Active Directory (AD) remains the prime target for adversaries aiming to compromise enterprise identity systems. This project reimagines AD protection as a high-stakes adversarial game—leveraging AI-driven defenders powered by reinforcement learning and evolutionary optimization. Instead of passively detecting threats, our approach predicts and preempts evolving attack paths through intelligent modeling of graph structures. With dynamic, self-adaptive defenses, this framework introduces a Zero Trust-aligned architecture to harden enterprise identity infrastructure against stealthy lateral movements and privilege escalation campaigns.

This project identifies Structural Hole Spanners (SHSs), critical nodes that connect isolated clusters in complex networks. Using graph-based machine learning, it analyzes structural patterns and node features to uncover hidden gateways that enable influence and information flow. With adaptive strategies that generalize across diverse network types, the approach delivers a scalable, high-precision method for detecting key connectors ranging from social graphs to cyber infrastructures. The project incorporates transfer learning to improve generalization across unseen network domains and leverages GNNs for embedding structural features.

This project addresses the security challenges introduced by microservice architectures, including expanded attack surfaces and complex service dependencies. By analyzing vulnerabilities across real-world deployment patterns, it identifies critical risks and evaluates mitigation strategies. Combining academic insights with industry practices, it delivers scalable, actionable guidelines for designing secure, resilient microservices in cloud-native and distributed systems. It maps vulnerabilities at the container, orchestration, and service mesh layers using STRIDE and DREAD models, and incorporates practices like zero-trust enforcement, API gateway hardening, and runtime behavior analysis. The resulting framework enables automated risk scoring and continuous security monitoring, guiding the design of resilient, secure-by-default microservices in modern DevOps.

This project addresses the security risks of Software-Defined Networking (SDN), with a focus on defending against Distributed Denial of Service (DDoS) attacks. By analyzing threat vectors across control, data, and application planes, it evaluates current detection and mitigation techniques. The work highlights key vulnerabilities in centralized SDN architectures and proposes adaptive strategies to enhance resilience in modern, large-scale network environments.

This project explores AI-driven mechanism design for public projects, balancing fairness, efficiency, and strategic participation. It models both nonexcludable and excludable scenarios, deriving optimal cost-sharing strategies using dynamic programming and improving solution quality with machine learning techniques. Bridging theory and application, the work contributes scalable frameworks for equitable public decision-making.

This project investigates security vulnerabilities in smartphone communication technologies such as GSM, GPRS, EDGE, and UMTS. By analyzing critical attack vectors that threaten user privacy and data integrity, it informs the design of robust mobile security frameworks. The goal is to enhance digital resilience across services like messaging, banking, and real-time communication in an increasingly mobile-first world.