Research Portal
22 papers · 1 peer-reviewed · 21 ready
Research Portfolio

Harshavardhan Malla

Independent Researcher · Security & Machine Learning

I build reproducible, adversarially-tested systems at the intersection of vulnerability management, machine learning, and verifiable security. Every paper below ships with its full source, data-generation code, and frozen result tables, so every reported number can be regenerated from a fixed seed.

Vulnerability PrioritizationTamper-Evident SystemsML for SecurityCyber-HygieneCritical Infrastructure
22papers
1peer-reviewed
5research series
Connect on LinkedIn Source & data Browse the papers below
Research Portfolio

Research Papers

22 papers · 5 research series · 1 peer-reviewed

Submission pipeline

Vulnerability Prioritization

02

EPSS-based exploit scoring & calibration

P1
IEEE

Auditable Autonomy

Tamper-evident, signed-checkpoint provenance for automated remediation decisions

Repo name
P2
IEEE

CalibGate

Failure-aware public-feed gate for vulnerability prioritization under sparse exploit labels

Repo name

Hygiene-Augmented Prioritization

07

Cyber-hygiene signals layered on EPSS scoring

P3
IEEE

HygBench

Reproducible synthetic benchmark for cyber-hygiene anomaly detection

Repo name
P4
IEEE TNSM

HygienePrio

Integrating patch posture, AD exposure & telemetry freshness into exploit-weighted scoring

Repo name
P5
IEEE TNSM

HygieneTempo

EPSS-only decays, hygiene signals persist: a six-window pre-registered evaluation

Repo name
P6
IEEE TNSM

CapDecay

Two-dimensional (K, λ) sweep characterising the regime-dependence of EPSS-only ranking

Repo name
P7
IEEE TNSM

RollCal

Deployable lag-1 substitute for the offline-peek H3 ceiling: works at K≤100, harms at K=200

Repo name
P8
IEEE TNSM

SmoothTest

EWMA-3 and trail-3 amplify Paper 7's K=200 hazard rather than fixing it; naive smoothing prior falsified

Repo name
P9
IEEE TNSM

SelfTraj

Paper 6's K=200 collapse re-attributed to closed-loop selection coupling + Closed-Loop Signal Exhaustion Theorem

Repo name

Synthesis

01

Integrated self-healing framework

P10
IEEE TNSM

AutoHeal

Six-stage closed-loop pipeline integrating Papers 3 to 9 with pre-registered safety bounds: H1 ✓ / H2 ✗ / H3 N/A / H4 ✗

Repo name

Government & Practitioner

09

Applied security frameworks for the public sector

P11
Gov / Practitioner

CAP-G

Asset criticality + network zone + data sensitivity layered on HygienePrio: +9.5pp mission precision at triage, H1 partial / H2 ✓ / H3 ✓ / H4 ✓

Repo name
P12
Gov / Practitioner

ComplianceCeiling

Continuous monitoring cuts drift detection on automatable controls from 272 days to 1, but the un-automatable remainder caps overall reduction at the automatable share. H1-H4 all supported.

Repo name
P13
Gov / Practitioner

PolicyGate

Preventive guardrails cut CJI exposure 70% over detection, growing to 81% as violations recur, while the false-block cost stays fixed. H1-H4 all supported.

Repo name
P14
Gov / Practitioner

PTI

At disclosure time, asset criticality drives mission precision (+6.5pp) while the immature day-0 EPSS adds almost nothing. H1-H4 all supported.

Repo name
P15
Gov / Practitioner

FusionView

Fusing a real-time and a scheduled endpoint feed lifts vuln recall 0.75 to 0.87; the gain is exactly the scheduled-only fresh coverage, bounded by the blind-spot floor. H1-H4 all supported.

Repo name
P16
Gov / Practitioner

HygieneAD

Joint detection beats per-feature rules by +0.61 AP on cross-channel anomalies but loses on single-channel ones; Isolation Forest fails where Mahalanobis wins. H1-H4 all supported.

Repo name
P17
Gov / Practitioner

RingGuard

A four-ring rollout cuts a faulty enforcement script's blast radius 95% at a fixed soak cost; containment scales with canary observability, with diminishing returns to finer staging. H1-H4 supported.

Repo name
P18
Gov / Practitioner

DrillGap

Annual DR drills overstate real recovery confidence by 31 points (0.69 true vs ~1.0 at drill); continuous chaos lifts it to 0.95, bounded by coverage. H1-H4 all supported.

Repo name
P19
Gov / Practitioner

ReconGuard

Continuous reconciliation cuts CMDB error 78%; ghost (security) and phantom (cost) errors trade off via retirement aggressiveness, bounded by a matching-precision floor. H1-H4 all supported.

Repo name

Critical-Infrastructure Frameworks

03

AI-native frameworks; one peer-reviewed (JENRS)

P20
Critical Infra

EnsemblePrio

RF+XGBoost stacked ensemble fusing CVE metadata, CISA KEV threat intelligence, and OT/ICS environmental telemetry achieves Precision@50 = 0.94, 70% MTTR reduction, and AUC-ROC = 0.91 on independent EPSS validation. SHAP confirms exploit availability and asset criticality dominate prioritization. Target: Expert Systems with Applications (ESWA), Elsevier Q1.

Repo name
P21
JENRS

AI Endpoint Compliance

Published in JENRS 3(1), 2024. Hybrid rule + XGBoost compliance detection, automated SCCM/PowerShell remediation, and predictive disaster recovery: 92% compliance accuracy, 40% faster patching, 70% lower DR delay across 10,000 endpoints.

Repo name
P22
ESWA

ENSES

A glass-box neuro-symbolic expert system (knowledge graph + RAG embeddings + additive inference engine) for cyber-risk prioritization. On real public EPSS/KEV data (203,174 CVEs) over a smart-city/IIoT/healthcare estate with differential privacy, it reaches harm-weighted Precision@100 0.871 vs 0.208 for EPSS-only (+0.663) and exceeds a black-box XGBoost ensemble (0.857; +0.014, BCa CI excludes 0) at ~5x lower latency while staying fully explainable. 3/3 hypotheses supported; ablations confirm every tier.

Repo name