Research & Projects

My research goal is to develop autonomous resilient systems using cyber deception and moving target defense to detect and mitigate advanced persistent threats (APT), especially malware, spear-phisher, and network reconnaissance attacks. My research aims to build intelligent agents that make adaptive, risk-aware, and cost-effective defense decisions autonomously by learning the environment and considering the uncertainty of the attacker’s true strategy while ensuring resiliency and fulfilling of business policy. For optimal defense action planning and system orchestration, I use discrete optimization (SMT), sequential decision making (MDP/POMDP), reinforcement learning, etc. I have hands-on experience building software for diverse fields using the MITRE ATT&CK framework, software-defined networking (SDN), cryptography, email protocols, payment applications, and more.

ActiveSDN

[code-activesdn] [code-activesdn-middleware] [paper-1] [paper-2]

An open programming environment that enables developing and prototyping advanced active cyber defense mechanisms (such as IP or route mutation, honey network creation) rapidly and safely on Software Defined Networking (SDN). ActiveSDN also provides a language for security policy specification.
Tools/languages: OpenDaylight, OpenFlow, Java, Python, VMware, TCP, UDP, ICMP.

Email Mutation

[code] [paper]

Sender Email address Mutation is a novel protocol to detect the lateral spear-phishing attack in which an adversary sends phishing emails to a victim from a legitimate but compromised email account. The protocol works with any mail service providers such as Gmail, Apple iCloud, and mail clients, such as mail.gogole.com, Outlook, Thunderbird, etc.
Tools/languages: SMTP, IMAP, Django, Python, Java, Chrome Extension.

Panacea: Email Header Analytics

[code]

Panacea is a multi-layer system to defend against email borne threats such as spamming, spoofing, and spear-phishing attacks. In Panacea, we use different techniques, including Machine Learning, NLP, real time active investigation such as evaluating domain reputation to detect such threats.
Tools/languages: Scikit-learn, Django, Python, C++, Git, Docker, Kubernetes, Apache Kafka.

Chimera: Autonomous Cyber Deception Planer

Chimera is an autonomous orchestrator to design a deception environment in order to detect and deceive advanced persistent threats such as Ransomware, Information Stelar, RAT. Due to the uncertainty and dynamic nature of the attackers, I use Partially Observable Markov Decision Processes (POMDP) to observe adversary techniques based on MITRE ATT\&CK framework and reinforcement learning to learn from the environment to choose the optimal deception actions.
Tools/languages: MITRE ATT&CK, POMDP, Python, C++, OpenAI, EasyHook, Windows API.

FIPS Certification for KONA N41M0 Smart Card

Developed and documented the Demonstration Applet to achieve Security Requirements for Cryptographic Modules FIPS 140-2. The secure module KONA N41M0 get certified on November 25, 2015 (certificate no. 2476 and 2478).
Tools/languages: JavaCard, JAVA, specs: FIPS-140, PKI, Elliptic Curve Cryptography, NIST.

Payment Applet

As a team-lead, I designed the architecture of AMEX, JCB, and Discover Payment applications. I developed the critical crypto modules such as application cryptogram generation, cardholder verification, secure massaging, etc.
Tools/languages: JavaCard, Java, specs: Amex, JCB, Discover and PCKS.

KonaPay

I was a Scrum Master and team lead of the project KonaPay which is a payment solution compliant with EMV, VISA and MasterCard Payment Specifications.
Tools/languages: JavaCard, Java, specs: EMV, GlobalPlatform, Mastercard and VISA specifications, PCKS, NIST.