Raheem Beyah
VP Interdisciplinary Research, professor, Electrical and Computer Engineering
- Atlanta GA UNITED STATES
Raheem Beyah is an expert in the intersection of the networking and security fields.
Social
Biography
Dr. Beyah's work is at the intersection of the networking and security fields. He leads the Georgia Tech Communications Assurance and Performance Group (CAP). The CAP Group develops algorithms that enable a more secure network infrastructure, with computer systems that are more accountable and less vulnerable to attacks. Through experimentation, simulation, and theoretical analysis, CAP provides solutions to current network security problems and to long-range challenges as current networks and threats evolve.
Dr. Beyah has served as guest editor and associate editor of several journals in the areas of network security, wireless networks, and network traffic characterization and performance. He received the National Science Foundation CAREER award in 2009 and was selected for DARPA's Computer Science Study Panel in 2010. He is a member of AAAS, ASEE, a lifetime member of NSBE, a senior member of IEEE, and an ACM Distinguished Scientist.
Areas of Expertise
Selected Accomplishments
Emerging Scholar, Diverse: Issues in Higher Education
Emerging Scholar, Diverse: Issues in Higher Education - 2017
Distinguished Scientist, ACM
Distinguished Scientist, ACM - 2016
DARPA Computer Science Study Panel
DARPA Computer Science Study Panel - 2010
NSF CAREER Award
NSF CAREER Award - 2009
NSF/FACES Career Initiation Grant
NSF/FACES Career Initiation Grant - 2003
Education
North Carolina Agricultural and Technical State University
B.S.
Electrical Engineering
1998
Georgia Institute of Technooogy
M.S.
Electrical and Computer Engineering
1999
Georgia Institute Technology
Ph.D.
Electrical and Computer Engineering
2003
Selected Media Appearances
Robot Designed to Defend Factories Against Cyberthreats
Horizons online
2018-03-29
“Robots do more now than they ever have, and some companies are moving forward with, not just the assembly line robots, but free-standing robots that can actually drive around factory floors,” said Raheem Beyah, the Motorola Foundation Professor and interim Steve W. Chaddick School Chair in Georgia Tech’s School of Electrical and Computer Engineering. “In that type of setting, you can imagine how dangerous this could be if a hacker gains access to those machines. At a minimum, they could cause harm to whatever products are being produced. If it’s a large enough robot, it could destroy parts or the assembly line. In a worst-case scenario, it could injure or cause death to the humans in the vicinity.,,”
HoneyBot Fights Cyber Crime
The Cyber Edge online
2018-11-01
The general idea is to get information about the attackers, specifically their tactics and techniques, and even what they know about the system,” says Raheem Beyah, Motorola Foundation professor at Georgia Tech’s School of Electrical and Computer Engineering. “You can use that information for defense and for attribution.”
It is an illegal hacker’s modus operandi that often leads to the culprit’s identification. “You get a pattern of these things. Group A does this a certain way, and they can have a pattern you can track, and then you can attribute this specific attack to group A, or to country A, or whatever it may be,” Beyah adds...
Fortiphyd Beefs Up Security for Manufacturing Plants and Power Grids
Hyperpotamus online
2019-06-05
Raheem Beyah, Ph.D and David Formby, Ph.D. began to look into this critical vulnerability in the country’s industrial control systems through their cybersecurity-focused research at Georgia Tech. Beyah and Formby spoke to many utility owners and manufacturing plants to review challenges and weak points.
“Through these visits, we realized through conversations that there weren’t any good practical solutions out in the market, from a security perspective, to detect and prevent incidents,” says Beyah...
Signals from distant lightning could help secure electric substations
Science Daily online
2019-02-26
"We should be able to remotely detect any attack that is modifying the magnetic field around substation components," said Raheem Beyah, Motorola Foundation Professor in Georgia Tech's School of Electrical and Computer Engineering. "We are using a physical phenomenon to determine whether a certain action at a substation has occurred or not..."
Two Research Vice Presidents Named in EVPR Office
News Center online
2019-06-18
Raheem Beyah, the Motorola Foundation Professor in the School of Electrical and Computer Engineering, will serve as Vice President for Interdisciplinary Research (VPIR). The VPIR will be responsible for ensuring the effective and strategic administration of interdisciplinary research. This will include providing overall leadership for the interdisciplinary research institutes and centers, the Pediatric Technology Center, Global Center for Medical Innovation, Smart Cities Initiatives and other interdisciplinary activities...
Selected Articles
FDI: Quantifying Feature-based Data Inferability
Cornell University2019
Motivated by many existing security and privacy applications, e.g., network traffic attribution, linkage attacks, private web search, and feature-based data de-anonymization, in this paper, we study the Feature-based Data Inferability (FDI) quantification problem. First, we conduct the FDI quantification under both naive and general data models from both a feature distance perspective and a feature distribution perspective. Our quantification explicitly shows the conditions to have a desired fraction of the target users to be Top-K inferable (K is an integer parameter). Then, based on our quantification, we evaluate the user inferability in two cases: network traffic attribution in network forensics and feature-based data de-anonymization. Finally, based on the quantification and evaluation, we discuss the implications of this research for existing feature-based inference systems.
Enabling a Decentralized Smart Grid using Autonomous Edge Control Devices
IEEE Internet of Things Journal2019
As a large number of distributed devices are connected to the modern smart grid, the traditional centralized connectivity models fail to provide economic value. These models have relied on sending data to the cloud for processing and receiving commands to exert control actions, resulting in an ‘on-demand system’ with high bandwidth, low latency and an overload of data on the cloud. For realizing a decentralized system, there is a strong need to embed intelligence at the ‘edge of the network’. These intelligent devices, capable of sensing, local data processing and exerting control actions, report only actionable information to the cloud, acting as an edge control node. The system can then function autonomously, without constant cloud inputs, tolerating longer delays in communication, making the overall system ultra-low cost. The Global Asset Monitoring, Management and Analytics (GAMMA) Platform is a novel ultra-low-cost, secure platform that operates through a Bluetooth based delay tolerant network. It relies on so-called ‘data mules’ to bridge the last mile connectivity gap in an inherently secure way. Due to this model, the platform requires no in-country certifications, does not rely on a dedicated backhaul technology and is immune to technology migration. This architecture also addresses some gaps identified in traditional IoT-based solutions in remote areas and sparse connectivity. A functional unit of the edge computing node has been built, taking into account various constraints like costs, customizations, data storage, cybersecurity and power management. The platform has been built, deployed and has demonstrated distributed smart grid applications like power quality sensing, automated metering infrastructure and utility asset monitoring.
Towards understanding the security of modern image captchas and underground captcha-solving services
Big Data Mining and Analytics2019
Image captchas have recently become very popular and are widely deployed across the Internet to defend against abusive programs. However, the ever-advancing capabilities of computer vision have gradually diminished the security of image captchas and made them vulnerable to attack. In this paper, we first classify the currently popular image captchas into three categories: selection-based captchas, slide-based captchas, and click-based captchas. Second, we propose simple yet powerful attack frameworks against each of these categories of image captchas. Third, we systematically evaluate our attack frameworks against 10 popular real-world image captchas, including captchas from tencent.com, google.com, and 12306.cn. Fourth, we compare our attacks against nine online image recognition services and against human labors from eight underground captcha-solving services.
Checking is Believing: Event-Aware Program Anomaly Detection in Cyber-Physical Systems
IEEE Transactions on Dependable Secure Computing2019
Securing cyber-physical systems (CPS) against malicious attacks is of paramount importance because these attacks may cause irreparable damages to physical systems. Recent studies have revealed that control programs running on CPS devices suffer from both control-oriented attacks (e.g., code-injection or code-reuse attacks) and data-oriented attacks (e.g., non-control data attacks). Unfortunately, existing detection mechanisms are insufficient to detect runtime data-oriented exploits, due to the lack of runtime execution semantics checking. In this work, we propose Orpheus, a new security methodology for defending against data-oriented attacks by enforcing cyber-physical execution semantics. We first present a general method for reasoning cyber-physical execution semantics of a control program (i.e., causal dependencies between the physical context/event and program control flows), including the event identification and dependence analysis. As an instantiation of Orpheus, we then present a new program behavior model, i.e., the event-aware finite-state automaton (eFSA). eFSA takes advantage of the event-driven nature of CPS control programs and incorporates event checking in anomaly detection. It detects data-oriented exploits if a specific physical event is missing along with the corresponding event dependent state transition. We evaluate our prototype's performance by conducting case studies under data-oriented attacks. Results show that eFSA can successfully detect different runtime attacks. Our prototype on Raspberry Pi incurs a low overhead, taking 0.0001s for each state transition integrity checking, and 0.063s~0.211s for the cyber-physical contextual consistency checking.
On Evaluating the Effectiveness of the HoneyBot: A Case Study
Cornell University2019
In recent years, cyber-physical system (CPS) security as applied to robotic systems has become a popular research area. Mainly because robotics systems have traditionally emphasized the completion of a specific objective and lack security oriented design. Our previous work, HoneyBot\cite {celine}, presented the concept and prototype of the first software hybrid interaction honeypot specifically designed for networked robotic systems. The intuition behind HoneyBot was that it would be a remotely accessible robotic system that could simulate unsafe actions and physically perform safe actions to fool attackers. Unassuming attackers would think they were connected to an ordinary robotic system, believing their exploits were being successfully executed. All the while, the HoneyBot is logging all communications and exploits sent to be used for attacker attribution and threat model creation. In this paper, we present findings from the result of a user study performed to evaluate the effectiveness of the HoneyBot framework and architecture as it applies to real robotic systems. The user study consisted of 40 participants, was conducted over the course of several weeks, and drew from a wide range of participants aged between 18-60 with varying level of technical expertise. From the study we found that research subjects could not tell the difference between the simulated sensor values and the real sensor values coming from the HoneyBot, meaning the HoneyBot convincingly spoofed communications.