Conducted by Technology & Security Desk
Shaikat Biswas is a cybersecurity expert and researcher with a Master of Science in Computer Science with a concentration in Cybersecurity from Troy University. His research applies artificial intelligence and graph-based machine learning techniques to real-time defense of cloud, enterprise, Internet of Things, and critical infrastructure systems. His publication record consists of 9 peer-reviewed papers, 260 citations, 7 h-indexes, and 7 i10 indexes, of which approximately 97% of the analyzed citations are independent, including a 2025 single-author paper on real-time threat detection that won the Best Paper Presentation Award. He serves as a reviewer for several academic journals and is a member of the IEEE. The following is an edited transcript of the conversation, condensed for length and clarity.
Background and research records
Q. You are an expert in applying artificial intelligence to cyber defense and have published numerous studies. How do you approach your work?
A. I try to start with the reality of the defender rather than the elegance of the method. Models that detect intrusions in controlled experiments have limited value if they cannot operate in live systems where the amount of normal activity is enormous and decisions must be made within fractions of a second.
So the first question I ask about any system I design is whether the people responsible for that network will actually rely on that network during an incident. If the answer is no, then I have made a suggestion, not a defense. This criterion determines how I prioritize my research.
Q. Your 2025 single-author paper on real-time threat detection won the Best Paper Award and is rapidly being cited. What does that mean?
A. While this is an encouraging signal, I would be wary of relying too much on any one result. Single-authored papers involve complete personal responsibility, which I think is appropriate for basic research.
What I value more than awards is the independence of the citations. Across my research, approximately 97 percent of the cited research comes from researchers with whom I have no co-authorship. This pattern is the most reliable evidence I have that the method is actually helpful to others, not just visually.
Q. You report an h-index of 7 and an i10-index of 7 for 9 publications. Which metrics do you find most useful?
A. The distribution of influence is larger than a single number. An h-index of 7 indicates that citations are spread across papers rather than being concentrated in one paper, which I read to be a healthier sign of continued relevance.
My most cited research is on graph neural networks for modeling attack patterns in critical infrastructure, and although it addresses a different problem than my threat detection research, the two reinforce each other. I’d rather have multiple publications that each find a real audience than one result that the rest of my portfolio doesn’t support.
research program
Q. Your work spans real-time threat detection, graph neural networks for critical infrastructure, connected device security, and quantum-resistant cryptography. What unites these areas?
A. The common thread is that modern systems are interconnected, and so are attacks against them. A weak point in a connected device can become an entry point into the corporate network. A breach of a company can reach the infrastructure behind it. Treating these as separate issues is part of the reason why defenses have been slow.
Threat detection identifies intrusions. Graph-based work predicts how attacks will propagate through interconnected systems. A device security review closes down the most common entry points. And encryption work prepares these systems for a future where today’s encryption will no longer work. The four areas describe a problem from four different perspectives.
Q. Could you please explain your research on graph neural networks in an easy-to-understand manner?
A. Critical infrastructure is not a single machine. It is a network of interdependent components: power grids, water systems, transportation networks. Its structure is naturally represented as a graph, meaning a set of nodes and connections between them.
A graph neural network is a model built to infer its structure. By considering how they are connected, rather than examining each component individually, you can predict the paths an attacker might take and identify where your system is most at risk before weaknesses can be exploited. The goal is to move the defense from reacting to attacks to anticipating attacks.
Q. Why are traditional defenses unable to combat today’s threats?
A. Because while threats are evolving, many defensive postures are not. Many systems still rely on recognizing known signatures of past attacks, leaving them inadequately protected against new or adaptive intrusions, as well as attacks that use artificial intelligence.
The scale is quite large. In 2024 alone, cybercrime losses reported in the United States will reach record numbers in the tens of billions of dollars, with thousands of organizations classified as critical infrastructure being affected. That’s the environment my job was intended for, and it’s not an ideal environment.
Q. When faced with a difficult research problem, how do you actually approach solving it?
A. I start by resisting the temptation to reach for technique right away. The most common mistake I see in others as well as myself is to choose a method first and then look for problems that fit it. So my first step is to precisely define the problem in the words of an advocate. In other words, what information do we have to make, what time and resource constraints do we have to make, what decisions do we have to make, and what are the real costs of getting it wrong?
Only when that’s clear do I consider methods, preferring the simplest approach that’s likely to work before branching out into more complex methods. A modest model that operators understand and trust is usually more valuable than an elaborate model that no one is willing to run. Then test your idea against conditions that are most likely to fail, rather than conditions that are most likely to succeed. Because the defense is only proven by a case that is not properly handled. Our graph-based approach to critical infrastructure grew directly out of that process. The problem of predicting how an attack would move within an interconnected system suggested a structure for solutions, rather than the other way around.
Artificial intelligence and reliability
Q. Your research relies heavily on artificial intelligence, but you are careful about how you use that term. why?
A. This is because when it comes to security, the system itself, which cannot be investigated or explained, is responsible. If a model flags an intrusion and an organization shuts down a service or isolates a network based on it, the decision must be operationally and potentially legally defensible.
Therefore, models need to be testable, resulting actions need to be traceable, and qualified people need to remain accountable within the process. The more difficult engineering problem is not being able to make the system work. The feature is now widely available. Our proven track record makes us reliable.
Q. What are the failure modes of greatest concern?
A. A security system that is clearly wrong and clearly not owned. An alerting tool that quietly misses an intrusion or bombards analysts with false alarms until they no longer pay attention can be more dangerous than no tool at all because people become dependent on it.
Therefore, I try to design for adverse conditions and not for demonstration. Incomplete data, unfamiliar attack patterns, and model uncertainty must be handled openly. A system that hides its own uncertainties is not a safeguard, but rather a danger.
Q. How does your research address the ultimate threat from quantum computing?
A. Much of the encryption that currently protects data could be broken by sufficiently powerful quantum computers in the future. Concerns lie not only in future moments, but also in the present. Sensitive data captured now may be stored and decrypted later.
My research on quantum-resistant cryptography combined with AI-driven security is part of preparing cloud and connected device systems before that transition arrives. The United States has recognized this as a national priority, and standards bodies are actively working on it. It’s better to be intentional and address it early than to be under pressure.
Strategy and outlook
Q. You position your work to work across multiple agencies rather than within a single organization. What’s the reasoning?
A. The value of this research lies in its ability to cross boundaries between academia, industry, and operators of critical systems. The same protection can be provided to cloud providers, hospital networks, and utilities. Limiting yourself to one organization narrows it down to that organization’s priorities.
I plan to collaborate with independent experts on quantum-proof cryptography and graph-based critical infrastructure research, and I intend to continue to publish openly so that the methods reach the field rather than a single company. I believe that the public interest of this work is best served by maintaining its breadth.
Q. How do you see your work in the next five years?
A. In the short term, I will concentrate on deepening my research through my PhD studies and promoting the collaborative research I have described, where the results will be published and tested against real-world conditions rather than laboratory conditions. From there, the goal is to strengthen the methodology, expand its scope of application, and contribute to broader efforts to protect the nation’s digital infrastructure.
My intention is not to be recognized for its own sake. Applying this expertise where it can reduce real harm in a field where the United States faces a severe shortage of researchers.
Q. Finally, how do you define success in your research?
A. The most effective security is the one that never goes unnoticed. Its success is largely invisible, as it prevents breaches that would otherwise have made the news if the defenses were working.
If the methods I developed can help organizations predict and withstand attacks that can cause real damage to public services, hospitals, and infrastructure, then this research will have fulfilled its purpose. This quiet, proactive outcome is the measure of success I value most.
Shaikat Biswas is a cybersecurity researcher with a master’s degree in computer science (cybersecurity) from Troy University. His research spans artificial intelligence-enhanced real-time threat detection, graph neural networks for critical infrastructure defense, blockchain and artificial intelligence security for the Internet of Things, and quantum-resistant cryptography. This is an example profile. The questions and answers are constructed for the purposes of this article and do not constitute a verbatim transcript of the published interview.
Email: ethan.soikot@gmail.com
