Published on 04/30/2025
When cyber attackers strike, they often exploit known, but unpatched, vulnerabilities. For Muhammad Shaoib, a Ph.D. student at the University of Virginia, that’s not just a problem; it’s a challenge worth solving. At this year’s Commonwealth Cyber Initiative (CCI) Symposium, Muhammad’s research stood out among dozens of submissions from across Virginia, earning him the coveted Best Poster Award.
“I’m honored,” Muhammad said. “There were a lot of students with great work from top institutes. It means a great deal to have my research recognized on this scale.”
His winning poster focused on a system called Artemis, named after the Greek goddess of “the hunt”. True to its namesake, the system is designed to hunt down cyber threats by automating the detection of known software vulnerabilities, also known as “CVEs” (Common Vulnerabilities and Exposures).
“These vulnerabilities happen daily. They’re on the rise. Enterprises are overwhelmed,” Muhammad explained. “Even when a patch is available, it can take up to 90 days to be applied. That delay creates a huge risk.”
To counter this, Muhammad and his team developed Artemis to automatically generate detection signatures using open-source “proof-of-concept” code. This code, often shared by the security community, demonstrates how specific vulnerabilities can be exploited. By analyzing this code both statically and dynamically, Artemis creates detection signals that are more robust, and faster, than those manually written by experts.
“Our key insight was that these codes are already out there and very effective at reproducing vulnerabilities,” he said. “Why not use them to automate what’s usually a slow, manual, and error-prone process?”
The innovation didn’t stop there. By eliminating the need for human-written signatures, Artemis speeds up threat detection and reduces reliance on expert analysts, both are key benefits for organizations with limited cybersecurity resources.
Looking ahead, Muhammad is continuing his work in this area. His current research, which expands on Artemis, is under submission to a top-tier academic conference. Although he couldn’t share too much, he hinted at efforts to address “fundamental flaws in existing signature-based detection systems.”
When asked what advice he’d give to students aiming to present at next year’s CCI Symposium, Muhammad emphasized communication.
“You have to make your work accessible,” he said. “Not everyone at CCI comes from a technical background. Make sure your motivation is clear, your design is solid, and your results show real impact.”
Muhammad also praised the interdisciplinary nature of the symposium:
“It was great meeting people from different backgrounds. That’s what made it such a great experience.”
As cyber threats continue to evolve, it’s clear that the future of defense lies in innovation, and passionate researchers like Muhammad are leading the charge.
