Justin M Beaver

Justin M Beaver

Cyber and Information Security Research Group Lead


Dr. Justin M. Beaver is a senior research scientist at Oak Ridge National Laboratory (ORNL), with primary research interests in the application of data mining and machine learning methods to cyber security data for threat characterization, detection and prediction.  He also leads the Cyber and Information Security Research (CISR) Group at ORNL, comprised of ~40 scientists and engineers focused on cutting edge research in cybersecurity data architectures and analytics, intrusion detection, situational awareness, secure communications, sensing and signal analytics, malware analysis and trusted communication architectures.  The group mission is to defend, understand, and secure the nation's energy, economic, and security infrastructure. 

Dr. Beaver holds a B.S. degree (1995) in Electrical Engineering from Tennessee Technological University, and M.S. (2001) and Ph.D. (2006) degrees in Computer Engineering from the University of Central Florida.   He began his professional career in 1995 as a computer engineer for the National Aeronautics and Space Administration (NASA) at Kennedy Space Center (KSC).  From 1995 through 2007, he contributed to several different launch control system development projects in support of the Space Shuttle program.  His primary achievements with NASA include the deployment of a new command/control system for the Space Shuttle Hazardous Maintenance Facility in 2001, serving as systems engineer for a new control system for experimental plant growth chambers in 2003, leading the first Capability Maturity Model Integration (CMMI) evaluation of the KSC development processes as Engineering Process Group Chairman (2005), and prototyping a new checkout and launch control system for post-shuttle vehicles (2007).

In 2008, Dr. Beaver began working at ORNL as a computer scientist in the Applied Software Engineering Research (ASER) Group.  Initially, his work centered on developing information fusion methods for threat assessment, with applications in the static analysis of shipping containers and in social simulations.  This work led to threat analysis research in the cyber security domain, and determining new ways to glean useful insights from noisy cyber security alert data.

In 2011, ASER became the Computational Data Analytics (CDA) Group and Dr. Beaver served as the lead for the Intelligent Computing Research (ICR) Team in CDA.  ICR was an applied algorithm development research group centered on innovation in the analysis of large-scale high-speed data to solve pressing national challenges.  From 2011 through 2016, the ICR staff leveraged their core computer science expertise on projects spanning multple application domains, including law enforcement, intelligence, biosurveillance, health informatics, biomedical, social media analysis, and cyber security.  In addition to team lead, Dr. Beaver served as the Principal Investigator (PI) for the cyber security projects in ICR.

Dr. Beaver is an author on over 25 refereed research publications.  He currently serves as the PI for Oak Ridge Cyber Analytics (ORCA), a collection of research projects focused on applying the latest data mining, machine learning, and text analysis technologies to data problems in the cyber security space.  In addition to his research and development work, Dr. Beaver is currently operationalizing several of these technologies for defense applications. 


  • CCSD Employee of the Quarter (2015)
  • ORNL Significant Event Award (2012): Demonstration of zero-day network attack detection
  • ORNL Significant Event Award (2009): Development and delivery of high-risk proof-of-concept cyber security system


Oak Ridge Cyber Analytics 

Oak Ridge Cyber Analytics (ORCA) is a suite of tools for applying automation and advanced analytics to pressing information security problems.  ORCA is comprised of several components, each of which addresses widespread technology gaps in computer network defense.  A sample of ORCA research thrusts include:

  • Zero-day Network Intrusion Detection: Applying machine-learning to network traffic to reliably discriminate known and unknown network-based attacks.

  • Network Data Discovery Engine: Mapping the distribution of textual data on a network, including quantifying the value of the information each host contains.

  • Detecting Malicious Behaviors in Critical Infrastructure Systems: Analyzing command and control messages in critical infrastructure systems for command and data injection and denial of service behaviors.

  • Alert Correlation and Visualization: Aggregation, analysis, and correlation of IDS alerts coupled with interactive visual analytics for decision support.

  • Host-based Intrusion and Exfiltration Detection: Host-based sensors and analytics for identifying probable unauthorized exfiltration actions.




C.A. Steed, M.G. Drouhard, J.M. Beaver, J.M. Pyle, and P.L. Bogen. "Matisse: A Visual Analytics System for Exploring Emotion Trends in Social Media Text Streams."  In Proceedings of the 2015 IEEE International Conference on Big Data, Santa Clara, California, November 2015.

C.A. Steed, J.M. Beaver, P.L. Bogen, M.G. Drouhard, and J.M. Pyle.  "Text Stream Trend Analysis using Multiscale Visual Analytics with Applications to Social Media Systems." In Proceedings of the 2015 ACM IUI Workshop on Visual Text Analytics, Atlanta, Georgia, March 2015.


R.C. Borges-Hink, J.M. Beaver, M.A. Buckner, T. Morris, U. Adhikari and S. Pan.  "Machine Learning for Power System Disturbance and Cyber-attack Discrimination." In Proceedings of the 7th International Symposium on Resilient Control Systems, Denver, Colorado, 2014.


J.M. Beaver, R.C. Borges-Hink and M.A. Buckner.  "An Evalation of Machine Learning Methods to Detect Malicious SCADA Communications."  In Proceedings of the 2013 International Conference on Machine Learning and Applications, Miami, Florida, December 2013.

J.M. Beaver, C.T. Symons and R.E. Gillen.  "A Learning System for Discriminating Variants of Malicious Network Traffic."  In Proceedings of the 8th Cyber Security and Information Intelligence Research Workshop, Oak Ridge, Tennessee, January 2013.


C.T. Symons and J.M. Beaver.  "Nonparametric Semi-supervised Learning for Network Intrusion Detection: Combining Performance Improvements with Realistic In-Situ Training."  In Proceedings of the 5th ACM Workshop on Artificial Intelligence and Security, Raleigh, North Carolina, October 2012.

X. Cui, J.M. Beaver, and J.N. Treadwell.  "ShadowNet: An Active Defense Infrastructure for Insider Cyber Attack Prevention."  In Proceedings of the 12th International Conference on Computational Science and Its Applications (ICCSA 2012), Salvador, Brazil, June 2012.


R.M. Patton, J.M. Beaver, C.A. Steed, J.N. Treadwell, and T.E. Potok.  "Hierarchical Clustering and Visualization of Aggregate Cyber Data."  In Proceedings of the 7th International Wireless Communications and Mobile Computing Conference (IWCMC-2011), Istanbul, Turkey, July 2011.

J.M. Beaver, C.A. Steed, R.M. Patton, X. Cui, and M.A. Schultz.  "Visualization Techniques for Computer Network Defense."  In Proceedings of the SPIE Conference on Defense, Security, and Sensing 2011, Orlando, Florida, April 2011.

J.M. Beaver, R.M. Patton, and T.E. Potok.  "An Approach to the Automated Determination of Host Information Value."  In Proceedings of the 2011 IEEE Symposium on Computational Intelligence in Cyber Security, Paris, France, April 2011.

B.A. Jewell and J.M. Beaver.  "Host-based Data Exfiltration Detection via System Call Sequences."  In Proceedings of the 6th International Conference on Information Warfare and Security, Washington, D.C., March 2011.

X. Cui, J.M. Beaver and T.E. Potok.  "Visual Mining Intrusion Behaviors By Using Swarm Technology."  In Proceedings of the 44th Hawaii International Conference on System Sciences, Kauai, Hawaii, January 2011.

R.M. Patton, J.M. Beaver and T.E. Potok.  "Classification of Distributed Data Using Topic Modeling and Maximum Variation Sampling."  In Proceedings of the 44th Hawaii International Conference on System Sciences, Kauai, Hawaii, January 2011.


S.J. Fernandez, A.N. Rose, E.A. Bright, J.M. Beaver, C.T. Symons and O.A. Omitaomu. "Construction of Synthetic Populations with Key Attributes: Simulation Set-up while Accommodating Multiple Approaches within a Flexbile Platform."  In Computational Modeling and Discovery in Social Systems (CMDSS) 2010, Minneapolis, Minnesota, August 2010.

X. Cui, J.M. Beaver, E. Stiles, L.L. Pullum, B. Klump, J.N. Treadwell and T.E. Potok.  "The Swarm Model in Open Source Software Developer Communities."  In Proceedings of the 2nd International Conference on Social Computing, August 2010.


X. Cui, J.M. Beaver, T.E. Potok, L.L. Pullum and J.N. Treadwell.  "A Stigmergy Approach for Open Source Software Developer Community Simulation."  In Proceedings of the 2009 Symposium on Social Computing Applications (SCA09), Vancouver, Canada, September 2009.

J.M. Beaver, R.A. Kerekes and J.N. Treadwell.  "An Information Fusion Framework for Threat Assessment."  In Proceedings of the 12th International Conference on Information Fusion, Seattle, Washington, July 2009.

J.M. Beaver, X. Cui, J.L. St. Charles and T.E. Potok.  "Modeling Success in FLOSS Project Groups."  In Predictor Models in Software Engineering (PROMISE) 2009, Vancouver, Canada, May 2009.

J.M. Beaver, R.A. Kerekes and J.N. Treadwell.  "Decision-level Information Fusion to Assess Threat Likelihood in Shipped Containers."  In Proceedings of the 2009 IEEE International Conference on Technologies for Homeland Security, Waltham, Massachusetts, May 2009.


X. Cui, J.L. St. Charles, T.E. Potok and J.M. Beaver.  "Dimensionality Reduction Particle Swarm Algorithm for High Dimensional Clustering."  In IEEE Swarm Intelligence Symposium 2008, St. Louis, Missouri, September 2008.


J.M. Beaver.  "A Life Cycle Software Quality Model Using Bayesian Belief Networks."  University of Central Florida, 2006.

J.M. Beaver and G.A. Schiavone.  "The Effects of Development Team Skill on Software Product Quality."  In ACM Software Engineering Notes, Vol 31, Iss 3, pp. 1-5, May 2006.


J.M. Beaver, G.A. Schiavone and J. S. Berrios.  "Predicting Software Suitability Using a Bayesian Belief Network."  In Proceedings of the 4th International Conference on Machine Learning and Applications (ICMLA '05), December 2005.


J.M. Beaver and G.A. Schiavone.  "A Comparison of Software Quality Modeling Techniques."  In Proceedings of the 2003 International Conference on Software Engineering Research and Practice, Las Vegas, Nevada, June 2003.

J.M. Beaver and G.A. Schiavone.  "Spatial Data Analysis as a Software Quality Modeling Technique."  In Proceedings of the 15th International Conference of Software Engineering and Knowledge Engineering, July 2003.



U.S. Patent No. 9,497,204,  “In-Situ Trainable Intrusion Detection System”, Issued: November 15, 2016,

Contact Information