I am a computer science Ph.D. student at Purdue University under the advisory of Prof. Elisa Bertino, focusing on cybersecurity and machine learning. My current research delves into general zero-shot learning and domain adaptation, collaborating with IBM. I'm also exploring GenAI methodologies for malware generation. I spent the summer 2023 at Cisco Research, where I applied graph neural networks to predict malware binaries using control flow graphs. Previously, during the summer of 2022, I worked at Aviatrix, employing machine learning techniques for traffic analysis. Prior to Purdue, I was a research assistant at UCalgary and Telus where I worked on designing distributed authorization systems that help domain experts explore and address complex authorization scenarios in DevOps and smart homes. I obtained my MSc degree in computer science from the University of Calgary under the advisory of Prof. Reihaneh Safavi-Naini .
We designed and implemented a full-blown Modbus protocol running over QUIC. QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides lower-latency connection establishment than TCP/TLS. Our implementation is based on pymodbus and aioquic. We evaluated the connection latency for QUIC and TCP/TLS on a mininet virtual network, where we can easily change the network conditions (delay, percentages of packet loss).
Ransomware has been wreaking havoc since the mid-2000s. Improved ransomware variants continue to be seen since then, often with devastating results. This report will cover one of the samples of Flotera, which was available through HybridAnalysis. We present the static and dynamic behavior analysis of the Flotera ransomware.
We proposed a capability-based system that provides efficient refined (conditional) access to resources. It allows a sequence of permissions to be enforced, each with their own specific context. We implemented the system as an extension to the OAuth framework. To achieve high usability, Griffin provides two reusable components, an authorization server and a Middleware. The authorization server is reusable, policy-content independent which can be easily configured to different application scenarios. The Middleware can be added into any resource server restful API to enable Griffin compliant resource server.
Vice President Communication of Computer Science Graduate Society, University of Calgary, May 2018 - July 2019