Ahmed Khan

Applied ML Security Researcher

First author of two accepted IEEE AIIoT 2026 papers on endpoint detection and command-line threat classification.
Research artifact: Genos — open-source command-intelligence system for deobfuscation, MITRE attribution, and analyst-facing evidence.
Current work: structure-aware modeling of shell commands for adversary behavior detection.

View Publications View Research Artifact

About Me

I am an applied ML security researcher focused on command-line threat detection, endpoint telemetry, and adversary behavior modeling. My work began with real-time Windows security event monitoring and evolved into ML-based command classification, deobfuscation, and ATT&CK technique mapping.

I am particularly interested in how shell structure — pipes, redirects, flags, arguments, encodings, and execution chains — can be represented more effectively in security ML models.

📧 ahmadpsn95@gmail.com

📱 (672) 337-7595

📍 Toronto, ON

Publications

IEEE World AI IoT Congress (AIIoT), Seattle, USA — May 2026

[1]

Open-Source Next Gen Endpoint Detection & Response

Ahmed Khan · First Author · IEEE AIIoT 2026 · Seattle

Kernel-driverless Ring 3 EDR research system using LoRA-fine-tuned RoBERTa for 4-class detection of selected MITRE ATT&CK behaviors.
99.5% accuracy across a 1,200-case adversarial stress suite with dynamic fuzzing and repeated scenario variation.
Identified and mitigated catastrophic forgetting through corpus structural hardening and targeted removal of poisoned benign/malicious overlap.

PDF — coming soon Code BibTeX — coming soon

[2]

A Two-Stage Transformer-Based Framework for Command-Line Classification and MITRE ATT&CK Technique Mapping

Ahmed Khan · First Author · IEEE AIIoT 2026 · Seattle

Cascaded CodeBERT architecture for command-line classification and MITRE ATT&CK technique mapping across 141 technique classes.
Tier 1 AUC 0.9999 / F1 99.96% and Tier 2 95.53% Top-1 / 97.94% Top-3 accuracy on the evaluated command corpus.
Recursive de-obfuscation module for Base64, PowerShell [char] construction, and nested encoding up to depth 5 before tokenization.

PDF — coming soon Code BibTeX — coming soon

Research

↳ System artifact from the IEEE AIIoT 2026 work

Genos

Open-Source Command Intelligence Research Artifact

2024 – Present

Built an applied ML security pipeline that classifies raw command-line activity into verdicts, confidence scores, MITRE ATT&CK technique candidates, and analyst-oriented explanations.
Implemented a two-tier inference design: a fast gatekeeper model routes suspicious/context-dependent inputs into a specialist classifier for technique attribution.
Engineered recursive de-obfuscation and parsing features for encoded payloads, PowerShell constructs, shell chains, registry operations, file paths, URLs, IPs, and execution markers.
Designed benchmark and evaluation workflows covering top-k accuracy, latency, class-level behavior, adversarial perturbations, and reproducibility of security ML claims.
Designed as an open-source research artifact: public code, evaluation scripts, model cards, and reproducibility notes supporting independent verification of results.

View the repo on GitHub View Whitepaper

Experience

Security Analyst

Verto Solutions

08/2025 – Present Toronto, ON

Led OSINT and vulnerability research workflows for projects including ReconNet, integrating Python tooling with penetration testing to identify and remediate 15+ systemic vulnerabilities before production.
Developed threat models and response strategies aligned to attacker behavior, improving detection coverage and analyst triage for emerging security issues.
Reviewed C++ and Python codebases with R&D teams, identifying security gaps and strengthening secure development practices across the SDLC.

Systems Administrator

The Home Team

01/2018 – 09/2024 Dubai, U.A.E.

Secured enterprise infrastructure across Active Directory, Windows Server, IIS, VPN, and network perimeter environments over a 6-year tenure.
Hardened Windows infrastructure by configuring 50+ Group Policy Objects to mitigate privilege escalation, access control, and administrative exposure risks.
Architected Cisco firewall policies and IIS request-filtering controls, improving perimeter defense and maintaining secure web-service availability.

Education

🎓

M.Sc. Cybersecurity

NYIT Vancouver

Vancouver, BC | 2023-2025

Domestic Scholarship

🎓

M.Sc. Computer Science

University of Birmingham

Dubai, U.A.E. | 2020-2021

Merits Chancellors Scholarship

🎓

Bachelor of Business Administration

Heriot Watt University

Dubai, U.A.E. | 2018-2020

Technical Skills

Applied ML for Security

Transformer Fine-Tuning LoRA / PEFT CodeBERT RoBERTa Adversarial Evaluation Reproducible Benchmarking

ML Engineering

PyTorch Hugging Face Transformers Evaluation Harnesses Reproducibility Documentation

Threat Research

MITRE ATT&CK MITRE ATLAS Command-Line Analysis Windows Telemetry Endpoint Detection

Offensive Security

Burp Suite Nmap OWASP Top 10 Privilege Escalation

Engineering

Python C++ PowerShell Bash Docker

Certifications & Training

🎯

OSCP

OffSec Certified Professional

Scheduled June 9, 2026

🤖

OSAI

OffSec AI Offensive Security Track

Planned 2026

Get in Touch

Open to discussing research directions, collaboration on endpoint security and ML-based threat detection, or PhD program inquiries.

📧

Email

ahmadpsn95@gmail.com

📱

Phone

(672) 337-7595

📍

Location

Toronto, ON