Publications

Evaluating LLM Generated Detection Rules in Cybersecurity

September 2025 Anna Bertiger, Bobby Filar, Aryan Luthra, Stefano Meschiari, Aiden Mitchell, Sam Scholten, Vivek Sharath Conference on Applied Machine Learning in Information Security (CAMLIS) 2025

#LLMs #Evaluation #Cybersecurity #Featured

An open-source evaluation framework and three benchmark metrics for measuring LLM-generated cybersecurity detection rules.

View

RWArmor: A Static-Informed Dynamic Analysis Approach for Early Detection of Cryptographic Windows Ransomware

September 2023 Md Ahsan Ayub, Ambareen Siraj, Bobby Filar, Maanak Gupta International Journal of Information Security (Springer)

#Malware #Ransomware

Combining static features with dynamic-analysis signals to detect cryptographic ransomware early in the encryption lifecycle.

View

Classifying Sequences of Extreme Length with Constant Memory Applied to Malware Detection

May 2021 Edward Raff, William Fleshman, Richard Zak, Hyrum S. Anderson, Bobby Filar, Mark McLean AAAI 2021

#Deep Learning #Malware

A constant-memory architecture for classifying sequences of arbitrary length, applied to whole-binary malware detection.

View

Getting Passive Aggressive About False Positives: Patching Deployed Malware Detectors

November 2020 Edward Raff, Bobby Filar, James Holt IEEE International Conference on Data Mining Workshops (ICDMW) 2020

#Online Learning #Malware

An online-learning approach for patching deployed malware classifiers when new false positives surface in production.

View

Automatic YARA Rule Generation Using Biclustering

November 2020 Edward Raff, Richard Zak, Gary Lopez Munoz, William Fleming, Hyrum S. Anderson, Bobby Filar, Charles Nicholas, James Holt 13th ACM Workshop on Artificial Intelligence and Security (AISec)

#Malware #Detection

An automated approach to generating high-quality YARA detection rules using biclustering over malware feature space.

View

ProblemChild: Discovering Anomalous Patterns based on Parent-Child Process Relationships

August 2020 Bobby Filar, David French arXiv preprint

#Anomaly Detection #Security

A graph-based approach to identifying anomalous process lineage on enterprise endpoints.

View

The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation

February 2018 Brundage, Avin, Clark, Toner, Eckersley, Garfinkel, Dafoe, Scharre, Zeitzoff, Filar, et al. arXiv preprint

#AI Safety #Featured

Foundational report co-authored with researchers from FHI, OpenAI, CSER, EFF, and CNAS on the misuse risks of advanced AI.

View

Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning

January 2018 Hyrum S. Anderson, Anant Kharkar, Bobby Filar, David Evans, Phil Roth arXiv preprint

#Reinforcement Learning #Adversarial ML #Featured

An RL agent that learns to make non-breaking modifications to malicious PE binaries to evade static ML-based malware classifiers.

View

Ask Me Anything: A Conversational Interface to Augment Information Security Workers

July 2017 Bobby Filar, Richard Seymour, Matthew Park Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017)

#NLU #Human-AI Interaction #Featured

An early natural-language interface for security analysts — a precursor to today's agent-based SOC tooling.

View

DeepDGA: Adversarially-Tuned Domain Generation and Detection

October 2016 Hyrum S. Anderson, Jonathan Woodbridge, Bobby Filar 9th ACM Workshop on Artificial Intelligence and Security (AISec)

#Adversarial ML #Detection

A GAN-style approach to generating adversarial domain names that evade DGA classifiers — and using the same setup to train a more robust detector.

View