Cybersecurity Research

My Role & Contributions

• Designed and executed a controlled botnet simulation environment (DETER testbed)
• Built traffic capture and analysis pipelines using p0f, ARGUS, and SiLK
• Implemented custom OS fingerprinting rules for Mirai-infected devices
• Analyzed large-scale network datasets and extracted behavioral signatures
• Co-authored a research paper summarizing findings and limitations

Engineering Skills Demonstrated

• Network protocol analysis (TCP/IP, SYN scanning, TTL, sequence numbers)
• Secure system design and threat modeling
• Data analysis on large, noisy datasets
• Building and validating detection heuristics
• Working in sandboxed and production-like environments

Research Overview

As part of a cybersecurity capstone project, we analyzed and simulated the Mirai IoT botnet to identify network-level fingerprints that could enable early detection of large-scale DDoS attacks. The project combined real-world traffic datasets with controlled lab simulations to evaluate practical detection strategies.

Results & Findings

• Confirmed stable Mirai fingerprints based on TCP sequence number encoding
• Identified consistent packet length and TTL clustering patterns
• Demonstrated limitations of passive OS fingerprinting against malware-controlled devices
• Validated findings using both darknet data and live lab simulations

Why This Matters

IoT botnets like Mirai remain a major attack vector today due to insecure default configurations and long device lifecycles. Understanding low-level traffic behavior is critical for building scalable, automated detection systems in modern cloud and edge networks.

Tools & Technologies

• p0f (passive OS fingerprinting)
• ARGUS & SiLK (network traffic analysis)
• iptables & packet capture (pcap)
• Linux networking & firewall configuration
• DETER cybersecurity testbed

Read the Full Research Paper