I am a Ph.D. candidate in Informatics and received a M.S. in Informatics in the School of Informatics, Computing, and Engineering at Indiana University Bloomington. Previously, I obtained a B.S. and M.S. degrees in Electrical Engineering at Pontificia Universidad Javeriana in Colombia. I am a recipient of the best paper award at the 9th International Workshop on Managing Insider Security Threats in conjuntion with the ACM Conference on Computer and Communications Security (CCS). In the past, I have done research internships at Cisco Systems, Inc. with the Advanced Security Research Group. Here is a link to an official bio and my CV.
My research lies at the intersection of data science and computer security. In particular, I leverage data-driven and analytical techniques to discover and understand critical security issues in large-scale networked systems. I rely on this approach to design and develop innovative solutions to address these. Applications of my research range across multiple disciplines, including, the detection of exceptional events in social media, Internet route hijaking, and insider threat behavior in user-system interactions. Here is a word cloud built out of the abstracts of my papers.
We propose a method for detecting large events based on the structure of temporal communication networks. We hypothesize that global events trigger viral information cascades that easily cross community boundaries and can thus be detected by monitoring intra- and inter-community communications. By comparing the amount of communication within and across communities, we show that it is possible to detect events, even when they do not trigger a significantly larger communication volume.
We propose an unsupervised learning framework to evaluate whether potential insider threat events are triggered following precipitating events. The analysis leverages a bipartite graph of user and system interactions. The approach shows a clear correlation between precipitating events and the number of apparent anomalies. The results of our empirical analysis show a clear shift in behaviors after events which have previously been shown to increase insider activity, specifically precipitating events.
We analyzed reported routing anomalies and macroeconomic indicators over a four-year period. There are well-documented hijacks resulting from errors, for profit, or for national security and national intelligence purposes. Any individual hijack could be an accident, a crime, or an attack. We report on an empirical investigation into the macroeconomics of routing anomalies that addresses these three explanations.
Technical Program Committees