Research Projects

Cyber Vulnerability Triage and Mitigation

Human-Machine Intrusion Detection Alert Management System

Courses

EIN 6936 (Graduate): Engineering Analytics II

ESI 4607 (Undergraduate): Engineering Analytics II

Publications

Peer-Reviewed Articles

  1. Ankit Shah, Arunesh Sinha, Rajesh Ganesan, Sushil Jajodia, Hasan Cam, “Two can play that game: An adversarial evaluation of a cyber-alert inspection system,” ACM Transactions on Intelligent Systems and Technology (TIST), Vol. 11, No. 3, 2020, pages 1-20. DOI:10.1145/ 3377554

  2. Ankit Shah, Katheryn A. Farris, Rajesh Ganesan, Sushil Jajodia, “Vulnerability selection for remediation: An empirical analysis,” Journal of Defense Modeling and Simulation (JDMS), DOI:10.1177 / 1548512919874129

  3. Ankit Shah, Rajesh Ganesan, Sushil Jajodia, Pierangela Samarati, Hasan Cam, “Adaptive alert management for balancing optimal performance among distributed CSOCs using reinforcement learning,” IEEE Transactions on Parallel and Distributed Systems (TPDS), DOI:10.1109/TPDS.2019.2927977

  4. Ankit Shah, Rajesh Ganesan, Sushil Jajodia, Hasan Cam, “An outsourcing model for alert analysis in a Cybersecurity Operations Center,” ACM Transactions on the Web (TWEB), Vol. 14, No. 1, January 2020. DOI:10.1145/ 3372498

  5. Ankit Shah, Rajesh Ganesan, Sushil Jajodia, Hasan Cam, “A two-step approach to optimal selection of alerts for investigation in a CSOC,” IEEE Transactions on Information Forensics and Security (TIFS), Vol. 14, No. 7, July 2019, pages 1857-1870. DOI:10.1109/TIFS.2018.2886465

  6. Ankit Shah, Rajesh Ganesan, Sushil Jajodia, Hasan Cam, “Understanding trade-offs between throughput, quality, and cost of alert analysis in a CSOC,” IEEE Transactions on Information Forensics and Security (TIFS), Vol. 14, No. 5, May 2019, pages 1155-1170. DOI:10.1109/TIFS.2018.2871744

  7. Ankit Shah, Rajesh Ganesan, Sushil Jajodia, Hasan Cam, “Dynamic optimization of the level of operational effectiveness of a CSOC under adverse conditions,” ACM Transactions on Intelligent Systems and Technology (TIST), Vol. 9, No. 5, 2018. DOI:10.1145 / 3173457

  8. Katheryn A. Farris, Ankit Shah, George Cybenko, Rajesh Ganesan, Sushil Jajodia, “VULCON - A system for vulnerability prioritization, mitigation, and management,” ACM Transactions on Privacy and Security (TOPS), Vol. 21, No. 4, May 2018, pages 16:1-16:28. DOI:10.1145 / 3196884

  9. Ankit Shah, Rajesh Ganesan, Sushil Jajodia, “A methodology for ensuring fair allocation of CSOC effort for alert investigation,” Springer International Journal of Information Security (IJIS), Vol. 18, No. 2, 2019, pages 199-218. DOI:10.1007/s10207-018-0407-3

  10. Ankit Shah, Rajesh Ganesan, Sushil Jajodia, Hasan Cam, “Adaptive reallocation of cybersecurity analysts to sensors for balancing risks between sensors,” Springer Service Oriented Computing and Applications (SOCA), Vol. 12, No. 2, 2018, pages 123-135. DOI:10.1007/s11761-018-0235-3

  11. Ankit Shah, Rajesh Ganesan, Sushil Jajodia, Hasan Cam, “Optimal assignment of sensors to analysts in a CSOC,” IEEE Systems Journal, Vol. 13, No. 1, March 2019, pages 1060-1071. DOI:10.1109/JSYST.2018.2809506

  12. Ankit Shah, Rajesh Ganesan, Sushil Jajodia, Hasan Cam, “A methodology to measure and monitor level of operational effectiveness of a CSOC,” Springer International Journal of Information Security (IJIS), Vol. 17, No. 2, 2018, pages 121-134. DOI:10.1007/s10207-017-0365-1

  13. Sridhar Venkatesan, Massimiliano Albanese, Ankit Shah, Rajesh Ganesan, Sushil Jajodia, “Detecting stealthy botnets in a resource-constrained environment using reinforcement learning,” Proc. 4th ACM Workshop on Moving Target Defense (MTD 2017), Dallas, TX, October 30, 2017. DOI:10.1145 / 3140549.3140552

  14. Rajesh Ganesan, Sushil Jajodia, Ankit Shah, Hasan Cam, “Dynamic scheduling of cybersecurity analysts for minimizing risk using reinforcement learning,” ACM Transactions on Intelligent Systems and Technology (TIST), Vol. 8, No. 1, 2016. DOI:10.1145 / 2882969

Book Chapters

  1. Rajesh Ganesan, Ankit Shah, Sushil Jajodia, Hasan Cam, “Optimizing alert data management processes at a Cyber Security Operations Center,” in Adversarial and Uncertain Reasoning for Adaptive Cyber-Defense, Sushil Jajodia, George Cybenko, Peng Liu, Cliff Wang, Michael Wellman, eds., Springer Lecture Notes in Computer Science (State-of-the-Art Survey Series), Vol. 11830, 2019, pages 206-231. DOI:10.1007 / 978-3-030-30719-6_9

  2. Rajesh Ganesan, Ankit Shah, “A strategy for effective alert analysis at a cybersecurity operations center,” in From Database to Cyber Security: Essays Dedicated to Sushil Jajodia on the Occasion of His 70th Birthday, Pierangela Samarati, Indrajit Ray, Indrakshi Ray, eds., Springer Lecture Notes in Computer Science, pages 206-226. DOI:10.1007 / 978-3-030-04834-1_11

  3. Rajesh Ganesan, Ankit Shah, Sushil Jajodia, Hasan Cam, “A novel metric for measuring operational effectiveness of a cybersecurity operations center,” in Network Security Metrics, Lingyu Wang, Sushil Jajodia, Anoop Singhal, eds., Springer, 2017, pages 177-207. DOI:10.1007 / 978-3-319-66505-4_8

Recent & Upcoming Talks

  1. Invited talk titled “Deep reinforcement learning based adversarial evaluation of a cyber alert management system”, Deep Learning and Neural Networks, INFORMS Annual Meeting 2019, Seattle, WA, October 2019.
  2. Invited talk titled “A two-step approach to optimal selection of alerts for investigation in a cybersecurity operations center”, Operations Research and Cyber, INFORMS Annual Meeting 2019, Seattle, WA, October 2019.
  3. Invited talk titled “Dynamic optimization of the level of operational effectiveness of a cybersecurity operations center”, INFORMS Optimization 2018, Denver, CO, March 2018.
  4. Invited talk titled “A methodology to measure, monitor, and control the level of operational effectiveness of a CSOC”, Emerging Techniques Forum, MORS, Alexandria, VA, December 2017.
  5. Invited talk titled “Predicting the relevance of search results using text mining and predictive analytics”, Analytics Center of Excellence, Social Security Administration, Falls Church, VA, December 2017.
  6. Invited talk titled “A methodology to measure and monitor level of operational effectiveness of a CSOC”, INFORMS 2017, Houston, TX, October 2017.
  7. Technical seminar and software demonstration on “Cybersecurity analyst scheduling for an optimal level of operational effectiveness” at General Dynamics, VA, August 2017.
  8. Invited talk titled “A methodology to measure and monitor level of operational effectiveness of a CSOC”, IFORS 2017, Quebec, Canada, July 2017.
  9. Technical seminar and software demonstration on “Optimal scheduling of cybersecurity analysts for minimizing risk” at Northrop Grumman, VA, April 2017.

Contact