International Business Times
23-06-2025
- Business
- International Business Times
U.S.-Based Researcher Sandhya Guduru Uses AI to Catch Invisible Hackers
Headlines about cyberattacks on large corporations are common. As the technology advances, so do these attacks, becoming quieter and more advanced. In fractions of seconds, large and complicated databases are hacked despite maximum layered protection applied to them. Advanced cyberthreats need even more advanced security solutions. According to Sandhya Guduru, AI-enhanced security of databases and networks is the imminent need of the hour.
Sandhya Guduru, a cybersecurity researcher and software engineer based in the United States, is working at the intersection of artificial intelligence and network forensics to help organizations detect threats they never see coming. With global cybercrime damages projected to reach $10.5 trillion annually by 2025 and AI-based cybersecurity solutions expected to grow at a compound annual rate of over 23% (MarketsandMarkets), Guduru's work is well timed. Her focus is on improving the detection of covert C2 traffic using AI models that think the way human investigators would. She is developing systems that make security smarter, not just faster.
Detecting malicious signals within noisy network traffic is one of cybersecurity's enduring puzzles. In particular, command-and-control (C2) beaconing the periodic communication between compromised machines and an attacker's server is often designed to avoid triggering traditional security alarms. These transmissions may look like normal traffic at first glance, slipping past signature-based tools and rule-driven systems that rely on matching known behaviour.
The urgency to rethink these methods has grown. As attackers use encrypted traffic, proxy networks, or random intervals, defenders are left with tools that were never meant to catch what they can no longer predict. That's where Guduru's work with Graph Convolutional Networks (GCNs) enters the picture.
At the center of Guduru's recent research is Zeek, an open-source network monitoring framework known for its comprehensive logging of network activity. Instead of analyzing each log entry in isolation, Guduru's approach involves restructuring these logs into graph models, where devices become nodes and their interactions form the connecting edges. This structure allows AI to look for abnormal relationships and centralities indicators that a particular device might be serving as a secret communications hub.
Guduru informs that "the technology at play here is GCNs, which excel at uncovering patterns in graph data. They're really good at spotting hidden patterns in how devices talk to each other on a network. It's not just about finding something that looks strange it's about understanding how that strange thing connects to everything else. That's where real threats can hide."
By applying graph centrality metrics like degree and betweenness, her system can spot devices that are acting suspiciously connecting in odd patterns, at odd times, or with unusual frequency. That gives analysts a new layer of insight beyond just packet inspection.
While AI-powered analytics can be powerful, they're often built in silos. One of Guduru's key innovations is embedding her detection models directly into Splunk Enterprise Security (ES), a widely used security information and event management (SIEM) platform. This integration allows analysts to access AI-derived insights within the workflows they already use reducing the burden of adopting new tools and improving operational response time.
Guduru has not limited her knowledge and experience to a single solution. She has used her knack for research in finding more advanced solutions. In another paper, she combines GCN-based detection with other advanced methods: Sigma rules, Elastic's Event Query Language (EQL), and the MITRE Cyber Analytics Repository (CAR). This blend of approaches helps detect threats with greater precision and understand their context. Instead of raising false alarms, her system focuses on the signals that truly matter helping security teams act faster and with more confidence.
Guduru's practical background in cloud and DevSecOps has shaped her research with an eye toward automation. She has engineered serverless response systems using AWS Lambda and Azure Functions that take automated action when suspicious activity is detected quarantining hosts, alerting teams, and logging incidents for later review.
This kind of real-time, intelligent response is what cybersecurity teams have long aimed for, especially as they face alert fatigue from thousands of false alarms each day. Guduru's work doesn't just promise better detection it reduces the time between finding a problem and acting on it.
Sandhya Guduru's work connects academic insight with practical use, bringing AI research directly into the hands of cybersecurity teams. Her models don't just flag threats they help explain how attacks unfold, giving defenders a better understanding of the situation and helping them respond faster and more effectively.
As cyber threats grow more complex, her research offers a way to cut through the noise and focus on what truly matters. By turning complex traffic patterns into clear signals, Guduru is helping teams track, interpret, and respond to hidden threats with more confidence and precision.
.
