Projects

Principal Investigator on DO NO HARM (a system to remediate vulnerabilities in medical devices), and subcontractor for HRL's MINDSET (a system to identify vulnerabilities in medical devices).
Extended VulChecker to identify a wide variety of CWEs in firmware binaries.
Links:
- https://arpa-h.gov/explore-funding/programs/upgrade
- https://arpa-h.gov/explore-funding/awards/3546
Repositories: TBD
Techniques: Python

Technical leader on Model-Inspector, a system to generate bills-of-material and audit AI/ML models for security weaknesses.
Designed and implemented the auditing database, which detects existing AI/ML model and dataset weaknesses.
Links:
- https://xtech.army.mil/competition/xtechscalableai2/
- Blog Post
Repositories:
- https://github.com/trailofbits/it-depends
- https://github.com/trailofbits/datasig
Techniques: Python

Led a team which created automated infrastructure to run OpenSearch Benchmarks on OpenSearch and Elasticsearch.
Future work is to expand support for other search engines like Milvus and Vespa.
Links:
2025:
- OpenSearchCon Talk
2024:
- Blog Post
- Report
Repository: https://github.com/trailofbits/opensearch-benchmark
Techniques: Python, Terraform, AWS

Created the contextualization component for Trail of Bits' AIxCC Cyber Reasoning System (CRS) entry Buttercup. Placed 2nd in the DARPA AIxCC Finals.
Website: https://www.trailofbits.com/buttercup/
Repositores:
- https://github.com/trailofbits/buttercup
- https://github.com/trail-of-forks/buttercup-cscope
Techniques: Python, CodeQuery, Tree-sitter

Helped identify and run baselines to compare to VulChecker.
Publication: VulChecker: Graph-based Vulnerability Localization in Source Code (USENIX 2023)
Repositories:
Techniques: Python

Helped write this paper and performed some analyses.
Publication: Identifying Behavior Dispatchers for Malware Analysis (AsiaCCS 2021)

Trained a deep learning model to detect malicious functions within malware binaries using instruction- and CFG-based features. It is particularly useful when symbols and strings are missing, forcing the analyst to otherwise execute the malware in a dynamic sandbox.
Publication: DeepReflect: Discovering Malicious Functionality through Binary Reconstruction (USENIX 2021)
Repository: https://github.com/evandowning/deepreflect
Techniques: Python, BinaryNinja, Scikit-learn, Keras

Assisted a post-doc and PhD student in designing a drone intrusion detection methodology based on external environmental data (e.g., sound of the propellers spinning).
Soldered and installed a Pi-connect, Raspberry pi, and microphone array onto the drone to collect telemetry data.
Website:
- https://www.tii.ae/
Repositories:
Technique: Python

Assisted in the design and development of MLSploit, a flexible framework enabling machine learning model training and generating attacks to evade those models.
Utilized Python, Scikit-learn, and Keras to create various malware detection models and employed binary rewriting for executable malware that dynamically evades detection.
Websites:
- https://istc-arsa.iisp.gatech.edu/
- https://mlsploit.github.io/
Publications:
- MLsploit: A Framework for Interactive Experimentation with Adversarial Machine Learning Research (KDD extended abstract 2019)
- To believe or not to believe: Validating experimentation fidelity for dynamic malware analysis (CVPR workshop 2019)
Repositories:
Techniques: Python, Scikit-learn, Keras, binary rewriting, bash

Created a graphical database capable of receiving real-time host-based information from Linux end-hosts.
Websites:
- https://www.darpa.mil/program/transparent-computing
- https://github.com/darpa-i2o/Transparent-Computing
Publications:
- Efficient Data Flow Tagging and Tracking for Refinable Cross-host Attack Investigation (USENIX 2018)
- RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking (CCS 2017)
Repositories:
- https://github.com/redspot/theia-ki-target-agent
- https://github.com/evandowning/theia-database
Techniques: C++, Python, Neo4j

Collaborated with a research group to develop and test a novel method for detecting malicious intrusions into computers, involving Linux kernel modification and rootkit development.
Publication: Beholder: Phase-Space Detection of Cyber Events (2013)
Techniques: C

Developed a JavaScript-based API for flexible scatterplot creation, to be utilized in a Human-Computer Interaction (HCI) study for Centers for Medicare & Medicaid Services (CMS).
Designed and developed visual interfaces for projects analyzing computer network traffic for malicious and anomalous patterns.
Publications:
- situ: Situational Understanding and Discovery for Cyber Attacks (2012)
- NV: Nessus Vulnerability Visualization for the Web (VizSec 2012)
Techniques: JavaScript, CSS, HTML

Collaborated with the U.S. Marines and Centers for Medicare & Medicaid Services (CMS) to develop maintenance durability and cost/progress visualizations using Protovis, a JavaScript visualization library.
Techniques: JavaScript, CSS, HTML