Current Research

Oak Ridge National Laboratory: I am currently working on automating host-based digital forensic analysis by differentiating states of endpoints over time, developing new techniques for user behavioral anomaly detection across large-scale networks of diverse end users, and investigating the current state of vehicle security.

University of Tennessee Computer Security Laboratory: My current focus is on enhancing the resiliency of the current internet routing infrastructure against large-scale attacks (such as the recent DDoS attack on DynDNS from the Mirai botnet) and reducing inclement network “weather” by utilizing novel techniques that manipulate the behavior of existing inter-AS routing protocols like BGP.


  • Internet Routing Security and DDoS
  • Internet Privacy and Censorship
  • Applying Machine Learning to Cyber Security
  • Host and Network Digital Forensics
  • Critical Infrastructure and IoT Security
  • Automated Malware Analysis Techniques


I collaborate extensively with a number of entities academia, government, and industry, ranging from the Intelligence Community (U.S. Department of Homeland Security, FBI, and NSA) to Universities and Research Institutions (UTK, MIT Lincoln Lab, Sandia National Laboratory, MITRE, WPI) to private companies and organizations (Cisco Systems, Inc.). I am always looking for new collaborators. Please reach out to me on the contact page if you are interested in connecting.