1341023
Dr Gowri Ramachandran
Faculty of Science,
School of Information Systems
Biography
Dr. Gowri Sankar Ramachandran is a cybersecurity researcher whose work tackles security vulnerabilities in open-source software, web infrastructure, and distributed systems. A Senior Lecturer at Queensland University of Technology (QUT), Gowri combines research with impactful real-world applications to make software and distributed digital systems secure, resilient, and trustworthy.Research Statement: Dr. Gowri Sankar Ramachandran combines deep systems expertise with cybersecurity research to build resilient software and information systems. His work spans GRC, runtime threat detection, open-source software risk analysis, and web security, delivering impactful tools and insights.
Notable Cybersecurity Contributions
- Hijackable Hyperlinks: A Web-Scale Threat Gowri co-authored the first large-scale study exposing how developer linking errors lead to millions of hijackable domains, creating a new class of web security vulnerabilities. The research revealed over 570,000 phantom dot-com domains, demonstrating how seemingly small mistakes in hyperlinking expose users to credential theft, malware, and spoofing. IBM featured an article on this work here. [Research Paper]
- Software Supply Chain Security: Detection of Open-source Malicious Packages Gowri has developed a tool, FUSE, that monitors the run-time behaviour of any software using eBPF. FUSE detects run-time inconsistencies of software. This tool was repurposed to detect malicious Python packages by analysing runtime behaviour through eBPF kernel traces and machine learning. This approach successfully led to the removal of harmful packages from PyPI, setting a new benchmark in supply chain security for open-source ecosystems. [Research Paper on FUSE] [Research Paper on Malicious Package Removal]
- Selective Jamming of wireless transmission for LoRaWAN: Co-authored one of the first real-world demonstrations of selective jamming attacks on LoRaWAN, a low-power wide-area networking technology widely used in IoT deployments. This work earned the Best Paper Award at EAI Mobiquitous 2017, bringing attention to emerging vulnerabilities in IoT communication protocols. [Research Paper]
- Software Supply Chain Security: Metadata-Based Risk Analysis for Open-Source Software In another line of ongoing research work, Gowri has been developing a lightweight, metadata-based scoring framework for evaluating software package trustworthiness, which is an alternative to the OpenSSF Scorecard that is harder for adversaries to game. The early results are promising, with a publication coming soon.
- Cyber Risk Modelling with Generative AI He is currently exploring the use of Generative AI for cyber risk assessments, evaluating how LLMs can help quantify and communicate cyber risks. This includes identifying limitations, risks, and potential misuse of GenAI in Governance, Risk, and Compliance (GRC) settings.
- Best Paper Award, ACM CBSE (2016) – Middleware for dependable IoT systems (First Author)
- Best Paper Award, Mobiquitous (2017) – Selective jamming of LoRaWAN (First real-world attack study)
- Honorary Certificate, IEEE Communications Society – For LoRa-based deployment in DR Congo
- 2nd Prize, ChainPort Supply Chain Hackathon – Blockchain-secured port data exchange
- Best Paper, BigMM (2019) – Edge learning for privacy-preserving smart city analytics
- Open-Source Software and Supply Chain Security: PyPI, npm, and ecosystem-level supply chain threats
- Runtime Threat Detection: eBPF-based analysis of malicious and anomalous software behaviour
- Cyber Risk Quantification: From metadata inconsistencies to AI-driven scoring models
- Trusted Web Infrastructure: Researching web vulnerabilities
- GRC & Education: Tools and games for risk awareness and decision-making in cybersecurity
- Joint research projects
- Advisory roles in cybersecurity strategy
- Custom training workshops and guest lectures
- Co-development of open-source tools and frameworks
Education, Experience & Collaborations
- Postdoctoral Researcher, University of Southern California (USC, USA), Autonomous Networks Research Group (ANRG) & Centre for Cyber-Physical Systems (CCI) under Prof. Bhaskar Krishnamachari
- PhD, KU Leuven, Belgium, imec-DistriNet Lab, Research on self-configuring middleware with energy-efficiency and dependability for IoT under Prof. Danny Hughes
- A long-standing research collaborator, the University of São Paulo (USP), Brazil. Joint research on network, security, and distributed systems, including human-in-the-loop decision-making algorithms for multi-stakeholder cyber-physical systems with Prof. Jo Ueyama
- Industry & Government Partners: Successful collaborations with CSIRO and multiple public agencies, including the City of Los Angeles and the Los Angeles County Sheriff's Department
Personal details
Positions
- Senior Lecturer in Information Systems
Faculty of Science,
School of Information Systems
Keywords
Cybersecurity, Data Security and Privacy, GRC, Blockchain, Internet of Things
Research field
Cybersecurity and privacy, Distributed computing and systems software
Field of Research code, Australian and New Zealand Standard Research Classification (ANZSRC), 2020
Qualifications
- Doctor of Engineering Science (PhD) in Computer Science (Katholieke Universiteit Te Leuven)
Professional memberships and associations
Teaching
- IFN635 Cyber Security and Governance: This unit provides a comprehensive introduction to cybersecurity and governance frameworks, encompassing security practices across people, processes, and technology. Topics include threat assessment, risk management, incident response, security compliance, awareness initiatives, and cloud security.
- IFB105 Database Management: This is an introductory unit on database addressing the core concepts, requirements and practices of databases.
- IFN712 Research in IT Practice: This unit takes a practice-based approach to understanding what research is, how to conduct research, and why it is important.
- IFN649 Advanced Networks: This unit is designed for graduate students in the Master of IT program. Students will learn the theory, architecture, hardware/software, and programming of networks, including network services and Internet (IoT), as well as the security, trust, and privacy considerations in these networks.
- IFN711 Industry Project: This unit teaches graduate students in the Master's in IT program to conduct a well-defined project with specific outcomes. I contribute to this unit by proposing and supervising research projects.
- EGH400-1 and EGH400-2: This unit enables students to identify engineering challenges and undertake comprehensive, independent projects to address them using a rigorous research and investigation framework. I contribute to this unit by proposing and supervising research projects.
Publications
- Mehedi, S., Islam, C., Ramachandran, G. & Jurdak, R. (2026). DySec: A Machine Learning-based Dynamic Analysis for Detecting Malicious Packages in PyPI Ecosystem. IEEE Transactions on Information Forensics and Security, 21, 1316–1331. https://eprints.qut.edu.au/262864
- Heo, J., Ramachandran, G., Dorri, A. & Jurdak, R. (2024). Blockchain Data Storage Optimisations : A Comprehensive Survey. ACM Computing Surveys, 56(7), 1–27. https://eprints.qut.edu.au/246110
- Saric, K., Savins, F., Ramachandran, G., Jurdak, R. & Nepal, S. (2024). Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains. WWW '24: Proceedings of the ACM on Web Conference 2024. https://eprints.qut.edu.au/245862
- Halder, S., Bewong, M., Mahboubi, A., Jiang, Y., Islam, M., Islam, M., Ip, R., Ahmed, M., Ramachandran, G. & Babar, M. (2024). Malicious Package Detection using Metadata Information. WWW '24: Proceedings of the ACM on Web Conference 2024, 1779–1789. https://eprints.qut.edu.au/248577
- de Miranda, L., Dutra Garcia, R., Ramachandran, G., Ueyama, J. & Guerrini, F. (2024). Blockchain in inter-organizational collaboration: a privacy-preserving voting system for collective decision-making. Journal of Information Security and Applications, 85. https://eprints.qut.edu.au/250712
- Ramachandran, G., Tran, T. & Jurdak, R. (2023). DeWS: Decentralized and Byzantine Fault-tolerant Web Services. Proceedings of the 5th IEEE International Conference on Blockchain and Cryptocurrency (ICBC), 1–9. https://eprints.qut.edu.au/238285
- Ramachandran, G., McDonald, L. & Jurdak, R. (2023). FUSE: Fault Diagnosis and Suppression with eBPF for Microservices. Service-Oriented Computing: 21st International Conference, ICSOC 2023, Rome, Italy, November 28 - December 1, 2023, Proceedings, Part I, 243–257. https://eprints.qut.edu.au/243145
- Heo, J., Ramachandran, G., Dorri, A. & Jurdak, R. (2022). Blockchain Storage Optimisation with Multi-Level Distributed Caching. IEEE Transactions on Network and Service Management, 19(4), 3724–3736. https://eprints.qut.edu.au/236441
- Garcia, R., Ramachandran, G., Jurdak, R. & Ueyama, J. (2022). Blockchain-aided and Privacy-preserving Data Governance in Multi-stakeholder Applications. IEEE Transactions on Network and Service Management, 19(4), 3781–3793. https://eprints.qut.edu.au/235902
- Ramachandran, G., Wright, K., Zheng, L., Navaney, P., Naveed, M., Krishnamachari, B. & Dhaliwal, J. (2019). Trinity: A byzantine fault-tolerant distributed publish-subscribe system with immutable blockchain-based persistence. Proceedings of the 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), 227–235. https://eprints.qut.edu.au/209247
QUT ePrints
For more publications by Gowri, explore their research in QUT ePrints (our digital repository).
Filter publications:
A complete list of publications is available at: https://www.qut.edu.au/about/our-people/academic-profiles/g.ramachandran
Awards
- Type
- Academic Honours, Prestigious Awards or Prizes
- Reference year
- 2016
- Details
- Honorary Certificate of Appreciation from IEEE Communications Society for LoRa Congo: low power, long-range monitoring technology for development projects in Congo, December 2016.
- Type
- Academic Honours, Prestigious Awards or Prizes
- Reference year
- 2021
- Details
- Best Paper Award for "Building dynamic and dependable component-based internet-of-things applications with dawn.", Gowri Sankar Ramachandran, Nelson Matthys, Wilfried Daniels, Wouter Joosen, and Danny Hughes. In 2016 19th International ACM SIGSOFT Symposium on Component-Based Software Engineering (CBSE), pp. 97-106. IEEE, 2016.
- Type
- Academic Honours, Prestigious Awards or Prizes
- Reference year
- 2019
- Details
- Best Student Paper Award for "A Crowd-Based Image Learning Framework using Edge Computing for Smart City Applications," G. Constantinou, G. Sankar Ramachandran, A. Alfarrarjeh, S. H. Kim, B. Krishnamachari and C. Shahabi, 2019 IEEE Fifth International Conference on Multimedia Big Data (BigMM), 2019, pp. 11-20, doi: 10.1109/BigMM.2019.00-47.
- Type
- Academic Honours, Prestigious Awards or Prizes
- Reference year
- 2017
- Details
- Best Paper Award for "Developing the IoT to support the health sector: A case study from kikwit, DR congo.", Lawrence, Piers W., Trisha M. Phippard, Gowri Sankar Ramachandran, and Danny Hughes. In International Conference on Emerging Technologies for Developing Countries, pp. 45-56. Springer, Cham, 2017.
- Type
- Academic Honours, Prestigious Awards or Prizes
- Reference year
- 2017
- Details
- Best Paper Award for "Selective Jamming of LoRaWAN using Commodity Hardware", Emekcan Aras, Nicolas Small, Gowri Sankar Ramachandran, Stéphane Delbruel, Wouter Joosen, and Danny Hughes. 2017. . In Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous 2017). Association for Computing Machinery, New York, NY, USA, 363-372. DOI:https://doi.org/10.1145/3144457.3144478
Selected research projects
- Title
- Smart Intersection Control for Enhanced Road Safety of Vulnerable Pedestrians
- Primary fund type
- CAT 1 - Australian Competitive Grant
- Project ID
- NRSAGP-TI1-A88
- Start year
- 2025
- Keywords
- NRSAGP
Projects listed above are funded by Australian Competitive Grants. Projects funded from other sources are not listed due to confidentiality agreements.
Supervision
Looking for a postgraduate research supervisor?
I am currently accepting research students for Honours, Masters and PhD study.
- Strengthening security for cloud computing applications
- Cybersecurity for open-source software using machine learning and AI
- Security analysis of open-source software
You can browse existing student topics offered by QUT or propose your own topic.
Current supervisions
- Privacy, Utility, and Engagement Interactions in Sustainable Mobility Behaviour Change
PhD, Principal Supervisor
Other supervisors: Dr Kenan Degirmenci, Professor Alexander Paz - Securing Software Supply Chains: A Learning-based Approach
PhD, Associate Supervisor
Other supervisors: Professor Raja Jurdak
Completed supervisions (Doctorate)
Completed supervisions (Masters by Research)
The supervisions listed above are only a selection.