generic speaker image
Raheem Beyah - Georgia Tech College of Engineering. Atlanta, GA, US

Raheem Beyah

VP Interdisciplinary Research, professor, Electrical and Computer Engineering | Georgia Tech College of Engineering


Raheem Beyah is an expert in the intersection of the networking and security fields.



Raheem Beyah currently holds the Motorola Foundation Professorship in the School of Electrical and Computer Engineering and serves as the Vice President for Interdisciplinary Research at Georgia Tech. A native of Atlanta, Georgia, Dr. Beyah received his Bachelor of Science in Electrical Engineering from North Carolina A&T State University in 1998. He received his Master's and Ph.D. in Electrical and Computer Engineering from Georgia Tech in 1999 and 2003, respectively. Prior to returning to Georgia Tech as a member of the ECE faculty, Dr. Beyah was a faculty member in the Department of Computer Science at Georgia State University, a research faculty member with the Georgia Tech Communications Systems Center (CSC), and a consultant in Andersen Consulting's (now Accenture) Network Solutions Group. He served as the Interim Steve W. Chaddick School Chair from September 2017-July 2018 and as the ECE associate chair for Strategic Initiatives and Innovation from September 2016-December 2018.

Dr. Beyah's work is at the intersection of the networking and security fields. He leads the Georgia Tech Communications Assurance and Performance Group (CAP). The CAP Group develops algorithms that enable a more secure network infrastructure, with computer systems that are more accountable and less vulnerable to attacks. Through experimentation, simulation, and theoretical analysis, CAP provides solutions to current network security problems and to long-range challenges as current networks and threats evolve.

Dr. Beyah has served as guest editor and associate editor of several journals in the areas of network security, wireless networks, and network traffic characterization and performance. He received the National Science Foundation CAREER award in 2009 and was selected for DARPA's Computer Science Study Panel in 2010. He is a member of AAAS, ASEE, a lifetime member of NSBE, a senior member of IEEE, and an ACM Distinguished Scientist.

Areas of Expertise (5)

Energy Grid Security

Network Security

Cyber-physical Systems Security


Network Monitoring and Performance

Selected Accomplishments (5)

Emerging Scholar, Diverse: Issues in Higher Education

Emerging Scholar, Diverse: Issues in Higher Education - 2017

Distinguished Scientist, ACM

Distinguished Scientist, ACM - 2016

DARPA Computer Science Study Panel

DARPA Computer Science Study Panel - 2010


NSF CAREER Award - 2009

NSF/FACES Career Initiation Grant

NSF/FACES Career Initiation Grant - 2003

Education (3)

Georgia Institute Technology: Ph.D., Electrical and Computer Engineering 2003

Georgia Institute of Technooogy: M.S., Electrical and Computer Engineering 1999

North Carolina Agricultural and Technical State University: B.S., Electrical Engineering 1998

Selected Media Appearances (5)

Two Research Vice Presidents Named in EVPR Office

News Center  online


Raheem Beyah, the Motorola Foundation Professor in the School of Electrical and Computer Engineering, will serve as Vice President for Interdisciplinary Research (VPIR). The VPIR will be responsible for ensuring the effective and strategic administration of interdisciplinary research. This will include providing overall leadership for the interdisciplinary research institutes and centers, the Pediatric Technology Center, Global Center for Medical Innovation, Smart Cities Initiatives and other interdisciplinary activities...

view more

Signals from distant lightning could help secure electric substations

Science Daily  online


"We should be able to remotely detect any attack that is modifying the magnetic field around substation components," said Raheem Beyah, Motorola Foundation Professor in Georgia Tech's School of Electrical and Computer Engineering. "We are using a physical phenomenon to determine whether a certain action at a substation has occurred or not..."

view more

Fortiphyd Beefs Up Security for Manufacturing Plants and Power Grids

Hyperpotamus  online


Raheem Beyah, Ph.D and David Formby, Ph.D. began to look into this critical vulnerability in the country’s industrial control systems through their cybersecurity-focused research at Georgia Tech. Beyah and Formby spoke to many utility owners and manufacturing plants to review challenges and weak points. “Through these visits, we realized through conversations that there weren’t any good practical solutions out in the market, from a security perspective, to detect and prevent incidents,” says Beyah...

view more

HoneyBot Fights Cyber Crime

The Cyber Edge  online


The general idea is to get information about the attackers, specifically their tactics and techniques, and even what they know about the system,” says Raheem Beyah, Motorola Foundation professor at Georgia Tech’s School of Electrical and Computer Engineering. “You can use that information for defense and for attribution.” It is an illegal hacker’s modus operandi that often leads to the culprit’s identification. “You get a pattern of these things. Group A does this a certain way, and they can have a pattern you can track, and then you can attribute this specific attack to group A, or to country A, or whatever it may be,” Beyah adds...

view more

Robot Designed to Defend Factories Against Cyberthreats

Horizons  online


“Robots do more now than they ever have, and some companies are moving forward with, not just the assembly line robots, but free-standing robots that can actually drive around factory floors,” said Raheem Beyah, the Motorola Foundation Professor and interim Steve W. Chaddick School Chair in Georgia Tech’s School of Electrical and Computer Engineering. “In that type of setting, you can imagine how dangerous this could be if a hacker gains access to those machines. At a minimum, they could cause harm to whatever products are being produced. If it’s a large enough robot, it could destroy parts or the assembly line. In a worst-case scenario, it could injure or cause death to the humans in the vicinity.,,”

view more

Selected Articles (5)

On Evaluating the Effectiveness of the HoneyBot: A Case Study

Cornell University

2019 In recent years, cyber-physical system (CPS) security as applied to robotic systems has become a popular research area. Mainly because robotics systems have traditionally emphasized the completion of a specific objective and lack security oriented design. Our previous work, HoneyBot\cite {celine}, presented the concept and prototype of the first software hybrid interaction honeypot specifically designed for networked robotic systems. The intuition behind HoneyBot was that it would be a remotely accessible robotic system that could simulate unsafe actions and physically perform safe actions to fool attackers. Unassuming attackers would think they were connected to an ordinary robotic system, believing their exploits were being successfully executed. All the while, the HoneyBot is logging all communications and exploits sent to be used for attacker attribution and threat model creation. In this paper, we present findings from the result of a user study performed to evaluate the effectiveness of the HoneyBot framework and architecture as it applies to real robotic systems. The user study consisted of 40 participants, was conducted over the course of several weeks, and drew from a wide range of participants aged between 18-60 with varying level of technical expertise. From the study we found that research subjects could not tell the difference between the simulated sensor values and the real sensor values coming from the HoneyBot, meaning the HoneyBot convincingly spoofed communications.

view more

Checking is Believing: Event-Aware Program Anomaly Detection in Cyber-Physical Systems

IEEE Transactions on Dependable Secure Computing

2019 Securing cyber-physical systems (CPS) against malicious attacks is of paramount importance because these attacks may cause irreparable damages to physical systems. Recent studies have revealed that control programs running on CPS devices suffer from both control-oriented attacks (e.g., code-injection or code-reuse attacks) and data-oriented attacks (e.g., non-control data attacks). Unfortunately, existing detection mechanisms are insufficient to detect runtime data-oriented exploits, due to the lack of runtime execution semantics checking. In this work, we propose Orpheus, a new security methodology for defending against data-oriented attacks by enforcing cyber-physical execution semantics. We first present a general method for reasoning cyber-physical execution semantics of a control program (i.e., causal dependencies between the physical context/event and program control flows), including the event identification and dependence analysis. As an instantiation of Orpheus, we then present a new program behavior model, i.e., the event-aware finite-state automaton (eFSA). eFSA takes advantage of the event-driven nature of CPS control programs and incorporates event checking in anomaly detection. It detects data-oriented exploits if a specific physical event is missing along with the corresponding event dependent state transition. We evaluate our prototype's performance by conducting case studies under data-oriented attacks. Results show that eFSA can successfully detect different runtime attacks. Our prototype on Raspberry Pi incurs a low overhead, taking 0.0001s for each state transition integrity checking, and 0.063s~0.211s for the cyber-physical contextual consistency checking.

view more

Towards understanding the security of modern image captchas and underground captcha-solving services

Big Data Mining and Analytics

2019 Image captchas have recently become very popular and are widely deployed across the Internet to defend against abusive programs. However, the ever-advancing capabilities of computer vision have gradually diminished the security of image captchas and made them vulnerable to attack. In this paper, we first classify the currently popular image captchas into three categories: selection-based captchas, slide-based captchas, and click-based captchas. Second, we propose simple yet powerful attack frameworks against each of these categories of image captchas. Third, we systematically evaluate our attack frameworks against 10 popular real-world image captchas, including captchas from,, and Fourth, we compare our attacks against nine online image recognition services and against human labors from eight underground captcha-solving services.

view more

Enabling a Decentralized Smart Grid using Autonomous Edge Control Devices

IEEE Internet of Things Journal

2019 As a large number of distributed devices are connected to the modern smart grid, the traditional centralized connectivity models fail to provide economic value. These models have relied on sending data to the cloud for processing and receiving commands to exert control actions, resulting in an ‘on-demand system’ with high bandwidth, low latency and an overload of data on the cloud. For realizing a decentralized system, there is a strong need to embed intelligence at the ‘edge of the network’. These intelligent devices, capable of sensing, local data processing and exerting control actions, report only actionable information to the cloud, acting as an edge control node. The system can then function autonomously, without constant cloud inputs, tolerating longer delays in communication, making the overall system ultra-low cost. The Global Asset Monitoring, Management and Analytics (GAMMA) Platform is a novel ultra-low-cost, secure platform that operates through a Bluetooth based delay tolerant network. It relies on so-called ‘data mules’ to bridge the last mile connectivity gap in an inherently secure way. Due to this model, the platform requires no in-country certifications, does not rely on a dedicated backhaul technology and is immune to technology migration. This architecture also addresses some gaps identified in traditional IoT-based solutions in remote areas and sparse connectivity. A functional unit of the edge computing node has been built, taking into account various constraints like costs, customizations, data storage, cybersecurity and power management. The platform has been built, deployed and has demonstrated distributed smart grid applications like power quality sensing, automated metering infrastructure and utility asset monitoring.

view more

FDI: Quantifying Feature-based Data Inferability

Cornell University

2019 Motivated by many existing security and privacy applications, e.g., network traffic attribution, linkage attacks, private web search, and feature-based data de-anonymization, in this paper, we study the Feature-based Data Inferability (FDI) quantification problem. First, we conduct the FDI quantification under both naive and general data models from both a feature distance perspective and a feature distribution perspective. Our quantification explicitly shows the conditions to have a desired fraction of the target users to be Top-K inferable (K is an integer parameter). Then, based on our quantification, we evaluate the user inferability in two cases: network traffic attribution in network forensics and feature-based data de-anonymization. Finally, based on the quantification and evaluation, we discuss the implications of this research for existing feature-based inference systems.

view more