I am a Cyber Security Research Scientist in the Cyber and Information Security Research Group within the Computer and Computational Sciences Directorate at the Oak Ridge National Laboratory. I am interested in cyber security and cyber-physical security. Many of these systems can be made more secure or dependable by augmenting them with intelligent learning algorithms or with the results of more advanced data analytics. However, cyber systems have peculiarities that often require new algorithms. For example, much of the data collected is computer-generated, discrete, and structured. Also, many of the underlying structures are or occur within networks. Furthermore, these systems must operate in adversarial scenarios where simple fault tolerance and reliability analyses cannot properly account for the planning and intelligence of adversaries. I am interested in developing new algorithms that exploit the particulars of cyber problems to improve defensive and offensive capabilities. My recent focus has been on situation awareness from network sensor data and protection of the power grid.
I have been at ORNL since 2009. In addition to being a research scientist, I am also the team lead for research-operations integration where I support the transfer of research results to operational support. Furthermore, I founded and lead the Cyber Security Institute, an organized summer program for undergraduate and graduate students interning in the CISR group doing cyber-related research. Previously, I worked as a cryptologic researcher for over 10 years. I earned my Ph.D. in Mathematics from the University of Michigan, Ann Arbor in 2003 (defending my thesis just hours before the Northeast blackout).
My research focus is in improving the security and dependability of network, computer, and cyber-physical systems through the development and application of data analytics and machine learning. My main areas of recent research are anomaly detection and resilience analysis. I am also interested in other areas of security, such as analyzing network sensor data and measuring the advantage information provides in an adversarial setting. My favorite approach is probabilistic modeling because it captures the process of inference when beliefs are uncertain. To avoid overtraining, I often use non-parametric Bayesian models.