Experience

Peraton Labs

• United States
• Defense and Space Manufacturing
• 300 - 400 Employee

• Senior Machine Learning Research Scientist

  • Jan 2021 - Present



BAE Systems, Inc.

• United States
• Defense and Space Manufacturing
• 700 & Above Employee

• Senior Principal Scientist II | Security & Machine Learning | Cyber Technologies (CT), FAST Labs

  • Feb 2018 - Nov 2020

  I was PI for DARPA I2O's Dispersed Computing program (DCOMP) (2017-2021) where I manage a team composed of over a dozen researchers from six organizations. We have developed a decentralized network overlay system that significantly enhances transport layer resilience in the presence of degraded network conditions. Our system, NEBULA, enables programmable overlay-based peer-to-peer routing at the application layer, automated detection of in-path congestion and link degradation, and automated path re-planning to route around degraded links. Our end-to-end system has been tested live networks up to 208 nodes in scale and core functionality has been evaluated at nodes up to 1500 nodes in scale.

• Senior Principal Scientist | Security & Machine Learning | Cyber Technologies (CT), FAST Labs

  • Feb 2013 - Feb 2018

  Between 2015 and 2019, I was a PI for DARPA I2O's Transparent Computing (TC) program. We innovated new methods for event correlation and tracking how data flows through hosts and networks in order to identify and trace advanced persistent threats (APTs). We developed graph-based methods for data processing, knowledge representation, and tracking techniques based on data provenance and probabilistic inference. My team finished in first place in several formal capture-the-flag exercises as part of the formal evaluation process for this program.Between 2018-2019, I was also PI for TC’s transition program to a government customer via and AFRL transition program. The goal of this program was to increase TC’s data processing capabilities to handle data flows at the 1000 hosts scale.From 2016-2017, I was PI for the DARPA DSO IMPROV program that studied how commercial off-the-shelf technology may be re-purposed for use as threats to our military. I constructed an augmented reality-assisted target designator device using a spotting scope, tripod, and an Android phone. The device uses the sensors on the phone to perform target position estimation without a traditional laser-based range finder. It does this by leveraging optical stadiametric range finding methods. I developed the target range, geo-positioning, triangulation, and telemetry software in Android.Other past projects include:• Anomaly detection and reputation-based defense against malicious nodes for wireless networks. I work on multiple sensor output correlation using methods based on partially observable Markov decision processes.• HTTP and DNS anomaly detection in high-speed networks based on unsupervised learning. • Mobile ad-hoc networking (MANET) simulation and routing algorithm development. Helped design and develop a MANET simulator. Components include node simulation, packet management stack, unicast and multicast routing MANET simulations, traffic analysis and measurement mechanisms.



Allure Security

• United States
• Computer and Network Security
• 1 - 100 Employee

• Consultant

  • Sep 2012 - Dec 2015

  As one of Allure's data scientists, I perform the following research tasks: 1) Analyze data collected by Allure's host-based intrusion detection sensors for the following platforms: Windows, Mac OS, and Android. 2) Develop feature extraction and machine learning-based algorithms for modeling host behavior and intrusion/insider threat-detection. 3) Provide guidance on sensor design and data collection. 4) Help maintain the Allure user-study collected datasets. Database administration. Data normalization and anonymization.



Sandia National Laboratories

• United States
• Defense and Space Manufacturing
• 700 & Above Employee

• Consultant

  • Mar 2012 - May 2012

  Analyzed large-scale netflow data collected from a system of sensors distributed across the world. Performed data-mining and analysis to provide guidance on the usefulness of the dataset for intelligence-related uses. Analyzed large-scale netflow data collected from a system of sensors distributed across the world. Performed data-mining and analysis to provide guidance on the usefulness of the dataset for intelligence-related uses.



Columbia University

• United States
• Higher Education
• 700 & Above Employee

• Graduate Research Assistant

  • Jan 2007 - Feb 2012

  Member of Columbia's Intrusion Detection Systems lab. Worked on machine learning-based intrusion detection and network security algorithms. My research focused on the following areas: • Privacy and network trace anonymization: techniques to anonymize packet capture (PCAP) datasets. • Network traffic analysis and modeling: machine learning-based models for network traffic, inference and prediction methods for network host behavior, network traffic synthesis. • Polymorphic shellcode for software exploits: research and development of advanced shellcode polymorphism (self-modifying/obfuscating) techniques for IDS-evasion. • Time series models: emphasis on Hidden Markov Model-based methods, applied to network traffic analysis. • Semi-parametric learning: co-developed model and learning algorithm that interpolated the extremes between fully parametric and non-parametric density estimation.



United States Department of Defense

• United States
• Armed Forces
• 700 & Above Employee

• Civil Servant

  • May 2010 - Aug 2010

  As a member of the Research directorate, I worked on high-speed network traffic processing and content extraction. I contributed to on-going research in real-time high-throughput SMTP parsing and context extraction. As a member of the Research directorate, I worked on high-speed network traffic processing and content extraction. I contributed to on-going research in real-time high-throughput SMTP parsing and context extraction.



United States Department of Defense

• United States
• Armed Forces
• 700 & Above Employee

• Civil Servant

  • May 2009 - Aug 2009

  As a member of the Information Assurance Directorate, I conducted new work in vulnerability discovery and analysis in web-layer applications. I developed exploitation and tunneling software for a specific target environment. As a member of the Information Assurance Directorate, I conducted new work in vulnerability discovery and analysis in web-layer applications. I developed exploitation and tunneling software for a specific target environment.



Sandia National Laboratories

• United States
• Defense and Space Manufacturing
• 700 & Above Employee

• Research Intern

  • Jun 2008 - Aug 2008

  As a member of the Cyber-Security and Monitoring division, I developed algorithms and tools for packet-capture and Netflow monitoring for intrusion detection in large-scale networks. I also developed novel ways for network traffic visualization and geo-IP based sensor event correlation. As a member of the Cyber-Security and Monitoring division, I developed algorithms and tools for packet-capture and Netflow monitoring for intrusion detection in large-scale networks. I also developed novel ways for network traffic visualization and geo-IP based sensor event correlation.



BAE Systems

• United Kingdom
• Defense and Space Manufacturing
• 700 & Above Employee

• Research Engineer II

  • Jun 2007 - Aug 2007

  Worked on machine learning-based automated text classification algorithms. Worked on machine learning-based automated text classification algorithms.