Milestone Projects

This page highlights my most significant academic projects completed throughout my Cybersecurity career at Old Dominion University (ODU). Each project reflects hands-on application of core security principles β€” spanning programming, network infrastructure, Linux administration, and research analysis. Use the links and resources below to explore source code, full technical reports, and supporting documentation.

πŸ”¬ COVA β€” Multi-Agent LLM Framework for Conversational Smishing Detection

Mentor: Dr. Ayan Roy, Department of Computer Science, Christopher Newport University
Origin: Coastal Virginia Center for Cyber Innovation (COVA CCI) β€” ODU Node, Spring 2026 cohort

COVA (Cognitive Operations Virtual Assistant) is a multi-agent LLM framework I developed to generate synthetic multi-turn scam conversations targeting elderly populations, supporting research into conversational smishing detection that would protect vulnerable people before harm is done. The work began in Spring 2026 through the COVA CCI Cybersecurity Undergraduate Research Program at Old Dominion University, where it produced the first published paper. It has since continued independently into a follow-up paper (COVA-X) extending the dataset, generation pipeline, and detection benchmarks. The long-term direction is a fully autonomous AI agent that can identify, engage, and neutralize scam calls at point of contact and in real time β€” whether the threat is a human caller running a script or an AI-driven bot doing it at scale.

πŸ“„ Paper 1 β€” A Synthetic Conversational Smishing Dataset for Social Engineering Detection

Produced under the COVA CCI Spring 2026 program β€” currently under double-blind peer review at IEEE CNS 2026 (decision anticipated late July 2026)

This paper introduces COVA β€” a multi-agent LLM framework that generates synthetic multi-turn scam conversations across eight elder-targeted scam categories. The work establishes a labeled dataset of 3,201 conversations and benchmarks eight detection models spanning traditional ML and transformer architectures. XGBoost + TF-IDF achieved 72.5% accuracy as the strongest single-model baseline on the 3-class outcome prediction task.

πŸ”— arXiv preprint
πŸ”— ResearchGate version
πŸ”— COVA CCI Spring 2026 cohort (Cybersecurity Undergraduate Research)

πŸ“„ Paper 2 (COVA-X) β€” An Expanded Synthetic Conversation Dataset for Multi-Turn Smishing Detection

Independent continuation of the COVA research β€” submitted to IEEE BigData 2026 for peer review

This follow-up research expands the dataset to 10,985 labeled conversations through an improved generation pipeline that addresses contamination, label mismatch, and stage-direction artifacts encountered during earlier iterations. Key findings include:

  • Longformer surpasses XGBoost on every evaluation metric (79.71% accuracy and 0.779 macro F1 vs. 78.43% and 0.756) β€” validating the prediction from the first paper that transformer architectures would benefit from larger conversational training corpora
  • A three-role generation architecture for virtual-kidnapping scams reduces artifact flag rates from 67.1% to 46.5%, with most of the reduction coming from architectural change rather than post-processing
  • A 12.7Γ— improvement in label self-consistency (49.8% β†’ 3.9% correction rate) through outcome-pinned profiles and an expanded victim/attacker profile set
  • Per-scam-type outcome analysis showing mechanism-consistent patterns: virtual kidnapping produces the highest successful-scam rate (33%) under emotional pressure; grandparent scams show the highest verification-attempt rate (63%); Medicare and bank scams show substantial quick-rejection rates reflecting public awareness

πŸ–ΌοΈ Dataset sample

πŸ”— arXiv preprint
πŸ”— ResearchGate version: Coming soon!

πŸ› οΈ Skills & Technologies Applied

  • Multi-agent LLM frameworks (Qwen 2.5 14B via Ollama, local GPU inference)
  • Synthetic dataset design, generation pipeline engineering, and quality lifecycle methodology
  • Classifier training and evaluation (XGBoost + TF-IDF, DistilBERT, Longformer)
  • Pipeline quality engineering: contamination scanning, automated label auditing, stage-direction processing
  • IEEE conference paper drafting in LaTeX; dataset documentation (data sheets)
  • Hardware: NVIDIA RTX 4080 Super (16GB GDDR6X) and RTX 5060 Ti (16GB GDDR7, Blackwell)

🧠 What This Research Demonstrates

This work demonstrates the ability to conduct original cybersecurity research at the intersection of AI safety and elder fraud prevention β€” from initial dataset design and pipeline architecture through peer-reviewed publication. The two-paper trajectory reflects iterative methodology improvement: identifying limitations in the first paper, designing experiments to address them in the second, and validating the improvements quantitatively across multiple classifier architectures. Research integrity is maintained throughout by documenting pipeline failures, capability limits, and methodology growing pains as findings in their own right.

πŸ”— Learn more about the COVA CCI Undergraduate Research Program

🌊 Salt Typhoon: China’s Persistent Telecom Espionage Campaign (CYSE 462)

This research paper analyzes Salt Typhoon, a PRC state-sponsored advanced persistent threat (APT) that breached major U.S. telecommunications providers including AT&T, Verizon, T-Mobile, and Lumen Technologies beginning in 2024. The paper examines the group’s six-stage attack sequence, targeted devices and protocols, societal impact, and mitigation strategies β€” arguing that the campaign’s scale resulted from preventable lapses in basic security hygiene rather than novel capabilities.

πŸ” Project Highlights

  • Analyzed Salt Typhoon’s exploitation of CVE-2023-20198 and CVE-2023-20273 on Cisco IOS XE edge devices
  • Documented the six-stage attack sequence: initial access β†’ privilege escalation β†’ persistence β†’ credential harvesting β†’ lateral movement β†’ anti-forensics
  • Examined JumbledPath malware and GRE tunnel abuse for evasion and persistence
  • Assessed the breach of CALEA lawful intercept systems, exposing active government surveillance infrastructure
  • Proposed mitigations: mandatory patch timelines, network segmentation, Zero Trust architecture, and centralized tamper-resistant logging

πŸ” Security Concepts Applied

  • Advanced Persistent Threat (APT) analysis
  • CVE exploitation and patch management failure
  • Network edge device security
  • Lateral movement and credential harvesting
  • Anti-forensics and log evasion techniques
  • Telecom infrastructure risk and national security policy

🧠 What This Project Demonstrates

This paper demonstrates the ability to research, analyze, and communicate a complex, real-world nation-state cyberattack β€” connecting technical TTPs to broader national security implications and actionable defensive recommendations.

CS-462-Course-Project-Paper-FD__compressed

πŸ§ͺ Secure File Sharing System (CYSE 250)

Technologies: Python, Socket Programming, CLI, Encryption (Caesar Cipher)

Developed a secure file sharing system using Python, implementing core cybersecurity principles through a TCP-based client-server architecture. The system integrates encryption, authentication, and file isolation to ensure secure data handling and controlled user access.

πŸ” Project Highlights

  • Built a TCP client-server architecture using Python socket programming
  • Implemented user authentication system with persistent credential handling
  • Applied encryption/decryption (Caesar cipher) for secure data transmission
  • Designed isolated file storage per user to enforce access control
  • Developed command-line interface (CLI) for user interaction and system navigation
  • Managed file operations including upload, retrieval, and storage securely

πŸ” Security Concepts Applied

  • Secure client-server communication
  • Basic encryption and data protection
  • Authentication and access control
  • File system security and isolation
  • Input handling and system interaction

🧠 What This Project Demonstrates

This project demonstrates the ability to translate cybersecurity concepts into a working system, combining networking, programming, and security principles into a functional application.

πŸ–ΌοΈ System Demonstration

Click Image or Button to view source code and implementation details on GitHub.

🌐Ethernet Network Design Project (IT 315)

Designed a complete Ethernet network infrastructure for a four-level building, including structured cabling, switching architecture, and security implementation. This project simulated a real-world network deployment scenario, requiring both technical design decisions and cost-performance tradeoff analysis.

πŸ” Project Highlights

  • Designed a hierarchical star topology with centralized equipment room and distributed telecommunications closets
  • Planned and calculated 148 network drops across a multi-floor environment
  • Implemented Cat6 structured cabling with distance constraints aligned to industry standards
  • Designed a fiber backbone (OM3 multimode) for scalability and high-speed interconnects
  • Selected and integrated managed PoE switches for network segmentation and device support
  • Configured a pfSense firewall (Netgate 6100) for network security, VLAN segmentation, and potential IDS/IPS
  • Integrated Wi-Fi 6 access points for modern wireless coverage
  • Developed a cost-optimized bill of materials (~$13,591) balancing performance and budget

🧠 Applied Networking & Security Concepts

  • Network topology design and hierarchical infrastructure
  • Structured cabling standards (Cat6, ANSI/TIA-568 alignment)
  • VLAN segmentation and network isolation
  • Firewall-based security architecture
  • Scalability planning using fiber backbone
  • Real-world budgeting and hardware selection

🧠 What This Project Demonstrates

This project demonstrates the ability to design and justify a complete enterprise network from the ground up β€” translating real-world physical and budget constraints into a scalable, secure, and professionally documented infrastructure solution. It reflects applied knowledge of networking standards, security architecture, and hardware selection in a simulated deployment environment.

Ethernet_Network_Design_Project_FD

πŸ‘‰ Download Project Report (PDF)

πŸ›‘οΈ Ransomware Mitigation Strategies for Windows Systems (CYSE 280)

Technologies & Frameworks: Windows Server 2016/2019/2022, Windows Defender, WSUS, AppLocker, GPOs, NIST CSF, 3-2-1 Backup Strategy

This research paper examines ransomware mitigation strategies for Windows servers and endpoints, using the BlackByte (2024) and WannaCry (2017) attacks as case studies. It analyzes the ransomware lifecycle, evaluates technical countermeasures, and provides actionable recommendations grounded in NIST’s Cybersecurity Framework and industry best practices.

πŸ” Project Highlights

  • Analyzed two real-world ransomware case studies β€” WannaCry (2017) and BlackByte (2024) β€” identifying attack vectors, tools, and outcomes
  • Applied the NIST CSF five-function model (Identify, Protect, Detect, Respond, Recover) to structure a comprehensive mitigation framework
  • Evaluated Windows-native security tools including Defender, AppLocker, WSUS, GPOs, and Event Logs
  • Developed a comparison table of tools, functionality, mitigation impact, and implementation complexity
  • Proposed 12 actionable recommendations covering backups, EDR solutions, network segmentation, authentication, and employee training
  • Created custom flowcharts illustrating ransomware detection, response, and recovery phases

πŸ” Security Concepts Applied

  • Ransomware lifecycle analysis (infection, propagation, execution, impact, recovery)
  • Crypto vs. Locker ransomware differentiation
  • EternalBlue SMB exploit and MS17-010 patch management
  • 3-2-1 backup strategy and immutable/air-gapped storage
  • Endpoint Detection and Response (EDR) implementation
  • Phishing simulation and human factors integration
  • RaaS (Ransomware-as-a-Service) threat modeling

🧠 What This Paper Demonstrates

This paper demonstrates the ability to conduct applied cybersecurity research at a professional level β€” analyzing real-world attack scenarios, evaluating technical defense frameworks, and translating NIST standards into practical, organization-ready recommendations for Windows environments.

CYSE-280-Final-Research-Paper-FD-submission

🐧 Shell Scripting, Redirection, & Directory Checking (CYSE 270)

Completed as part of CYSE 270: Linux for Cybersecurity, this lab demonstrates practical bash shell scripting in a Linux environment. Tasks included writing conditional logic scripts (if/else), automating file creation and existence checking, validating directory structures, and applying redirection operators β€” all fundamental skills for Linux-based cybersecurity administration and automation.

Lab-8-Shell-Scripting-fd

πŸ“‹ Ensuring Accessibility when Implementing the CIA Triad (CYSE 200T)

This analytical paper argues that cybersecurity policies must proactively address accessibility gaps when implementing the CIA Triad β€” Confidentiality, Integrity, and Availability. Drawing on social science research and Human Factors Cybersecurity Engineering (HFCE) principles, it proposes policy frameworks using assistive technologies and human-centered design (HCD) to reduce the digital divide for older adults and people with disabilities in an increasingly digital-first society.

πŸ“Œ Key Arguments & Topics Covered

  • Accessibility gaps in CIA Triad implementation for older adults and people with disabilities
  • Human Factors Cybersecurity Engineering (HFCE) and human-centered design (HCD) as policy solutions
  • Role of assistive technologies (biometric MFA, text-to-speech, screen readers) in closing the digital divide
  • Policy recommendations aligned with WCAG 2.1, the EU Web Accessibility Directive, and Canada’s Accessible Canada Act
  • Societal and economic benefits of inclusive cybersecurity infrastructure

🧠 What This Paper Demonstrates

This paper demonstrates the ability to analyze the societal impact of technical cybersecurity systems through an interdisciplinary lens β€” connecting policy, social science, and security engineering to argue for more equitable and human-centered design standards.

CYSE-200-Analytical-Paper-FD-2.0-1

🀝Human Factors Cybersecurity Engineering: Inclusive Design through Social Science (CYSE 201S)

This research paper examines the Human Factors Cybersecurity Engineering (HFCE) career field and its deep reliance on social science to build secure, inclusive digital systems. It explores how core concepts β€” self-efficacy, risk perception, human-computer interaction (HCI), and human-centered design (HCD) β€” guide practitioners in designing accessible technologies that empower older adults and people with disabilities to engage confidently and safely in today’s digital world.

πŸ“Œ Key Arguments & Topics Covered

  • How Human Factors Cybersecurity Engineers (HFCEs) apply social science principles in daily practice
  • Self-efficacy, risk perception, HCI, and HCD as frameworks for inclusive security design
  • Assistive technologies (screen readers, voice recognition, wearables) and their role in bridging the digital divide
  • Impact of HFCE work on marginalized groups including older adults and people with disabilities
  • SETA program design and gamification as tools for reducing human error in cybersecurity

🧠 What This Paper Demonstrates

This paper demonstrates the ability to connect cybersecurity career practice with social science research β€” examining how human factors engineering addresses real-world accessibility and equity challenges across diverse user populations.

CYSE-201-Career-Paper-FD-2.0-2