My research interest is network security and privacy. These extend into various other areas such as software-defined networks, botnets, social networks, adhoc networks, the economics of information security, and usable security.

Funding

1. Edge-AI Hub, £12,000,000, (co-I) 2023-2028
2. Agritech Auth -- Trustworthy Autonomous Systems Hub award, £146,000 (PI), 2022-2023
3. PART Testbed, REPHRAIN Award, £101,855, PI, 2023-2024
4. Robustness as Traceability, PETRAS SRF Award, £355000, PI, 2021-2023
5. GA in Cybersecurity, £1M, PI, 100%, 2020
6. EPSRC-NPL iCASE studentship, £115,000, PI, 2018--2022
7. EPSRC-NPL iCASE studentship, £115,000, PI, 2019--2023
8. UKIERI-DST[1] Cyberphysical Systems Security, £220,000, PI, 100%, 2019--2022
9. Carnegie trust summer internship, £5000, PI, 2019
10. Keysight gift to SCDT in Cybersecurity, £30,000, PI, 2018--2023
11. Brocade PhD studentship on 'Security of Software-Defined Networks', £120,000, PI, 2015-2019
12. EPSRC BACCHUS grant on 'Robustness-as-evolvability', £838,000 PI, 2014-2020
13. DCMS Cybersecurity Teaching Bursaries award, £80700 (PI), 2016-2017
14. DCMS Cybersecurity Teaching Bursaries award, £80700 (PI), 2017-2018
15. NCSC Accreditation for MSc in Cybersecurity (Lancaster) (co-I), 2014-2018.
16. Seven MSc studentships from Raytheon and Fujitsu (PI) 2014-2016.
17. Raytheon industry grant on ‘Cloud robustness and security’, (PI) £25000, 2015-2017
18. GCHQ[2] grant on 'Standardised security evaluation testbed', £210,000 (PI), 2014-2018
19. CPNI[3] grant on 'Targeted attacks and defences'; £70,000 (PI), 2013-2016
20. DARPA[4]-I3P grant on 'Botnet detection and mitigation' – $150,000 (PI); 2008 – 2010
21. DARPA grant on 'Botnet detection via structured graph analysis ' – $150,000 (PI); 2010 – 2012
22. IBM X10 faculty award for 'Private traffic analysis on the cloud' – $20,000 (PI); 2011
23. DRDO[5] grant on 'Detecting botnets in enterprise networks' – Rs. 10,00,000 (PI); 2010-11
24. DRDO grant on 'Traffic analysis techniques for ISPs' – Rs. 40,00,000 (PI), 2011-12
25. Google faculty award for 'Smartphone security and privacy analysis' – $65,000 (PI); 2010
26. Travel and support awards < £10000: The Philosophical Society Cambridge, BCS, Gates Travel Funds, St. Johns Bursary, Douglas Adams Prize, PETS travel award, Sigcomm travel award, SPW travel award, Foundations of Security Analysis and Design Award, and many more. 

[1] DST – Department of Science and Technology, Govt of India (EPSRC’s counterpart in India)

[2] GCHQ – Government Communications Head Quarters, UK government (mandate for cybersecurity in UK)

[3] CPNI – Centre for Protection of National Infrastructure, UK government (mandate for business-centric cyber)

[4] DARPA – Defense Advanced Research and Programme Agency, US govt. (mandate for cybersecurity in USA)

[5] DRDO – Defense Research and Development Organisation, Govt. of India (mandate for cybersecurity in India)

Peer-reviewed Research Publications

(Note: Systems security research papers often have a lifecycle that take several years to implement the system at scale, experiment, build a user-community, write up, and publish. Full list of publications: https://scholar.google.com/citations?hl=en&user=Z2g9YhAAAAAJ&view_op=list_works&sortby=pubdate)

1.      Matthew Calder, Mujeeb Ahmed, Shishir Nagaraja, SWAP: An ICS water process testbed for ICS Security Research, IEEE COINS 2023

2.      C Dickinson, S Nagaraja, CM Ahmed, R Hyde, AGRITRUST: A Testbed to Enable Trustworthy Smart AgriTech, Proceedings of the First International Symposium on Trustworthy Autonomous Systems, 2023

3.      Oles Andriychuk, Shishir Nagaraja, Regulating Digital Advertising from the Perspective of the 4th Industrial Revolution, in Moura Vincente, Sofia de Vasconcelos Casimiro (eds), 'The Legal Challenges of the Fourth Industrial Revolution: the European Union’s Digital Strategy', Springer, 2023

4.      Girish Vaidya, Shishir Nagaraja, Ryan Shah, and T V Prabhakar: A novel approach for identification of sensor devices through Acoustic PUF. ACM Journal of Digital Threats and Practice (DTRAP) 2023.

5.      Ludvigsen, Nagaraja, Daly, Preventing or Mitigating Adversarial Supply Chain Attacks: A Legal Analysis, ACM CCS, SCORED’ 22, https://dl.acm.org/doi/10.1145/3560835.3564552, 2022.

6.      K R Ludvigsen, S Nagaraja, and A Daly, Requirements for Software as a Medical Device in EU Law. European Journal of Risk Regulation 2022 (Top Journal in Law and Cybersecurity)

7.      Ryan Shah, Mujeeb Ahmed, Shishir Nagaraja, Can You Still See Me?: Identifying Robot Operations Over End-to-End Encrypted Channels, (Poster) Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks, https://doi.org/10.1145/3507657.3529659, 2022.

8.      S. Nagaraja and R. Shah, VoipLoc: Passive VoIP call provenance using acoustic side-channels, in Proceedings of the 14^th ACM Conference on Wireless and Security, 2021, New York [SNIP 20.12]

9.      Joseph Gardiner, Adam Eiffert, Peter Garraghan, Nicholas Race, Shishir Nagaraja and Awais Rashid, Attacks on Software Defined Networks in Industrial Control Systems. ACM Cyber Physical Systems and IoT Security CPSIoTSec 2021 (Highly selective 8% acceptance rate).

10.  R. Shah and S.Nagaraja, Unified access control model for Calibration Traceability in Safety-Critical IoT, in Proceedings of the International Conference in Information and Systems Security, India, pp. 3--22 [SNIP 14.75]

11.   K R Ludvigsen, S Nagaraja, Dissecting liabilities in adversarial surgical robot failures: A national (Danish) and European law perspective, in Computer Law and Security Review, 2021 [top Cyber Law Journal]

12.  R. Shah and S. Nagaraja, Privacy with Surgical Robotics: Challenges in Applying Contextual Privacy Theory, Proceedings of 2^nd ACM Symposium on Contextual Privacy, California 2019. [SNIP 12.92]

13.  R. Shah and S.Nagaraja, Position paper: Unified access control for surgical robotics, in SACMAT 2019 - Proceedings of the 24th ACM Symposium on Access Control Models and Technologies. Association for Computing Machinery, pp. 231-233, Toronto. [SNIP 14.75]

14.  S. Nagaraja and R. Shah, Clicktok: click fraud detection using traffic analysis, in WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks. ACM, New York, pp. 105-116. [SNIP 20.12]

15.  R Shah, M McIntee, S Nagaraja, S Bhandary, P Arote, J Kuri, Secure calibration in high-assurance IoT: traceability for safety resilience, arXiv 1908:00740, 2019

16.  R. Shah and S. Nagaraja, Do we have the time for IRM? Service denial attacks and SDN-based defences in ICDCN 2019 - Proceedings of the 2019 International Conference on Distributed Computing and Networking. Association for Computing Machinery, New York, pp. 496-501. [SNIP 26.55]

17. R Shah, S Nagaraja, A game-theoretic analysis of DoS attacks on driverless vehicles, arXiv:1902.09590, 2019.

18. J Weekes, S Nagaraja, Controlling your neighbour’s bandwidth for fun and for profit, Cambridge International Workshop on Security Protocols, 214-223

19.  A. K. Biswas, S. Nagaraja, and D. Ghosal, A survey of timing channels and countermeasures, ACM Surveys, CSUR 50 (1), 6, 2017 [SNIP 16.54]

20.  J Gardiner, S Nagaraja, and M Cova, Command & Control: Understanding, Denying, and Detecting – A review of malware C2 techniques, detection, and defences, CPNI, 2017 arXiv:1408.1136.

21.  J Gardiner and S Nagaraja, On the security of machine learning in malware C&C detection: a survey, ACM Surveys, 2016 [SNIP 16.54, Top ]

22.  S. Nagaraja, Targeted attacks and defences – a structured graph approach, Journal of Computer Security (JCS) 2015 [SNIP 3.19]

23.  B Venkatesh, SH Choudhury, S Nagaraja, and N Balakrishnan, BotSpot: fast graph based identification of structured P2P bots,  Journal of Computer Virology, 2015 [SNIP 1.46]

24.  S. Nagaraja, Botyacc: unified P2P botnet detection using behavioural analysis and graph analysis, in the Proceedings of the European Symposium on Research in Computer Security (ESORICS), 2014. [ Conference Impact Factor (CIF) 11.50]

25.  J. Gardiner and S. Nagaraja, On the reliability of network measurement techniques, in the Proceedings of the Security Protocols Workshop (SPW), 2014. [CIF 10.47]

26.  J Gardiner, S Nagaraja, Blindspot: Indistinguishable anonymous communications, arXiv:1408.0784, 2014

27.  S Nagaraja, On the Reliability of Network Measurement Techniques Used for Malware Traffic Analysis (Transcript of Discussion), Cambridge International Workshop on Security Protocols, 334-339, 2014

28.  Ragib Hasan, Md Munirul Haque, Elisa Bertino, Sheikh Iqbal Ahamed, Sabrina De Capitani Di Vimercati, Pierangela Samarati, Mohamed Shehab, Gabriel Ghinita, Shishir Nagaraja, Editors First Workshop on Social Network Security, SocialSec, IEEE Explore 2014.

29.  J Gardiner, M Cova, S Nagaraja, Command & control: Understanding, denying and detecting, CPNI Technical Report and Business Guidance, 2014

30.  S Nagaraja, Privacy implications of statistical acoustic analysis, 23rd Usenix Security Symposium 2014

31.  J D Weekes and S Nagaraja, Denial of Service Defence using Router Migration, IEEE Security and Privacy Poster, 2013

32.  J Gardiner and S Nagaraja, Blindspot: Indistinguishable Anonymous Communications, IEEE Security and Privacy Poster, 2013

33.  R. Khurana and S. Nagaraja, Challenges in leveraging vibration-based covert channels for information-theft, in the Proceedings of the Security Protocols Workshop (SPW), 2013. [CIF10.47]

34.  S. Nagaraja, Amir Houmansadr, Pratch Pyongwangwisal, Vijit Singh, Pragya Agarwal and Nikita Borisov, Stegobot: a covert social network, in the Proceedings of the Information Hiding Conference (IHC) 2011 [CIF 26.14]

35.  R Khurana, S Nagaraja, Simple defences against vibration-based keystroke fingerprinting attacks, Cambridge International Workshop on Security Protocols, 143-151, 2013

36.  S Nagaraja, Simple Defences against Vibration-Based Keystroke Fingerprinting Attacks (Transcript of Discussion), Cambridge International Workshop on Security Protocols, 152-160, 2013

37.  M Gupta, S Nagaraja, Robust and traffic analysis resistant cloud file system, IIITD Technical Report 2012

38. S Nagaraj, N Sirisilla, HS Madhusudhana, Method and system for managing network resources based on a dynamic quorum, US Patent 8,285,825, 2012

39.  S. Nagaraja, Virajith Jalaparthi, Matt Caesar and Nikita Borisov,  P3CA: anomaly detection in ISP networks, in the Proceedings of the 11^th Privacy Enhancing Technologies (PETS) Symposium 2011 [CIF 18.11]

40.  S. Nagaraja, Peter Schaffer, Djamila Aouada, Who clicks there: anonymising the photographer in a camera saturated world, in the Proceedings of Privacy in the Electronic Society (WPES) 2011 [CIF 15.03]

41. S Nagaraja, A Houmansadr, P Piyawongwisal, V Singh, P Agarwal, Stegobot: construction of an unobservable communication network leveraging social behavior, arXiv:1107.2031, 2011

42. S Nagaraja, A Houmansadr, P Piyawongwisal, V Singh, P Agarwal, Stegobot: a covert social network botnet, International Workshop on Information Hiding, 299-313, 2011

43. R Anderson, S Nagaraja, The snooping dragon: social-malware surveillance of the Tibetan movement, University of Cambridge technical report UCAM-CL-TR-746

44.  S. Nagaraja, P. Mittal, C.Y. Hong, M. Caesar, N. Borisov, Botgrep: Finding peer-to-peer botnets with Structured Graph Analysis, USENIX Security Symposium 2010 [CIF 41.44, 288 citations]

45.  S. Nagaraja, The impact of unlinkability on adversarial community detection: Effects and Countermeasures. Privacy Enhancing Technologies 2010 [CIF 18.11]

46.  S. Nagaraja, M. Caesar, N. Borisov, Graphsplicer: Detecting bots with structured graph analysis, International Conference in Distributed Computing Systems, 2010 [CIF 18.55]

47.  S. Nagaraja, Robust Covert Topologies, in the Proceedings on the Symposium of of Bio-Inspired Computing, 2009.

48.  S. Nagaraja, The Economics of Covert Community Detection and Hiding, in the Proceedings of the Seventh Workshop of Economics and Information Security, 2008

49.  S. Nagaraja, Topological anonymity in unstructured networks, in the Proceedings of the Sixth Workshop of Economics and Information Security, 2007

50.  S. Nagaraja, Anonymity in the wild: Mixes on unstructured networks, in the Proceedings of the Symposium on Privacy Enhancing Technologies (PETS 2007) [CIF 18.11]

51.  Tyler Moore, Jolyon Clulow, Ross Anderson and Shishir Nagaraja. New Strategies for Revocation in Ad-Hoc Networks, at the European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS) 2007 [CIF 7.48]

52.  F. L. Wong, M. Lin, S. Nagaraja, I. Wassel and F. Stajano, Evaluation Framework of Location Privacy of Wireless Mobile Systems with Arbitrary Beam Pattern, in Proceedings of the Fifth Annual Conference on Communication Networks and Services Research (CNSR 2007)

53.  S Nagaraja, Privacy Amplification with Social Networks, International Workshop of Security Protocols, Pages 58-73, 2007

54.  R. Anderson, T. Moore, S. Nagaraja, A. Ozment, Incentives and Information Security, in Algorithmic Game Theory, N. Nisan, T. Roughgarden, E. Tardos, and V. Vazirani (editors), ISBN-13: 9780521872829, Cambridge University Press, 2007. [1529 citations]

55.  S Nagaraja, Privacy Amplification with Social Networks Transcript of Discussion, International Workshop of Security Protocols, Pages 74-80, 2007

56. S. Nagaraja and R. Anderson, The topology of covert conflict (revised and updated), in the Proceedings of the Workshop on the Economics of Information Security, Cambridge, UK, 2006. [55 citations]

57.  S. Nagaraja and R. Anderson, Snooping Dragon: Social malware surveillance of the Tibetan movement, Technical Report 746, University of Cambridge, 2009. [89 citations]

58.   J. Gardiner, M. Cova, S. Nagaraja, Command & Control: Understanding, Denying and Detecting, Technical  Report for the Centre of Protection of National Infrastructure (CPNI), 2014

59.  Ravi Kiran UVS and Shishir Nagaraja, An algorithm to cluster directory users into user communities based on similarity in access, USPTO 6,996,577, June 2006.

60.  Madhusudhana H S, Shishir Nagaraja and Aridaman Tripathi, Security and Policy Integrity in Multilateral Authorization Systems, USPTO 7,136,489, November 2006.

61.  Shishir Nagaraja and Madhusudhana H S, Method and System for Amassed Authorization, USPTO, 2003.

62.  Shishir Nagaraja, Natraj Sirisilla and H S Madhusudhana, An adaptive method and system for user empowered management based on Dynamic Quorums, USPTO, November 2004