Skip to Main Content

George Karabatis

George Karabatis

Associate Professor, Information Systems
Associate Chair for Academic Affairs

George Karabatis is an Associate Professor of Information Systems and Associate Chair for Academic Affairs in the Department of Information Systems. He has been at UMBC for over 10 years and he teaches undergraduate and graduate courses in semantic data integration, data management, data communications and networking, database applications, and mobile applications.

He is one of the founding members of DINAMIC, a research group of IS faculty and students who pursue research on intrusion detection, application of semantics and context for the discovery of cyber-attacks, analytics for Cybersecurity, systems and information integration, privacy preservation, data mining, software vulnerabilities, and several other aspects of intelligent information discovery in various application domains. Currently, his personal research focuses on applying semantic and contextual methods to improve intrusion detection systems by discovering cyber-attacks, including 0-day attacks.

Before joining UMBC, he was a Research Scientist at Telcordia Technologies (formerly Bell Communications Research – Bellcore) working on database research for the telecom industry. For his contributions he received the Telcordia Award, and Bellcore CEO Award. He combines his industrial experience in both the classroom and in the academic research, focusing on practical, yet, exciting research projects. Currently he serves as the Entrepreneurship Faculty Fellow for the College of Engineering and Information Technology.

His research work has been published in peer-reviewed journals, conference proceedings and book chapters. He has been funded by NSF, USGS, MD Board of Elections, Northrop-Grumman and IGSR. He holds a Ph.D. in Computer Science from the University of Houston.

Research Projects
  • Cyber-attack detection using contextual semantics
    This project attempts to predict cyber-attacks using semantics and context. Semantic information about related attacks is used to infer all possible suspicious network activities from connections between hosts. The relevant attacks generated by semantic techniques are forwarded to context filters that use attack context profiles and host contexts to filter out irrelevant attacks.
  • Discovery of 0-day attacks, through semantics and anomaly detection
    This research project takes a contextual misuse approach combined with an anomaly detection technique to detect unknown (0-day) cyber-attacks. The contextual misuse detection utilizes attack context profiles, and the anomaly detection technique identifies new types of attacks using algorithms such as the One Class Nearest Neighbor (1-NN).

Office: ITE 404K
Phone: 410-455-3940