Georgia Tech Research Institute (GTRI) is a nonprofit applied research organization for Georgia Tech focusing on a variety of disciplines including national defense, homeland security, mobile and wireless technologies, and data analysis. I worked as a Software Engineer Student Assistant from Jan. - May 2018 and Aug. - Dec. 2018 and as a Graduate Research Assistant from Jan. - Aug. 2019.

During my time here, I contributed to two big security related projects: Apiary and Bad ACTR. Each of these projects challenged me to think of novel solutions on how to tackle security and analyze data from large malware databases. It has been an amazing experience working here as a student and it makes me proud knowing that I am helping improve security on a national level.

Apiary

What is it?

Apiary is an automated framework for malware analysis and threat intelligence. Apiary analyzes and stores millions of malware samples delivered through a variety of methods by a community of vetted members. Static analysis, dynamic analysis, as well as multiple malware analysis frameworks are used to extract meaningful results from malware samples.

My Contribution

  • Developed malware aggregation tool that ran asynchronously in the background and notified user when completed
  • Developed tool to translate malware analysis results into a human readable format
  • Worked with technologies such as Python Flask, Celery, and MongoDB

Bad ACTR

What is it?

Bad ACTR (Benign Agents Deployed for Automated Cyber Threat Representation) is a software suite developed by GTRI that creates activity patterns resembling those exhibited by malware. The software ingests malware, extracts relevant features, and creates a bengin executable that can be used to test system security.

My Contribution

  • Developed and designed user interface for Bad ACTR
  • Integrated malware clustering and analysis functionality to user interface
  • Automated ingestion of malware and implemented queuing system
  • Rewrote and restructured clustering algorithms to improve readability and fix bugs
  • Tracked and tagged all downloaded malware samples with relevant information using MongoDB

Other Contributions

  • Simulated man-in-the-middle attack to spoof TLS connections using virtual machines
  • Developed models using machine learning techniques such as Markov Models, Hidden Markov Models, and K-means clustering to predict network activity