James Benson

Shaghayegh Shajarian, Kennedy Marsh, James Benson et al.

Modern networks generate vast, heterogeneous traffic that must be continuously analyzed for security and performance. Traditional network traffic analysis systems, whether rule-based or machine learning-driven, often suffer from high false positives and lack interpretability, limiting analyst trust. In this paper, we present ReGAIN, a multi-stage framework that combines traffic summarization, retrieval-augmented generation (RAG), and Large Language Model (LLM) reasoning for transparent and accurate network traffic analysis. ReGAIN creates natural-language summaries from network traffic, embeds them into a multi-collection vector database, and utilizes a hierarchical retrieval pipeline to ground LLM responses with evidence citations. The pipeline features metadata-based filtering, MMR sampling, a two-stage cross-encoder reranking mechanism, and an abstention mechanism to reduce hallucinations and ensure grounded reasoning. Evaluated on ICMP ping flood and TCP SYN flood traces from the real-world traffic dataset, it demonstrates robust performance, achieving accuracy between 95.95% and 98.82% across different attack types and evaluation benchmarks. These results are validated against two complementary sources: dataset ground truth and human expert assessments. ReGAIN also outperforms rule-based, classical ML, and deep learning baselines while providing unique explainability through trustworthy, verifiable responses.

Glen Cathey, James Benson, Maanak Gupta et al.

Internet of Things (IoT) is a rapidly growing industry currently being integrated into both consumer and industrial environments on a wide scale. While the technology is available and deployment has a low barrier of entry in future applications, proper security frameworks are still at infancy stage and are being developed to fit varied implementations and device architectures. Further, the need for edge centric mechanisms are critical to offer security in real time smart connected applications with minimal or negligible overhead. In this paper, we propose a novel approach of data security by using multiple device shadows (aka digital twins) for a single physical object. These twins are paramount to separate data among different virtual objects based on tags assigned on-the-fly, and are used to limit access to different data points by authorized users/applications only. The novelty of the proposed architecture resides in the attachment of dynamic tags to key-value pairs reported by physical devices in the system. We further examine the advantages of tagging data in a digital twin system, and the performance impacts of the proposed data separation scheme. The proposed solution is deployed at the edge, supporting low latency and real time security mechanisms with minimal overhead, and is light-weight as reflected by captured performance metrics.

Maanak Gupta, James Benson, Farhan Patwa et al.

Intelligent Transportation System (ITS) is a vision which offers safe, secure and smart travel experience to drivers. This futuristic plan aims to enable vehicles, roadside transportation infrastructures, pedestrian smart-phones and other devices to communicate with one another to provide safety and convenience services. Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) communication in ITS offers ability to exchange speed, heading angle, position and other environment related conditions amongst vehicles and with surrounding smart infrastructures. In this intelligent setup, vehicles and users communicate and exchange data with random untrusted entities (like vehicles, smart traffic lights or pedestrians) whom they don't know or have met before. The concerns of location privacy and secure communication further deter the adoption of this smarter and safe transportation. In this paper, we present a secure and trusted V2V and V2I communication approach using edge infrastructures where instead of direct peer to peer communication, we introduce trusted cloudlets to authorize, check and verify the authenticity, integrity and ensure anonymity of messages exchanged in the system. Moving vehicles or road side infrastructure are dynamically connected to nearby cloudlets, where security policies can be implemented to sanitize or stop fake messages and prevent rogue vehicles to exchange messages with other vehicles. We also present a formal attribute-based model for V2V and V2I communication, called AB-ITS, along with proof of concept implementation of the proposed solution in AWS IoT platform. This cloudlet supported architecture complements direct V2V or V2I communication, and serves important use cases such as accident or ice-threat warning and other safety applications. Performance metrics of our proposed architecture are also discussed and compared with existing ITS technologies.

Maanak Gupta, James Benson, Farhan Patwa et al.

Future smart cities and intelligent world will have connected vehicles and smart cars as its indispensable and most essential components. The communication and interaction among such connected entities in this vehicular internet of things (IoT) domain, which also involves smart traffic infrastructure, road-side sensors, restaurant with beacons, autonomous emergency vehicles, etc., offer innumerable real-time user applications and provide safer and pleasant driving experience to consumers. Having more than 100 million lines of code and hundreds of sensors, these connected vehicles (CVs) expose a large attack surface, which can be remotely compromised and exploited by malicious attackers. Security and privacy are serious concerns that impede the adoption of smart connected cars, which if not properly addressed will have grave implications with risk to human life and limb. In this research, we present a formalized dynamic groups and attribute-based access control (ABAC) model (referred as \cvac) for smart cars ecosystem, where the proposed model not only considers system wide attributes-based security policies but also takes into account the individual user privacy preferences for allowing or denying service notifications, alerts and operations to on-board resources. Further, we introduce a novel notion of groups in vehicular IoT, which are dynamically assigned to moving entities like connected cars, based on their current GPS coordinates, speed or other attributes, to ensure relevance of location and time sensitive notification services to the consumers, to provide administrative benefits to manage large numbers of smart entities, and to enable attributes and alerts inheritance for fine-grained security authorization policies. We present proof of concept implementation of our model in AWS cloud platform demonstrating real-world uses cases along with performance metrics.