Kernel-level Linux security framework using eBPF/BCC and Python. Achieves 95%+ detection accuracy with minimal CPU overhead. Features cloud-integrated CLI dashboard for automated threat remediation…

Anomaly detection models for InfraSight. ML-based syscall frequency & resource usage profiling.

InfraSight is a modular eBPF-based observability platform for Linux and Kubernetes environments. It provides deep visibility into system activity using custom eBPF programs, a centralized ClickHous…

Integration of machine learning (ML) to eBPF-based packet filtering. Leveraging eXpress Data Path (XDP) method to incorporate ML models with floating-point weights into eBPF

Machine Learning meets eBPF

trans latex to docx

Optimal Transport for Function-Level and Line-Level Vulnerability Detection

Codes and data for USENIX Security 24 paper "MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning"

The Overleaf LaTeX template of the bupt graduate thesis.

Official implementation of "Poisoning Attacks on Cyber Attack Detectors for Industrial Control Systems" by Moshe Kravchik, Battista Biggio, and Asaf Shabtai, SAC 2021.

IntelliSA: Research artifacts and replication package

KDD 2019: Robust Anomaly Detection for Multivariate Time Series through Stochastic Recurrent Neural Network

[VLDB'22] Anomaly Detection using Transformers, self-conditioning and adversarial training.

LogLead stands for Log Loader, Enhancer, and Anomaly Detector.

🔍Declarative LLM-powered analyzer for security events and system logs. Extracts, structures, and visualizes data for Kibana/Elasticsearch.

Context-aware network log analysis platform using LLMs to detect network security events.

The proliferation of malicious software, particularly Java Archive (JAR) files, poses significant challenges to cybersecurity. This project leverages the REJAFADA dataset, containing an equal distr…

Log Parsing with Prompt-based Few-shot Learning (ICSE 2023, Technical Track)

Use PEFT or Full-parameter to CPT/SFT/DPO/GRPO 600+ LLMs (Qwen3, Qwen3-MoE, DeepSeek-R1, GLM4.5, InternLM3, Llama4, ...) and 300+ MLLMs (Qwen3-VL, Qwen3-Omni, InternVL3.5, Ovis2.5, GLM4.5v, Llava, …

Kubernetes Runtime Security Instrumentation & Enforcement

Example BPF program with LSM hooks

Secure, policy-enforced execution gateway for AI agents. agentsh sits under your agent/tooling—intercepting file, network, and process activity (including subprocess trees), enforcing the policy yo…

A Low-Code MCP Framework for Building Complex and Innovative RAG Pipelines