ESC

Research

System Access Control

My primary research focuses on access control mechanisms for proactive malware prevention. I investigate how system behavior can be modeled, converted into enforceable policies, and used to block malicious execution paths before runtime compromise.

This work connects operating-system policy enforcement, kernel-level monitoring, and scalable behavioral analysis to provide strong security guarantees while maintaining low false positive rates.

Endpoint Detection and Response

I develop real-time Windows-based Endpoint Detection and Response (EDR) systems that operate at the kernel level. This work uses C/C++ kernel-mode drivers for low-latency system call interception and high-performance threat monitoring.

My current research includes benchmarking prevention algorithms, analyzing large kernel trace datasets, and building automated evaluation frameworks for malware prevention metrics such as TPR, FPR, precision, and robustness across diverse samples.

Scalable Security Data Analysis

I build analysis pipelines for large-scale security datasets, including parallelized processing of 60M+ kernel trace events. These pipelines use hierarchical data structures, graph analysis, and anomaly detection to identify discriminative access patterns at scale.

Acoustic Side-Channel Attacks

My work on acoustic side-channel attacks (ASCAs) explores the viability of recovering keystrokes from recordings of keyboard clicks in noisy, real-world environments. By combining traditional signal processing techniques with large language models for post-processing correction, we have demonstrated state-of-the-art accuracy for ASCAs under unconstrained recording conditions.

  • Key result: LLM-assisted correction of noisy spectrogram transcripts significantly improves keystroke recovery accuracy in real-world conditions
  • Published at: USENIX WOOT '25

See EchoCrypt on the Projects page

LLMs in Cybersecurity

I explore applications of large language models in cybersecurity, including:

  • Automated vulnerability detection and analysis
  • Security policy generation and verification
  • Assistance in reverse engineering and binary analysis
  • Natural language interfaces for security monitoring and incident response

Reverse Engineering & Software Security

My research in reverse engineering covers both static and dynamic analysis techniques for understanding software behavior, identifying vulnerabilities, and developing defensive measures. I work with Windows PE binaries, kernel-mode drivers, and embedded systems firmware.