Harshavardhan Malla
Independent Researcher · Security & Machine Learning
I build reproducible, adversarially-tested systems at the intersection of vulnerability management, machine learning, and verifiable security. Every paper below ships with its full source, data-generation code, and frozen result tables, so every reported number can be regenerated from a fixed seed.
Research Papers
22 papers · 5 research series · 1 peer-reviewed
Vulnerability Prioritization
02EPSS-based exploit scoring & calibration
Auditable Autonomy
Tamper-evident, signed-checkpoint provenance for automated remediation decisions
CalibGate
Failure-aware public-feed gate for vulnerability prioritization under sparse exploit labels
Hygiene-Augmented Prioritization
07Cyber-hygiene signals layered on EPSS scoring
HygBench
Reproducible synthetic benchmark for cyber-hygiene anomaly detection
HygienePrio
Integrating patch posture, AD exposure & telemetry freshness into exploit-weighted scoring
HygieneTempo
EPSS-only decays, hygiene signals persist: a six-window pre-registered evaluation
CapDecay
Two-dimensional (K, λ) sweep characterising the regime-dependence of EPSS-only ranking
RollCal
Deployable lag-1 substitute for the offline-peek H3 ceiling: works at K≤100, harms at K=200
SmoothTest
EWMA-3 and trail-3 amplify Paper 7's K=200 hazard rather than fixing it; naive smoothing prior falsified
SelfTraj
Paper 6's K=200 collapse re-attributed to closed-loop selection coupling + Closed-Loop Signal Exhaustion Theorem
Synthesis
01Integrated self-healing framework
AutoHeal
Six-stage closed-loop pipeline integrating Papers 3 to 9 with pre-registered safety bounds: H1 ✓ / H2 ✗ / H3 N/A / H4 ✗
Government & Practitioner
09Applied security frameworks for the public sector
CAP-G
Asset criticality + network zone + data sensitivity layered on HygienePrio: +9.5pp mission precision at triage, H1 partial / H2 ✓ / H3 ✓ / H4 ✓
ComplianceCeiling
Continuous monitoring cuts drift detection on automatable controls from 272 days to 1, but the un-automatable remainder caps overall reduction at the automatable share. H1-H4 all supported.
PolicyGate
Preventive guardrails cut CJI exposure 70% over detection, growing to 81% as violations recur, while the false-block cost stays fixed. H1-H4 all supported.
PTI
At disclosure time, asset criticality drives mission precision (+6.5pp) while the immature day-0 EPSS adds almost nothing. H1-H4 all supported.
FusionView
Fusing a real-time and a scheduled endpoint feed lifts vuln recall 0.75 to 0.87; the gain is exactly the scheduled-only fresh coverage, bounded by the blind-spot floor. H1-H4 all supported.
HygieneAD
Joint detection beats per-feature rules by +0.61 AP on cross-channel anomalies but loses on single-channel ones; Isolation Forest fails where Mahalanobis wins. H1-H4 all supported.
RingGuard
A four-ring rollout cuts a faulty enforcement script's blast radius 95% at a fixed soak cost; containment scales with canary observability, with diminishing returns to finer staging. H1-H4 supported.
DrillGap
Annual DR drills overstate real recovery confidence by 31 points (0.69 true vs ~1.0 at drill); continuous chaos lifts it to 0.95, bounded by coverage. H1-H4 all supported.
ReconGuard
Continuous reconciliation cuts CMDB error 78%; ghost (security) and phantom (cost) errors trade off via retirement aggressiveness, bounded by a matching-precision floor. H1-H4 all supported.
Critical-Infrastructure Frameworks
03AI-native frameworks; one peer-reviewed (JENRS)
EnsemblePrio
RF+XGBoost stacked ensemble fusing CVE metadata, CISA KEV threat intelligence, and OT/ICS environmental telemetry achieves Precision@50 = 0.94, 70% MTTR reduction, and AUC-ROC = 0.91 on independent EPSS validation. SHAP confirms exploit availability and asset criticality dominate prioritization. Target: Expert Systems with Applications (ESWA), Elsevier Q1.
AI Endpoint Compliance
Published in JENRS 3(1), 2024. Hybrid rule + XGBoost compliance detection, automated SCCM/PowerShell remediation, and predictive disaster recovery: 92% compliance accuracy, 40% faster patching, 70% lower DR delay across 10,000 endpoints.
ENSES
A glass-box neuro-symbolic expert system (knowledge graph + RAG embeddings + additive inference engine) for cyber-risk prioritization. On real public EPSS/KEV data (203,174 CVEs) over a smart-city/IIoT/healthcare estate with differential privacy, it reaches harm-weighted Precision@100 0.871 vs 0.208 for EPSS-only (+0.663) and exceeds a black-box XGBoost ensemble (0.857; +0.014, BCa CI excludes 0) at ~5x lower latency while staying fully explainable. 3/3 hypotheses supported; ablations confirm every tier.