His contributions include writing security “content,” or algorithms and models that are designed to detect malicious behavior within a network. “If we catch a known malware signal from the network, then we can say, ‘You need to check out this machine,’” he says. “It’s all based on the network traffic. Data can be used mutually, so we figure out who is telling what to who and where.” After Nadji makes a discovery, he says that it is important that his client understands how he detected the anomalies and why he believes they are a threat. That level of transparency helps his clients make the appropriate decisions as to how to address his findings. “If I can explain why I came to a conclusion, then they are more likely to provide feedback and help me improve my model,” he says. “If I don’t, they can get frustrated. By giving them a peek inside my work, or if I am more accommodating, then they can help.” Attackers are always trying something new, and when Nadji finds a new technique or new malware, he first tries to determine if it is, in fact, unique. Usually it is a shift on an old technique, but it still needs specific attention. “If an individual wants to harm a network, they’ll try to make the attack look like common traffic to hide the attack,” he says. “Attackers are trying new things, and we have to figure out if it’s a fundamentally new trick or a twist on one that they already do.” Attackers are adopting new tools with artificial intelligence and large language models, which have become easier to use. However, these new tools have limited effectiveness. Nadji says that he has seen malware and attacks written by large language models, but they typically generate protocols based on old ones that are not too difficult to detect with current tools. But these new techniques can be replicated and modified more quickly with AI tools. And the
larger security concern with AI-enhanced attacks is that they target users to facilitate it. “Deep fakes, social engineering, and phishing scams are becoming more sophisticated with AI tools,” he says. “Images are being generated that look and sound exactly like someone else.” He continues, “These new tools make it easier to design attacks involving individuals by masquerading as other people. For example, we know the North Korean military has made attempts to infiltrate a network by using AI to trick a security company to hire them.” Nadji says that he discovered a passion for cybersecurity when he signed up for a research experience for undergraduate students at the University of California, Berkeley while he was enrolled at Illinois Tech. He spent the summer conducting web security research. “We were trying to trick a browser to execute a JavaScript that it shouldn’t,” he says. “It was an integrity experiment. We were building things, and then breaking them, which was fun.” The team he worked with that summer built a vulnerable web application for students to use to learn about XSS attacks. Nadji used that knowledge to write and publish his first research paper on robust methods to defend against XSS attacks. While his previous academic experience was in information retrieval, he soon saw how valuable cybersecurity was to that skill set—and how cybersecurity is needed everywhere. From web applications and mobile applications to deep learning and image classification, all technology tools need experts to help them become secure. “Every part of computer science has a security component. The next new big thing in tech is going to have to be secured. I’m never bored. There is always something to learn.”
“We were trying to trick a browser to execute a Java script that it shouldn’t. It was an integrity experiment. We were building things, and then breaking them, which was fun.” —Yacin Nadji (CS ’09)
College of Computing Magazine | 2026
9