Projects
Blogs
- All Blogs
- Click "categories" at the top of this page.
- Selected Blogs
VulChecker - 2023
- Helped identify and run baselines to compare to VulChecker.
- Publication: VulChecker: Graph-based Vulnerability Localization in Source Code (USENIX 2023)
- Repositories:
- Techniques: Python
BDHunter - 2021
- Helped write this paper and performed some analyses.
- Publication: Identifying Behavior Dispatchers for Malware Analysis (AsiaCCS 2021)
DeepReflect - 2021
- Trained a deep learning model to detect malicious functions within malware binaries using instruction- and CFG-based features. It is particularly useful when symbols and strings are missing, forcing the analyst to otherwise execute the malware in a dynamic sandbox.
- Publication: DeepReflect: Discovering Malicious Functionality through Binary Reconstruction (USENIX 2021)
- Repository: https://github.com/evandowning/deepreflect
- Techniques: Python, BinaryNinja, Scikit-learn, Keras
D3 (TII drone research) - 2021 - 2022
- Assisted a post-doc and PhD student in designing a drone intrusion detection methodology based on external environmental data (e.g., sound of the propellers spinning).
- Soldered and installed a Pi-connect, Raspberry pi, and microphone array onto the drone to collect telemetry data.
- Website:
- Repositories:
- Techniques: Python
MLSploit (Intel ARSA) - 2017 - 2019
- Assisted in the design and development of MLSploit, a flexible framework enabling machine learning model training and generating attacks to evade those models.
- Utilized Python, Scikit-learn, and Keras to create various malware detection models and employed binary rewriting for executable malware that dynamically evades detection.
- Websites:
- Publications:
- MLsploit: A Framework for Interactive Experimentation with Adversarial Machine Learning Research (KDD extended abstract 2019)
- To believe or not to believe: Validating experimentation fidelity for dynamic malware analysis (CVPR workshop 2019)
- Repositories:
- Techniques: Python, Scikit-learn, Keras, binary rewriting, bash
THEIA (DARPA Transparent Computing) - 2015 - 2019
- Created a graphical database capable of receiving real-time host-based information from Linux end-hosts.
- Websites:
- Publications:
- Efficient Data Flow Tagging and Tracking for Refinable Cross-host Attack Investigation (USENIX 2018)
- RAIN: Refinable Attack Investigation with On-demand Inter-Process Information Flow Tracking (CCS 2017)
- Repositories:
- Techniques: C++, Python, Neo4j
Oak Ridge National Laboratory - 06/2013 - 09/2013
- Collaborated with a research group to develop and test a novel method for detecting malicious intrusions into computers, involving Linux kernel modification and rootkit development.
- Publication: Beholder: Phase-Space Detection of Cyber Events (2013)
- Techniques: C
Oak Ridge National Laboratory - 05/2012 - 08/2012
- Developed a JavaScript-based API for flexible scatterplot creation, to be utilized in a Human-Computer Interaction (HCI) study for Centers for Medicare & Medicaid Services (CMS).
- Designed and developed visual interfaces for projects analyzing computer network traffic for malicious and anomalous patterns.
- Publications:
- situ: Situational Understanding and Discovery for Cyber Attacks (2012)
- NV: Nessus Vulnerability Visualization for the Web (VizSec 2012)
- Techniques: JavaScript, CSS, HTML
Oak Ridge National Laboratory - 05/2011 - 07/2011
- Collaborated with the U.S. Marines and Centers for Medicare & Medicaid Services (CMS) to develop maintenance durability and cost/progress visualizations using Protovis, a JavaScript visualization library.
- Techniques: JavaScript, CSS, HTML