Generic placeholder image

Case Western Reserve University

I'm currently pursuing a Ph.D. degree at Case Western Reserve University under the supervision of Professor Michael Rabinovich. My research interests are in the security of X.509 PKI and edge computing solutions.


Generic placeholder image


I've previously interned with team security at Yelp in summer 2018. My project is design and implementation of the Threat Intelligence Platform, a service stores and correlates threat intel to help Yelp against Advanced Persistent Threat (APT).

View details »

Threat Intelligence Platform Gives your enterprise network a smart protection

Threat Intelligence Platform is an emerging technology discipline that helps organizations aggregate, correlate, and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data, and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, Whois information, reverse IP lookup, website content analysis, name servers, and SSL certificates

Phishing website recognition Leverage machine learning and network measurement.

The conventional anti-phishing software relies on the detection of some fixed pattern found in the phishing attempts. Although conventional methods were effective for well-known phishing attempts, an attacker is still able to circumvent such detection by modifying the textual data or adjusting the layout of the page. We proposed a novel method to mitigate conventional anti-phishing technologies by identifying fake servers which are ran by the attackers to masquerade a legitimate one. Instead of analyzing the textual data, we use the network measurement to evaluate a website from different dimensions such as server fingerprint, optimization, X.509 PKI metadata, etc. The features extracted from network measurement are insusceptible to forgery. For example, attackers are not likely to pay for a Content Delivery Network (CDN) for their fake website, so the average access time from global distributed vantage points could be great different a legitimate website. We finally trained a random-forest classifier which achieved 91% overall accuracy in a cross-validation.

Generic placeholder image

And lastly, this one. Checkmate.

I know that nobody really cares what I wrote so I put this here because I guess you won't see this. But if you see this, it seems that I'm the one you are looking for.

Generic placeholder image