About

Dr. Mustaque Ahamad is a professor in the School of Computer Science at the Georgia Institute of Technology, where he has served on the faculty since 1985. He was the director of the Georgia Tech Information Security Center (GTISC) from 2004 to 2012, during which he helped develop major research thrusts in security of converged communication networks, identity and access management, and healthcare information technology security. Currently, he leads Georgia Tech’s educational programs in cybersecurity as associate director of its Institute for Information Security and Privacy. His research interests include distributed systems, computer security, and dependable systems. Dr. Ahamad is also a co-founder and serves as chief scientist of Pindrop Security and FraudScope.

Research topics

• Computer Science
• Computer Security
• Data science
• Environmental health
• Geography
• Environmental science
• Ecology
• Environmental protection
• Medicine
• Biology
• Human–computer interaction

Selected publications

• ROBAD: Robust Adversary-aware Local-Global Attended Bad Actor Detection Sequential Model

  ArXiv.org · 2025-07-20

  articleOpen access

  Detecting bad actors is critical to ensure the safety and integrity of internet platforms. Several deep learning-based models have been developed to identify such users. These models should not only accurately detect bad actors, but also be robust against adversarial attacks that aim to evade detection. However, past deep learning-based detection models do not meet the robustness requirement because they are sensitive to even minor changes in the input sequence. To address this issue, we focus on (1) improving the model understanding capability and (2) enhancing the model knowledge such that the model can recognize potential input modifications when making predictions. To achieve these goals, we create a novel transformer-based classification model, called ROBAD (RObust adversary-aware local-global attended Bad Actor Detection model), which uses the sequence of user posts to generate user embedding to detect bad actors. Particularly, ROBAD first leverages the transformer encoder block to encode each post bidirectionally, thus building a post embedding to capture the local information at the post level. Next, it adopts the transformer decoder block to model the sequential pattern in the post embeddings by using the attention mechanism, which generates the sequence embedding to obtain the global information at the sequence level. Finally, to enrich the knowledge of the model, embeddings of modified sequences by mimicked attackers are fed into a contrastive-learning-enhanced classification layer for sequence prediction. In essence, by capturing the local and global information (i.e., the post and sequence information) and leveraging the mimicked behaviors of bad actors in training, ROBAD can be robust to adversarial attacks. Extensive experiments on Yelp and Wikipedia datasets show that ROBAD can effectively detect bad actors when under state-of-the-art adversarial attacks.

  PublisherOA PDF

• Alcohol and health monitoring system using IoT

  2025-03-31

  book-chapterSenior author

  The surge in accidents attributed to drunk driving poses a significant threat in today's society To relieve these occurrences, we propose an IoT-based wellbeing checking framework prepared with liquor location and control capabilities. This project aims to curb accidents resulting from intoxicated driving. With a global rise in accident rates linked to this issue, there's a pressing need for preventive measures. Our solution leverages IoT technology, incorporating components such as Node Mcu, alcohol sensors, heart rate sensors, temperature sensor, Oxi level sensor, humidity sensor, Global System for Mobile communication (GSM), and WiFi modems. When alcohol levels and heart rates surpass predefined thresholds, the system commands the vehicle's ignition system to halt operation, preventing potential accidents.

  PublisherDOI

• Implementation of an Enhanced RC6 Algorithm for Securing Data Using Verilog

  2025-06-05

  article

  With the rapid advancement of digital communication and data storage, ensuring robust security mechanisms has become crucial. The RC6 encryption algorithm, an extension of the RC5 cipher, offers enhanced security and efficiency, making it suitable for high-speed cryptographic applications. This paper presents the implementation of an enhanced RC6 algorithm using Verilog, focusing on optimizing hardware efficiency, reducing latency, and increasing throughput. The proposed design leverages hardware acceleration techniques to improve encryption speed while maintaining strong resistance against cryptanalysis attacks. The Verilog-based implementation was synthesized and tested on an FPGA plat- form, demonstrating significant improvements in performance compared to conventional software-based encryption methods. Key performance metrics, including encryption/decryption speed, power consumption, and resource utilization, were analyzed to validate the effectiveness of the proposed design. Experimental results indicate that the optimized RC6 implementation achieves reduced execution time and lower power consumption, making it highly suitable for real-time security applications in embedded systems, IoT devices, and secure data transmission protocols. The study also compares the proposed architecture with existing FPGA-based cryptographic implementations to highlight its advantages in terms of scalability, flexibility, and resistance to attacks.

  PublisherDOI

• WavePulse: Real-time Content Analytics of Radio Livestreams

  2025-04-22

  articleOpen access

  Radio remains a pervasive medium for mass information dissemination, with AM/FM stations reaching more Americans than either smartphone-based social networking or live television.Increasingly, radio broadcasts are also streamed online and accessed over the Internet.We present WavePulse, a framework that records, documents, and analyzes radio content in real-time.While our framework is generally applicable, we showcase the efficacy of WavePulse in a collaborative project with a team of political scientists focusing on the 2024 Presidential Election.We use WavePulse to monitor livestreams of 396 news radio stations over a period of three months, processing close to 500,000 hours of audio streams.These streams were converted into time-stamped, diarized transcripts and analyzed to answer key political science questions at both the national and state levels.Our analysis revealed how local issues interacted with national trends, providing insights into information flow.Our results demonstrate WavePulse's efficacy in capturing and analyzing content from radio livestreams sourced from the Web.Code and dataset can be accessed at https://wave-pulse.io

  PublisherOA PDFDOI

• Corrective or Backfire: Characterizing and Predicting User Response to Social Correction

  2024-04-17 · 3 citations

  articleOpen access

  Online misinformation poses a global risk with harmful implications for society. Ordinary social media users are known to actively reply to misinformation posts with counter-misinformation messages, which is shown to be effective in containing the spread of misinformation. Such a practice is defined as “social correction”. Nevertheless, it remains unknown how users respond to social correction in real-world scenarios, especially, will it have a corrective or backfire effect on users. Investigating this research question is pivotal for developing and refining strategies that maximize the efficacy of social correction initiatives.

  PublisherDOI

• WavePulse: Real-time Content Analytics of Radio Livestreams

  arXiv (Cornell University) · 2024-12-23

  preprintOpen access

  Radio remains a pervasive medium for mass information dissemination, with AM/FM stations reaching more Americans than either smartphone-based social networking or live television. Increasingly, radio broadcasts are also streamed online and accessed over the Internet. We present WavePulse, a framework that records, documents, and analyzes radio content in real-time. While our framework is generally applicable, we showcase the efficacy of WavePulse in a collaborative project with a team of political scientists focusing on the 2024 Presidential Elections. We use WavePulse to monitor livestreams of 396 news radio stations over a period of three months, processing close to 500,000 hours of audio streams. These streams were converted into time-stamped, diarized transcripts and analyzed to track answer key political science questions at both the national and state levels. Our analysis revealed how local issues interacted with national trends, providing insights into information flow. Our results demonstrate WavePulse's efficacy in capturing and analyzing content from radio livestreams sourced from the Web. Code and dataset can be accessed at \url{https://wave-pulse.io}.

  PublisherOA PDFDOI

• Evaluating Synthetic Command Attacks on Smart Voice Assistants

  arXiv (Cornell University) · 2024-11-13

  preprintOpen accessSenior author

  Recent advances in voice synthesis, coupled with the ease with which speech can be harvested for millions of people, introduce new threats to applications that are enabled by devices such as voice assistants (e.g., Amazon Alexa, Google Home etc.). We explore if unrelated and limited amount of speech from a target can be used to synthesize commands for a voice assistant like Amazon Alexa. More specifically, we investigate attacks on voice assistants with synthetic commands when they match command sources to authorized users, and applications (e.g., Alexa Skills) process commands only when their source is an authorized user with a chosen confidence level. We demonstrate that even simple concatenative speech synthesis can be used by an attacker to command voice assistants to perform sensitive operations. We also show that such attacks, when launched by exploiting compromised devices in the vicinity of voice assistants, can have relatively small host and network footprint. Our results demonstrate the need for better defenses against synthetic malicious commands that could target voice assistants.

  PublisherOA PDFDOI

• Corrective or Backfire: Characterizing and Predicting User Response to Social Correction

  arXiv (Cornell University) · 2024-03-07

  preprintOpen access

  Online misinformation poses a global risk with harmful implications for society. Ordinary social media users are known to actively reply to misinformation posts with counter-misinformation messages, which is shown to be effective in containing the spread of misinformation. Such a practice is defined as "social correction". Nevertheless, it remains unknown how users respond to social correction in real-world scenarios, especially, will it have a corrective or backfire effect on users. Investigating this research question is pivotal for developing and refining strategies that maximize the efficacy of social correction initiatives. To fill this gap, we conduct an in-depth study to characterize and predict the user response to social correction in a data-driven manner through the lens of X (Formerly Twitter), where the user response is instantiated as the reply that is written toward a counter-misinformation message. Particularly, we first create a novel dataset with 55, 549 triples of misinformation tweets, counter-misinformation replies, and responses to counter-misinformation replies, and then curate a taxonomy to illustrate different kinds of user responses. Next, fine-grained statistical analysis of reply linguistic and engagement features as well as repliers' user attributes is conducted to illustrate the characteristics that are significant in determining whether a reply will have a corrective or backfire effect. Finally, we build a user response prediction model to identify whether a social correction will be corrective, neutral, or have a backfire effect, which achieves a promising F1 score of 0.816. Our work enables stakeholders to monitor and predict user responses effectively, thus guiding the use of social correction to maximize their corrective impact and minimize backfire effects. The code and data is accessible on https://github.com/claws-lab/response-to-social-correction.

  PublisherOA PDFDOI

• SoK: An Essential Guide For Using Malware Sandboxes In Security Applications: Challenges, Pitfalls, and Lessons Learned

  arXiv (Cornell University) · 2024-03-24

  preprintOpen access

  Malware sandboxes provide many benefits for security applications, but they are complex. These complexities can overwhelm new users in different research areas and make it difficult to select, configure, and use sandboxes. Even worse, incorrectly using sandboxes can have a negative impact on security applications. In this paper, we address this knowledge gap by systematizing 84 representative papers for using x86/64 malware sandboxes in the academic literature. We propose a novel framework to simplify sandbox components and organize the literature to derive practical guidelines for using sandboxes. We evaluate the proposed guidelines systematically using three common security applications and demonstrate that the choice of different sandboxes can significantly impact the results. Specifically, our results show that the proposed guidelines improve the sandbox observable activities by at least 1.6x and up to 11.3x. Furthermore, we observe a roughly 25% improvement in accuracy, precision, and recall when using the guidelines to help with a malware family classification task. We conclude by affirming that there is no "silver bullet" sandbox deployment that generalizes, and we recommend that users apply our framework to define a scope for their analysis, a threat model, and derive context about how the sandbox artifacts will influence their intended use case. Finally, it is important that users document their experiment, limitations, and potential solutions for reproducibility

  PublisherOA PDFDOI

• Understanding LLMs Ability to Aid Malware Analysts in Bypassing Evasion Techniques

  2024-10-30 · 2 citations

  articleOpen access

  Over the past few years, the threat of malware has become increasingly evident, posing a significant risk to cybersecurity worldwide and driving extensive research efforts to prevent and mitigate these attacks. Despite numerous efforts to automate malware analysis, these systems are constantly thwarted by evasive techniques developed by malware authors. As a result, the analysis of sophisticated evasive malware falls into the hands of human malware analysts, who must undertake the time-consuming process of overcoming each evasive technique to uncover malware’s malicious behaviors. This highlights the need for approaches that aid malware analysts in this process. Although active measures, such as forced execution and symbolic analysis, can automatically circumvent some evasive checks, they suffer from limitations like path explosion and fail to provide useful insights that analysts can use in their workflow. To fill this gap, we investigate how large language models (LLMs) can address shortcomings of symbolic analysis through the first comparative analysis between the two in bypassing evasion techniques. Our study leads to three key findings: (i) we find that LLMs outperform symbolic analysis in bypassing evasive code, especially in the presence of common code patterns, such as loops, which have historically posed a challenge for symbolic analysis, (ii) we show that LLMs correctly identify methods of bypassing evasive techniques in real-world malware, and (iii) we highlight how even in LLMs failure modes, human malware analysts can benefit from the step-by-step reasoning provided by the model.

  PublisherDOI

Recent grants

• ITR/SI: Guarding the Next Internet Frontier: Countering Denial of Information

  NSF · $2.0M · 2001–2008

• TWC: Medium: Collaborative: Exposing and Mitigating Cross-Channel Attacks that Exploit the Convergence of Telephony and the Internet

  NSF · $900k · 2015–2021

• TWC: Small: Securing the New Converged Telephony Landscape

  NSF · $500k · 2013–2017

Frequent coauthors

• Roberto Perdisci

  Georgia Institute of Technology

  23 shared

• Mostafa Ammar

  Georgia Institute of Technology

  21 shared

• Michel Raynal

  Institut de Recherche en Informatique et Systèmes Aléatoires

  17 shared

• Payas Gupta

  14 shared

• Sumeer Bhola

  Google (United States)

  13 shared

• Francisco J. Torres-Rojas

  Instituto Tecnológico de Costa Rica

  10 shared

• Manos Antonakakis

  Georgia Institute of Technology

  10 shared

• Karsten Schwan

  Delft University of Technology

  10 shared