Projects

Created contextualizer component for Trail of Bits' AIxCC Cyber Reasoning System (CRS) entry Buttercup.
Website:
- https://aicyberchallenge.com/
- Trail of Bits blogs

Helped identify and run baselines to compare to VulChecker.
Publication: VulChecker: Graph-based Vulnerability Localization in Source Code (USENIX 2023)
Repositories:
Techniques: Python

Helped write this paper and performed some analyses.
Publication: Identifying Behavior Dispatchers for Malware Analysis (AsiaCCS 2021)

Trained a deep learning model to detect malicious functions within malware binaries using instruction- and CFG-based features. It is particularly useful when symbols and strings are missing, forcing the analyst to otherwise execute the malware in a dynamic sandbox.
Publication: DeepReflect: Discovering Malicious Functionality through Binary Reconstruction (USENIX 2021)
Repository: https://github.com/evandowning/deepreflect
Techniques: Python, BinaryNinja, Scikit-learn, Keras

Assisted a post-doc and PhD student in designing a drone intrusion detection methodology based on external environmental data (e.g., sound of the propellers spinning).
Soldered and installed a Pi-connect, Raspberry pi, and microphone array onto the drone to collect telemetry data.
Website:
- https://www.tii.ae/
Repositories:
Techniques: Python

Assisted in the design and development of MLSploit, a flexible framework enabling machine learning model training and generating attacks to evade those models.
Utilized Python, Scikit-learn, and Keras to create various malware detection models and employed binary rewriting for executable malware that dynamically evades detection.
Websites:
- https://istc-arsa.iisp.gatech.edu/
- https://mlsploit.github.io/
Publications:
- MLsploit: A Framework for Interactive Experimentation with Adversarial Machine Learning Research (KDD extended abstract 2019)
- To believe or not to believe: Validating experimentation fidelity for dynamic malware analysis (CVPR workshop 2019)
Repositories:
Techniques: Python, Scikit-learn, Keras, binary rewriting, bash

Created a graphical database capable of receiving real-time host-based information from Linux end-hosts.
Websites:
- https://www.darpa.mil/program/transparent-computing
- https://github.com/darpa-i2o/Transparent-Computing
Publications:
- Efficient Data Flow Tagging and Tracking for Refinable Cross-host Attack Investigation (USENIX 2018)
- RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking (CCS 2017)
Repositories:
- https://github.com/redspot/theia-ki-target-agent
- https://github.com/evandowning/theia-database
Techniques: C++, Python, Neo4j

Collaborated with a research group to develop and test a novel method for detecting malicious intrusions into computers, involving Linux kernel modification and rootkit development.
Publication: Beholder: Phase-Space Detection of Cyber Events (2013)
Techniques: C

Developed a JavaScript-based API for flexible scatterplot creation, to be utilized in a Human-Computer Interaction (HCI) study for Centers for Medicare & Medicaid Services (CMS).
Designed and developed visual interfaces for projects analyzing computer network traffic for malicious and anomalous patterns.
Publications:
- situ: Situational Understanding and Discovery for Cyber Attacks (2012)
- NV: Nessus Vulnerability Visualization for the Web (VizSec 2012)
Techniques: JavaScript, CSS, HTML

Collaborated with the U.S. Marines and Centers for Medicare & Medicaid Services (CMS) to develop maintenance durability and cost/progress visualizations using Protovis, a JavaScript visualization library.
Techniques: JavaScript, CSS, HTML