1. Trustworthy AI for Security of Networked CPS and Critical Infrastructure
A major driver of my research is the need for AI defenses in networked CPS where sensing, control, and telemetry are tightly coupled and operate under uncertainty. In water and wastewater infrastructure, cyber incidents often appear as subtle changes in sensor patterns, actuator behavior, or operational sequences, and these signals are frequently masked by noise, nonstationarity, and normal operational variability. I develop learning-based detection and forecasting methods that are accurate and operationally trustworthy, with attention to reliability, low false-alarm rates, and decision support. In practice, this means building models that do more than flag anomalies, they provide operator-relevant evidence about what changed, where it changed, and why it likely matters, so responses are safe and efficient rather than driven by spurious alarms.
My prior work includes deep learning approaches for cyberattack detection in water systems and AI-driven frameworks for wastewater operations and security. I have also explored context-aware forecasting, where upstream factors and external context shape system dynamics and the interpretation of anomalies. Looking forward, I will generalize these efforts to broader communications-enabled CPS and networked control environments, including industrial networks and other critical systems where telemetry may be distributed, delayed, or partially observed. A concrete focus is adversary-aware anomaly detection that separates natural disturbances (legitimate transients, weather-driven effects, maintenance activity) from coordinated manipulations across multi-sensor environments. Closely related is robust learning under distribution shift, targeting changing network conditions, sensor drift, and evolving operational regimes, because CPS security models often fail when they silently assume yesterday's statistics will hold tomorrow. Finally, I emphasize operational trust and interpretability through actionable explanations, such as identifying which networked signals, subsystems, or control loops most influenced a detection decision, and presenting these explanations in forms aligned with engineering workflows (e.g., subsystem-level attribution, event timelines, and operator-facing summaries rather than abstract feature importances).
This thrust aligns with ODU's interest in AI-enabled CPS security and trustworthy AI integrated into networked systems, especially where communications constraints, partial observability, and operational procedures define what effective security looks like.
2. AI Assurance for Networked AI Systems and AI-as-a-Service Security
As AI increasingly runs "over the network", through cloud inference APIs, distributed model serving, federated learning, and agentic workflows, trustworthy AI must go beyond accuracy and address security, provenance, auditability, and risk measurement. My research develops model-agnostic assurance methods and evaluation frameworks that quantify trust under realistic constraints and threat models. The key idea is that modern deployments are not isolated models; they are networked services embedded in pipelines for data collection, preprocessing, training, serving, monitoring, and decision-making. Attacks can occur at many points, and failures can cascade across components.
I focus on assurance methods that answer the questions stakeholders care about: when should we trust a model, when is it failing silently, what evidence supports a security decision, and how can we detect manipulation in data pipelines or learning updates? These questions are central to networked deployments, where adversaries can target data streams, inference traffic, identity and authentication boundaries, and update mechanisms. Within this thrust, I plan to develop assurance metrics and protocols for networked AI services, including reliability scoring under attack and drift, and confidence calibration designed for security decisions where false confidence can be more harmful than abstaining. I also focus on secure learning pipelines, including detection of poisoning and backdoors in training data and model updates, particularly in distributed or collaborative settings where provenance is incomplete and updates arrive asynchronously. In addition, I am increasingly interested in trustworthy agentic AI for cyber operations, where LLM- or tool-using agents interact with logs, alerts, and telemetry; here the goal is to design guardrails and verification layers that enforce bounded actions and durable audit trails, so agentic assistance improves analyst effectiveness without creating opaque or exploitable automation.
This thrust directly supports the position's emphasis on AI-driven security analysis on networked systems, threat intelligence, and security of networked AI-as-a-service systems, and it complements growing momentum in LLM and agentic AI security.
3. Generative AI Security, Synthetic Data, and Detection/Attribution for Cyber Defense
Generative models are fundamentally dual use. They can support privacy-preserving data sharing and simulation, but they also enable deception, impersonation, and scalable adversarial content. My research addresses both sides: I develop principled methods for using synthetic data in security contexts, and I build detection and attribution methods for synthetic and adversarial content. I approach this space with two commitments. First, synthetic data must preserve scientific validity and operational relevance, not only visual or statistical plausibility. Second, defenses must generalize beyond the specific generator or attack used during evaluation, because real adversaries do not follow benchmark constraints.
I have worked on the fidelity and utility of synthetic data generation for cyber-physical domains and developed datasets and benchmarking frameworks for synthetic and adversarial image detection. Going forward, I will extend these ideas to security settings that include evaluating intrusion detection models with realistic synthetic traces, detecting manipulated sensor and telemetry patterns, and understanding how generative content affects trust in decision pipelines. Within this thrust, I plan to generate realistic CPS and network traces with known ground truth to stress-test detectors under rare or dangerous scenarios that are difficult to collect in the wild. I also plan to advance detection and attribution methods that identify synthetic or manipulated content and connect it to model families or generation pipelines, supporting threat intelligence and incident response. Finally, I will study concealment and fabrication attacks in vision and time-series pipelines and develop defenses that generalize across unseen generators and perturbation strategies—an increasingly important requirement given rapid advances in diffusion models and tool-augmented generation workflows.
This thrust complements ODU's Trustworthy AI initiative and supports interdisciplinary collaboration across cybersecurity, engineering, and data science at the intersection of provenance, reliability, and security evaluation.
