security
Contributed to projects such as INSPIRE and CoMiFin, focusing on resilient communication architectures, collaborative threat detection, and secure operation of SCADA and financial critical infrastructure. These works emphasize availability, timeliness, reliability, and attack impact assessment.
Wireless Sensor Networks & Embedded Systems
Developed decentralized protocols for localization, tracking, cooperative monitoring, and Quality of Information (QoI)-aware communication in wireless sensor networks. These systems were implemented on TinyOS-based platforms and validated in real-world environments, balancing accuracy, reliability, and efficiency.
Security Protocols, Networking & Early Systems Work
Earlier work includes:
Distributed authentication protocols (SNAP) based on secret sharing
Secure VoIP and SIP infrastructure deployment
Embedded localization systems using Bluetooth and ARM Linux platforms
Sensor-based asset monitoring systems for server farms
These projects provided a strong grounding in secure systems design, networking, and embedded platforms, which continue to inform my applied cybersecurity research today.
Research Trajectory & Industry Relevance
Across my work, the consistent theme is bridging deep technical research with real-world security needs—from IoT and cyber-physical systems to malware analysis and autonomous SOC platforms. My recent focus on Agentic Malware Analysis and Agentic SOCs represents a natural evolution toward AI-driven, scalable, and resilient cyber defense systems for enterprise and national-scale environments.