Seminar:
A CyberSec Capability for Inferring Lateral Movement Using Temporal Graph-Based Inductive Learning

ABSTRACT

Lateral Movement (LM) is one of the core stages of Advanced Persistent Threats (APTs) which continues to compromise the security posture of enterprise networks at large. Recent research work has employed Graph Neural Network (GNN) techniques to detect LM in intricate networks. Such approaches employ transductive graph learning, where fixed graphs with full nodes’ visibility are employed in the training phase, along with ingesting benign data. These assumptions overlook the evolving nature of enterprise networks, evasive LM behaviors, and limited visibility of runtime processes. In this talk, I will present "Jbeil" a pragmatic security solution that effectively tackle these challenges. The premise of the work lies in applying an encoder on a continuous-time evolving network authentication graph data to generate embeddings of visible nodes at each time epoch, utilizing a temporal graph-based inductive learning approach. A decoder then leverages these embeddings to perform link prediction for unseen nodes. Further, in this talk, I will outline my academic portfolio, as well as my R&D, and training initiatives in the field of cybersecurity. Specifically, I will address the following key areas: (i) operational cybersecurity for analyzing Internet-wide threats and exploits; (ii) research on Large Language Models (LLM) aimed at enhancing software security; (iii) efforts to safeguard the Electric Vehicle (EV) charging infrastructure; and (iv) the development of hands-on cyber training material for NATO ACT. I will also illustrate how my expertise can add value to Louisiana State University (LSU) by securing research grants and fostering the development of emerging talent among students.

Joseph Khoury

Louisiana State University

Joseph Khoury is a PhD candidate in Computer Science at LSU, focusing on cybersecurity research, including (i) data-driven techniques and measurements for gathering Internet-wide CTI; (ii) deep learning and temporal graph-based techniques, to detect APTs at the network and host levels; and (iii) LLM research for software security. He has authored over 16 peer-reviewed publications in leading security venues including IEEE S&P (Oakland), NDSS, and IEEE TDSC. Joseph has played a significant role in writing multi-million-dollar grants awarded through NSF programs, and in securing competitive bids from industry partners and intergovernmental agencies. He actively engages with NATO ACT, planning and executing one of the largest cyber training exercises in the world. He also works on safeguarding the EV charging infrastructure for First Student, Inc., while serving as an Entrepreneurial Lead under the NSF I-Corps program to ensure his research impacts the EV security market. He has received awards from UT San Antonio and IEEE S&P (Oakland), chaired an IEEE workshop, evaluated submissions for USENIX, and reviewed for the DFRWS EU conference and NeurIPS TGL workshop.