Nanda Rani

Biography

Nanda Rani is a Prime Minister's Research Fellow (PMRF) and Ph.D. candidate at the Indian Institute of Technology Kanpur, working under the supervision of Prof. Sandeep Kumar Shukla. Her doctoral research primarily focuses on Advanced Persistent Threat (APT) Attribution. She also has a strong interest in related domains, including Cyber Threat Intelligence, the intersection of LLM and Cybersecurity, APT Analysis, Intrusion Detection Systems, Industrial Control System Security, and Malware Analysis. As part of her doctoral work, she collaborated with Prof. Davide Balzarotti during a research visit to the Digital Security Department at the Eurecom Institute, France.

Prior to her Ph.D., she completed her Master’s in Computer Science & Engineering (Cybersecurity) from the Defence Institute of Advanced Technology (DIAT), Pune, under the guidance of Dr. Sunita Vikrant Dhavale. She also gained industry experience as a Senior Software Engineer at Persistent Systems, Pune, and worked as a research intern at the National Critical Information Infrastructure Protection Centre (NCIIPC), New Delhi.

Current Status: PhD Thesis Submitted, Expected Completion: Sept/Oct 2025

Open to Postdoctoral Research Opportunities in Cybersecurity and AI

Recent Announcements

📢 [23 Jun 2025] Recent paper titled "The Polymorphism Maze: Understanding Diversities and Similarities in Malware Families" is accepted at the 30^th European Symposium on Research in Computer Security (ESORICS) 2025
📢 [12 May 2025] Successfully passed PhD Open Seminar (Pre-submission seminar) at CSE Dept IIT Kanpur
📢 [21 Mar 2025] Indian patent titled "SYSTEM FOR EXTRACTING MALWARE CAPABILITIES AND METHOD THEREOF" has been granted having Patent No.: 563203
📢 [13 Jan 2025] Recent paper titled "MaLAware: Automating the Comprehension of Malicious Software Behaviours using Large Language Models (LLMs)" is accepted at the 22nd International Conference on Mining Software Repositories (MSR 2025)
📢 [20 Oct 2024] Recent paper titled "MAD: A Meta-Learning Approach to Detect Advanced Persistent Threats using Provenance Data in Industrial IoT" is accepted at WAITI 2024 co-located with ACSAC24

Patents

🔒 System for Extracting Malware Capabilities and Method Thereof
Inventors: B Saha, NANDA RANI, & SK Shukla
India: Patent No. 563203 (GRANTED) | US: Patent Application No. 18/812,003 (Filed)
🔒 System and Method for Adaptive Masking-based Deception Orchestration
Inventors: VSC Putrevu, S Mukhopadhyay, S Manna, NANDA RANI, A Vaid, H Chunduri, PM Anand, & SK Shukla
India: Patent Application No. 202411006680 (Filed) | US: Patent Application No.: 63/627,859 (Filed)
🔒 System for Attributing Cyber Threats and Method Thereof
Inventors: NANDA RANI, B Saha, V Maurya, & SK Shukla
India: Patent Application No. 202411061807 (Filed) | US: Patent Application No.: 19/210,186 (Filed)

Publications

📰 Journals / Transactions

📝 NANDA RANI, & SK Shukla (2025). AURA: A Multi-Agent Intelligence Framework for Knowledge-Enhanced Cyber Threat Attribution. Under review for the Special Issue "Generative AI in Cybersecurity", Future Generation Computer Systems (FGCS) journal.
```
@article{rani2025aura,
  title={AURA: A Multi-Agent Intelligence Framework for Knowledge-Enhanced Cyber Threat Attribution},
  author={Rani, Nanda and Shukla, Sandeep Kumar},
  journal={arXiv preprint arXiv:2506.10175},
  year={2025}
}
```

📝 M Udeshi, M Shao, H Xi, NANDA RANI, K Milner, VSC Putrevu, B Dolan-Gavitt, SK Shukla, P Krishnamurthy, F Khorrami, R Karri, & M Shafique (2025). D-CIPHER: Dynamic Collaborative Intelligent Agents with Planning and Heterogeneous Execution for Enhanced Reasoning in Offensive Security. Under review at IEEE Transactions on Information Forensics and Security.

@article{udeshi2025d,
  title={D-CIPHER: Dynamic Collaborative Intelligent Agents with Planning and Heterogeneous Execution for Enhanced Reasoning in Offensive Security},
  author={Udeshi, Meet and Shao, Minghao and Xi, Haoran and Rani, Nanda and Milner, Kimberly and Sai Charan Putrevu, Venkata and B Dolan-Gavittrendan and Shukla, Sandeep Kumar and Krishnamurthy, Prashanth and Khorrami, Farshad and others},
  journal={arXiv e-prints},
  pages={arXiv--2502},
  year={2025}
}

📝 NANDA RANI, B Saha, & SK Shukla (2025). A Comprehensive Survey of Advanced Persistent Threat Attribution: Taxonomy, Methods, Challenges and Open Research Problems. Journal of Information Security and Applications.

@article{rani2025comprehensive,
  title={A comprehensive survey of automated Advanced Persistent Threat attribution: Taxonomy, methods, challenges and open research problems},
  author={Rani, Nanda and Saha, Bikash and Shukla, Sandeep Kumar},
  journal={Journal of Information Security and Applications},
  volume={92},
  pages={104076},
  year={2025},
  publisher={Elsevier}
}

📝 NANDA RANI, B Saha, V Maurya, & SK Shukla (2024). Chasing the Shadows: TTPs in Action to Attribute Advanced Persistent Threats. Submitted response to major revision at Information Security Journal: A Global Perspectivey.

@article{rani2024chasing,
  title={Chasing the Shadows: TTPs in Action to Attribute Advanced Persistent Threats},
  author={Rani, Nanda and Saha, Bikash and Maurya, Vikas and Shukla, Sandeep Kumar},
  journal={arXiv preprint arXiv:2409.16400},
  year={2024}
}

📝 NANDA RANI, D Singh, B Saha, & SK Shukla (2024). Automated Classification of Cybercrime Complaints using Transformer-based Language Models for Hinglish Texts. arXiv preprint arXiv:2412.16614.

@article{rani2024automated,
  title={Automated Classification of Cybercrime Complaints using Transformer-based Language Models for Hinglish Texts},
  author={Rani, Nanda and Singh, Divyanshu and Saha, Bikash and Shukla, Sandeep Kumar},
  journal={arXiv preprint arXiv:2412.16614},
  year={2024}
}

📝 NANDA RANI, B Saha, V Maurya, & SK Shukla (2024). TTPXHunter: Actionable Threat Intelligence Extraction as TTPs from Finished Cyber Threat Reports. Digital Threats: Research and Practice .

@article{rani2024ttpxhunter,
  title={TTPXHunter: Actionable threat intelligence extraction as TTPs from finished cyber threat reports},
  author={Rani, Nanda and Saha, Bikash and Maurya, Vikas and Shukla, Sandeep Kumar},
  journal={Digital Threats: Research and Practice},
  volume={5},
  number={4},
  pages={1--19},
  year={2024},
  publisher={ACM New York, NY}
}

📝 VSC Putrevu, S Mukhopadhyay, S Manna, NANDA RANI, A Vaid, H Chunduri, PM Anand, & SK Shukla (2024). ADAPT: Adaptive Camouflage Based Deception Orchestration For Trapping Advanced Persistent Threats. Digital Threats: Research and Practice .

@article{putrevu2024adapt,
  title={Adapt: Adaptive camouflage based deception orchestration for trapping advanced persistent threats},
  author={Putrevu, Venkata Sai Charan and Mukhopadhyay, Subhasis and Manna, Subhajit and Rani, Nanda and Vaid, Ansh and Chunduri, Hrushikesh and Putrevu, Mohan Anand and Shukla, Sandeep},
  journal={Digital Threats: Research and Practice},
  volume={5},
  number={3},
  pages={1--35},
  year={2024},
  publisher={ACM New York, NY}
}

🎤 Conferences

📝 A Vitale, S Aonzo, S Dambra, NANDA RANI, L Ippolito, P Kotzias, J Caballero, & D Balzarotti (2025). The Polymorphism Maze: Understanding Diversities and Similarities in Malware Families. Accepted at "The 30th European Symposium on Research in Computer Security (ESORICS) 2025.
```
Will be updated after paper publication
```

📝 M Shao^*, H Xi^*, NANDA RANI^*, M Udeshi^*, VSC Putrevu, K Milner, B Dolan-Gavitt, SK Shukla, P Krishnamurthy, F Khorrami, R Karri, & M Shafique (2025). CRAKEN: Cybersecurity LLM Agent with Knowledge-Based Execution. Under review for the 39th Annual Conference on Neural Information Processing Systems (NeurIPS 2025).

@article{shao2025craken,
  title={CRAKEN: Cybersecurity LLM Agent with Knowledge-Based Execution},
  author={Shao, Minghao and Xi, Haoran and Rani, Nanda and Udeshi, Meet and Putrevu, Venkata Sai Charan and Milner, Kimberly and B Dolan-Gavittrendan and Shukla, Sandeep Kumar and Krishnamurthy, Prashanth and Khorrami, Farshad and others},
  journal={arXiv preprint arXiv:2505.17107},
  year={2025}
}

^* Equal contribution

📝 B Saha, NANDA RANI, J Chakraborty, D Singh, SV Chakraborty, & SK Shukla (2025). PARAG: Proactive Answering Framework Integrating LLMs with Retrieval-Augmented Generation. European Interdisciplinary Cybersecurity Conference (EICC 2025).

@inproceedings{saha2025parag,
  title={PARAG: Proactive Answering Framework Integrating LLMs with Retrieval-Augmented Generation},
  author={Saha, Bikash and Rani, Nanda and Chakraborty, Joheen and Singh, Divyanshu and Chakraborty, Soumyo V and Shukla, Sandeep Kumar},
  booktitle={European Interdisciplinary Cybersecurity Conference},
  pages={20--37},
  year={2025},
  organization={Springer}
}

📝 B Saha, NANDA RANI, & SK Shukla (2025). MaLAware: Automating the Comprehension of Malicious Software Behaviours using Large Language Models (LLMs). 22nd International Conference on Mining Software Repositories (MSR 2025).

@inproceedings{saha2025malaware,
  title={Malaware: Automating the comprehension of malicious software behaviours using large language models (llms)},
  author={Saha, Bikash and Rani, Nanda and Shukla, Sandeep Kumar},
  booktitle={2025 IEEE/ACM 22nd International Conference on Mining Software Repositories (MSR)},
  pages={169--173},
  year={2025},
  organization={IEEE}
}

📝 B Saha, NANDA RANI, & SK Shukla (2024). MAD: A Meta-Learning Approach to Detect Advanced Persistent Threats using Provenance Data in Industrial IoT. 2024 Annual Computer Security Applications Conference Workshops (ACSAC Workshops).

@inproceedings{saha2024mad,
  title={MAD: A Meta-Learning Approach to Detect Advanced Persistent Threats using Provenance Data in Industrial IoT},
  author={Saha, Bikash and Rani, Nanda and Shukla, Sandeep Kumar},
  booktitle={2024 Annual Computer Security Applications Conference Workshops (ACSAC Workshops)},
  pages={201--207},
  year={2024},
  organization={IEEE}
}

📝 NANDA RANI, B Saha, R Kumar, & SK Shukla (2024). Genesis of Cyber Threats: Towards Malware-based Advanced Persistent Threat (APT) Attribution. 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), Washington, DC, USA, pp. 399-408.

@inproceedings{rani2024genesis,
  title={Genesis of Cyber Threats: Towards Malware-based Advanced Persistent Threat (APT) Attribution},
  author={Rani, Nanda and Saha, Bikash and Kumar, Ravi and Shukla, Sandeep Kumar},
  booktitle={2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)},
  pages={399--408},
  year={2024},
  organization={IEEE}
}

📝 B Saha, NANDA RANI, & SK Shukla (2023). MalXCap: A Method for Malware Capability Extraction. International Conference on Information Security Practice and Experience (ISPEC), Singapore: Springer Nature Singapore.

@inproceedings{saha2023malxcap,
  title={MalXCap: A Method for Malware Capability Extraction},
  author={Saha, Bikash and Rani, Nanda and Shukla, Sandeep Kumar},
  booktitle={International Conference on Information Security Practice and Experience},
  pages={230--249},
  year={2023},
  organization={Springer}
}

📝 NANDA RANI, B Saha, V Maurya, & SK Shukla (2023). TTPHunter: Automated Extraction of Actionable Intelligence as TTPs from Narrative Threat Reports. Proceedings of the 2023 Australasian Computer Science Week.

@incollection{rani2023ttphunter,
  title={TTPHunter: Automated extraction of actionable intelligence as TTPs from narrative threat reports},
  author={Rani, Nanda and Saha, Bikash and Maurya, Vikas and Shukla, Sandeep Kumar},
  booktitle={Proceedings of the 2023 Australasian Computer Science Week},
  pages={126--134},
  year={2023}
}

📝 V Maurya, NANDA RANI, & SK Shukla (2022). RemOD: Operational Drift-Adaptive Intrusion Detection. International Conference on Security, Privacy, and Applied Cryptography Engineering, Cham: Springer Nature Switzerland.

@inproceedings{maurya2022remod,
  title={RemOD: Operational drift-adaptive intrusion detection},
  author={Maurya, Vikas and Rani, Nanda and Shukla, Sandeep Kumar},
  booktitle={International Conference on Security, Privacy, and Applied Cryptography Engineering},
  pages={314--333},
  year={2022},
  organization={Springer}
}

📝 NANDA RANI, A Mishra, R Kumar, S Ghosh, SK Shukla, & P Bagade (2022). A Generalized Unknown Malware Classification. International Conference on Security and Privacy in Communication Systems, Cham: Springer Nature Switzerland.

@inproceedings{rani2022generalized,
  title={A generalized unknown malware classification},
  author={Rani, Nanda and Mishra, Ayushi and Kumar, Rahul and Ghosh, Sarbajit and Shukla, Sandeep K and Bagade, Priyanka},
  booktitle={International Conference on Security and Privacy in Communication Systems},
  pages={793--806},
  year={2022},
  organization={Springer}
}

📝 NANDA RANI, SV Dhavale, A Singh, & A Mehra (2022). A Survey on Machine Learning-Based Ransomware Detection. Proceedings of the Seventh International Conference on Mathematics and Computing: ICMC 2021, Singapore: Springer Singapore.

@inproceedings{rani2022survey,
  title={A survey on machine learning-based ransomware detection},
  author={Rani, Nanda and Dhavale, Sunita Vikrant and Singh, Amarjit and Mehra, Atul},
  booktitle={Proceedings of the Seventh International Conference on Mathematics and Computing: ICMC 2021},
  pages={171--186},
  year={2022},
  organization={Springer}
}

📖 Book Chapters

📝 B Saha, NANDA RANI, & SK Shukla (2025). Generative AI in Financial Institution: A Global Survey of Opportunities, Threats, and Regulation . arXiv preprint arXiv:2504.21574. Book title: Generative AI For Cybersecurity. Publisher: CRC Press, Taylor & Francis Group, Florida, USA
```
@article{saha2025generative,
  title={Generative AI in Financial Institution: A Global Survey of Opportunities, Threats, and Regulation},
  author={Saha, Bikash and Rani, Nanda and Shukla, Sandeep Kumar},
  journal={arXiv preprint arXiv:2504.21574},
  year={2025}
}
```

Teaching Experiences

Instructor

Nov 2024 - Apr 2025
Cybersecurity Basics
AL-Hafeez College, Veer Kunwar Singh University, Arrah

Jun 2024 - Nov 2024
Python Programming
AL-Hafeez College, Veer Kunwar Singh University, Arrah

Jul 2023 - Dec 2023
CTPGDCS SI L1: Incident Response and Digital Forensics
UP State Institute of Forensic Sciences, Lucknow

Jul 2023 - Dec 2023
CTPGDCS SI L2: Network Security
UP State Institute of Forensic Sciences, Lucknow

Teaching Assistant

Mar 2025 - May 2025
CS203: Mathematics for Computer Science - III
IIT Kanpur

Jan 2025 - Mar 2025
CS202: Mathematics for Computer Science - II
IIT Kanpur

Jan 2024 - May 2024
CS668: Practical Cyber Security for Cyber Security Practitioners
IIT Kanpur

Jan 2023 - May 2023
CS668: Practical Cyber Security for Cyber Security Practitioners
IIT Kanpur

Aug 2022 - Nov 2022
CS628: Computer System Security
IIT Kanpur

Aug 2021 - Nov 2021
ESC101: Fundamentals of Computing
IIT Kanpur

Training

Apr 27, 2025
Identify & Prepare: Threat Modeling, APT Groups
C3iHub, IIT Kanpur

Feb 20, 2025
Advanced Persistent Threats (APT): Study of Targeted Malware
C3iHub, IIT Kanpur

Dec 2024 - Jan 2025
Cyber Threats and Threat Intelligence Training
Indian Army Personnel, Lucknow

2023
Cybercrime Awareness: Protecting Yourself in the Digital Age
AL-Hafeez College, Veer Kunwar Singh University, Ara

Presentations

2025
Poster Presentation: Developing Tools & Techniques for Advanced Persistent Threat Attribution
PMRF Symposium, IIT Hyderabad

2024
Speaker: Financial Cyber Frauds: Recognizing & Preventing Scams
Cyber Jagrukta Diwas, C3iHub for NHAI

2024
Panel Member: Secured Communication Network
Innovation Xchange Event, ITU - WTSA-24
Event Link

2024
Presenter: Genesis of Cyber Threats: Towards Malware-based Advanced Persistent Threat (APT) Attribution
IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications

2023
Presenter: TTPHunter: Automated Extraction of Actionable Intelligence as TTPs from Narrative Threat Reports
Australasian Information Security Conference

2022
Presenter: A Generalized Unknown Malware Classification
18th EAI International Conference, SecureComm

2021
Keynote Speaker: Python for Cybersecurity
PyCode Conference (Online Event)
Event Link

Awards

Prime Minister’s Research Fellowship (PMRF) Aug 2022 – Present
Ministry of Education, Government of India
Prestigious fellowship awarded to research scholars at premier institutes to advance innovation in science and technology fields of national importance.
Raman Charpak Fellowship Mar 2023 – Aug 2023
Indo-French Centre for the Promotion of Advanced Research (IFCPAR/CEFIPRA)
Prestigious program promoting doctoral research collaboration between India and France in advanced science and technology domains.
Winner, Smart India Hackathon (SIH) 2020 July 2020 – Aug 2020
Ministry of Education, Government of India
Nationwide innovation competition aimed at solving real-world challenges faced by industries and government organizations. Awarded a prize of ₹1,00,000.

Volunteer Experiences

🤝

Organizing: Agentic Automated CTF 2025
Serving as part of the organizing team for an international-level cybersecurity hackathon hosted by New York University (NYU), aimed at fostering innovation and practical problem-solving.
Event Link: https://www.csaw.io/agentic-automated-ctf

🤝

Organized: HACK IITK Cybersecurity Challenge 2025
Served as an organizer for the national-level cybersecurity hackathon promoting innovation and problem-solving.
Event Link: https://hackathon.iitk.ac.in/

🤝

India Lead: NYU CSAW’24 LLM CTF Attack Competition
Led the coordination of NYU CSAW’s LLM-based CTF competition for Indian participants, managing logistics and participant engagement.
Event Link: https://www.csaw.io/llm-attack-challenge/

🤝

Organized: C3iHub Conference on Emerging Trends in Cybersecurity (CCETC 2024)
Organized a national conference uniting academia, industry, and government stakeholders to discuss innovations and challenges in cybersecurity.
Event Link: https://c3ihub.org/ccetc2024/