safreita1@gmail.com

Github

Linkedin

Google Scholar

@scottafreitas

YouTube

Blog Posts

Curriculum Vitae (PDF)

I’m a Principal Applied Scientist at Microsoft working at the intersection of applied and theoretical machine learning, with a focus on graph mining and deep learning. My goal is to develop explainable, robust, and efficient next-generation cybersecurity systems.

I completed my Machine Learning PhD at Georgia Tech where I worked with Polo Chau. I co-authored several winning research proposals, including a multi-million dollar DARPA grant; was awarded PhD fellowships from IBM Research, NSF GRFP and Raytheon; and was fortunate to work with amazing engineers and scientists at IBM Research, Amazon, Microsoft Advanced Threat Protection, Microsoft Research, Intel and the Naval Air Warfare Center.

2025Check out our latest Microsoft blog on TITAN integration with Security Copilot Guided Response

2025Our work on Web Scale Graph Mining for Cyber Threat Intelligence (TITAN) was accepted into KDD 2025

2025Presented our work on AI-driven Guided Response for Security Operation Centers with Microsoft Copilot for Security at WWW 2025

2024Presented our TITAN research on stage at Microsoft Ignite!

2024Check out our 2 new Microsoft blogs on Copilot Guided Response, and incident correltion in Defender XDR

2024Our ML for cybersecurity research led to 5 patent filings this last year

Web Scale Graph Mining for Cyber Threat Intelligence

Threat intelligence tracking via adaptive networks (TITAN)

KDD 2025

Project PDF Blog Video

AI-Driven Guided Response for Security Operation Centers with Microsoft Copilot for Security

Largest public security incident dataset

WWW 2025

Project PDF Blog Dataset

GraphWeaver: Billion-Scale Cybersecurity Incident Correlation

Powering Microsoft Defender XDR's correlation engine

CIKM 2024

Project PDF Blog

Dec. 2021Aug. 2018Ph.D. in Machine Learning
Aug. 2018Georgia Institute of Technology, Atlanta, GA
Advisor: Duen Horng (Polo) Chau
Thesis: Developing Robust Models, Algorithms, Databases and Tools with Applications to Cybersecurity and Healthcare
Committee: Duen Horng (Polo) Chau, Srijan Kumar, Diyi Yang, B. Aditya Prakash, Hanghang Tong
Thesis Thesis Recording (Proposal) Thesis Slides

May 2018 —May 2017M.S. in Computer Science
May 2017Arizona State University, Tempe, AZ
Advisor: Hanghang Tong
Thesis: Mining Marked Nodes in Large Graphs
Committee: Hanghang Tong, Ross Maciejewski, Yezhou Yang
GPA: 4.00/4.00
Thesis

May 2017 —Aug. 2015B.S. in Computer Science
Aug. 2015Arizona State University, Tempe, AZ
Advisor: Ross Maciejewski
Thesis: Guided Augmented Reality Tours using Landmarks and Social Media
GPA: 3.98/4.00
Thesis Thesis Recording

May 2014 —Aug. 2010B.S.E. in Electrical Engineering
Aug. 2010Arizona State University, Tempe, AZ
Advisor: James Aberle
Thesis: Multi-Stage Linear Electromagnetic Accelerator Using Optical Triggering
GPA: 3.64/4.00
Thesis Thesis Recording

2021IBM PhD Fellowship
One of sixteen fellows; awarded for my work in developing next-generation explainable defenses

2021Nvidia Data Science Teaching Kit
Helped develop one of five Nvidia teaching kits used by educators around the world

2019Raytheon Research Fellowship
Awarded for my PhD work in adversarial machine learning

2018 — 2021NSF Graduate Research Fellowship
National Science Foundation recognizes and supports outstanding graduate students in STEM fields

2018Outstanding Computer Science Masters Student (ASU)
Awarded to single master student demonstrating exemplary performance

2017Best Demo Award, Runner Up at CIKM '17
For "Rapid Analysis of Network Connectivity"

Present —Sep. 2024Microsoft, Redmond, WA
Sep. 2024Principal Applied Scientist (level 65), Microsoft Security Research
• Leading research into LLM-based agents to automatically identify detection and disruption rule gaps.
• Created TITAN, an industry-scale graph mining and reputation propagation system for cyber threat intelligence that models the relationships between millions of entities, alerts, and signals to uncover hidden infrastructure and generate real-time risk scores. TITAN is integrated into Microsoft's Unified Security Operations Platform, where it now protects hundreds of thousands of organizations globally.
Paper Blog Microsoft Ignite Talk
• Developed an adaptive incident prioritization score that assists analysts in prioritizing security incidents for investigation.

Aug. 2024Sep. 2023Microsoft, Redmond, WA
Sep. 2023Senior Applied Scientist (level 64), Microsoft Security Research
• Led an ML research team in architecting and delivering key capabilities for our flagship AI product, Security Copilot, including tailored recommendations for similar incidents, triaging, and remediation. This system is now deployed worldwide, embedded directly into Microsoft Defender XDR and Security Copilot.
Paper Blog Dataset
• Spearheaded the design and development of GraphWeaver, a geo-distributed, graph-based incident correlation platform that powers Microsoft Defender XDR. The system correlates billions of security alerts across hundreds of thousands of enterprises into coherent, high-precision incidents.
Paper Blog

Aug. 2023Jan. 2022Microsoft, Redmond, WA
Jan. 2022Senior Applied Scientist (level 63), Microsoft Security Research
• Developed graph-based algorithms to identify alert correlation gaps, enabling the correlation of millions of alerts into comprehensive incident stories, saving customers millions in investigation time.
• Led the development and execution of a comprehensive research integration plan, successfully help merge two billion-dollar security products, M365D and Sentinel, into Microsoft Defender XDR.
Blog

Dec. 2021 —Sep. 2021IBM Research, Yorktown Heights, NY
Sep. 2021Research Intern, Cyber Security Intelligence (CSI) Team
Mentor: Teryl Taylor, Frederico Araujo, Jiyong Jang
Developed unsupervised graph representation learning techniques to detect suspicious activity in cloud platforms

Aug. 2021 —May 2021Amazon, Seattle, WA
May 2021Applied Scientist Intern, Fraud Detection and Risk Transaction (CTPS)
Mentor: Hao Zheng, Yanni Lai
Created unsupervised and semi-supervised approaches to prevent fraudulent transactions across the Amazon marketplace

May 2020 —Aug. 2020Microsoft, Redmond, WA
Aug. 2020Research Intern, Microsoft ATP + Microsoft Research
Mentor: Karishma Sanghvi, Yuxiao Dong
Designed semi-supervised graph neural network approach to detect malicious software

Aug. 2019 —May 2019Microsoft, Redmond, WA
May 2019Research Intern, Microsoft Advanced Threat Protection (ATP)
Mentor: Andrew Wicker, Joshua Neil
• Created first framework to model lateral attacks on enterprise networks, enabling IT admins to quantify and mitigate network vulnerability to lateral attacks
Paper

March 2015 —Dec. 2014General Dynamics, Scottsdale, AZ
Dec. 2014Systems Engineer, Mission Systems
Worked on the Integrated Threat Force team to develop and refine the communication technology systems.

Aug. 2013 —May 2013Naval Air Warfare Center, Point Mugu, CA
May 2013Research Intern, Naval Research Entperprise Internship Program (NREIP)
Mentor: Balaji Iyer
Explored methods of preventing electromagentic interference from coupling into superconducting receivers

Web Scale Graph Mining for Cyber Threat Intelligence
Scott Freitas, Amir Gharib
ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD). Toronto, Canada, 2025.
Project PDF Blog Video BibTeX Deployed in Microsoft Unified Security Operations Platform Presented at Microsoft Ignite 2024

			
@article{freitas2025web,
  title={Web Scale Graph Mining for Cyber Threat Intelligence},
  author={Freitas, Scott and Gharib, Amir},
  journal={KDD},
  year={2025},
  publisher={ACM SIGKDD International Conference on Knowledge Discovery \& Data Mining}
}
		

AI-Driven Guided Response for Security Operation Centers with Microsoft Copilot for Security
Scott Freitas, Jovan Kalajdjieski, Amir Gharib, Rob McCann
The ACM Web Conference (WWW). Sydney, Australia, 2025.
Project PDF Blog Dataset BibTeX Deployed in Microsoft Copilot for Security product

			
@article{freitas2025ai,
  title={AI-Driven Guided Response for Security Operation Centers with Microsoft Copilot for Security},
  author={Freitas, Scott and Gharib, Amir},
  journal={WWW},
  year={2025},
  publisher={The ACM Web Conference}
}
		

GraphWeaver: Billion-Scale Cybersecurity Incident Correlation
Scott Freitas, Amir Gharib
ACM International Conference on Information and Knowledge Management (CIKM). Boise, Idaho, 2024.
Project PDF Blog BibTeX Deployed in Microsoft Defender XDR product Keynote talk at CIKM Industry Day

			
@article{freitas2024graphweaver,
  title={GraphWeaver: Billion-Scale Cybersecurity Incident Correlation},
  author={Freitas, Scott and Gharib, Amir},
  journal={CIKM},
  year={2024},
  publisher={ACM International Conference on Information and Knowledge Management}
}
		

Graph Vulnerability and Robustness: A Survey
Scott Freitas, Diyi Yang, Srijan Kumar, Hanghang Tong, Duen Horng (Polo) Chau
IEEE Transactions on Knowledge and Data Engineering (TKDE). 2022.
PDF BibTeX

			
@article{freitas2022graph,
  title={Graph Vulnerability and Robustness: A Survey},
  author={Freitas, Scott, Yang, Diyi and Kumar, Srijan and Tong, Hanghang and Chau, Duen Horng},
  journal={TKDE},
  year={2022},
  publisher={IEEE Transactions on Knowledge and Data Engineering}
}
		

MalNet: A Large-Scale Image Database of Malicious Software
Scott Freitas, Rahul Duggal, Duen Horng (Polo) Chau
ACM International Conference on Information and Knowledge Management (CIKM). Atlanta, GA, 2022.
Demo PDF Dataset Code BibTeX

			
@article{freitas2021malnet,
  title={MalNet: A Large-Scale Image Database of Malicious Software},
  author={Freitas, Scott and Duggal, Rahul and Chau, Duen Horng},
  journal={CIKM},
  year={2022},
  publisher={ACM International Conference on Information and Knowledge Management}
}
		

A Large-Scale Database for Graph Representation Learning
Scott Freitas, Yuxiao Dong, Joshua Neil, Duen Horng (Polo) Chau
Neural Information Processing Systems Datasets and Benchmarks (NeurIPS). Virtual, 2021.
Project Demo PDF Blog Dataset Code BibTeX

			
@article{freitas2021large,
  title={A Large-Scale Database for Graph Representation Learning},
  author={Freitas, Scott and Chen and Dong, Yuxiao and Neil, Joshua and Chau, Duen Horng},
  journal={Thirty-fifth Conference on Neural Information Processing Systems Datasets and Benchmarks},
  year={2021},
  publisher={NeurIPS}
}
		

Evaluating Graph Vulnerability and Robustness using TIGER
Scott Freitas, Diyi Yang, Srijan Kumar, Hanghang Tong, Duen Horng (Polo) Chau
ACM International Conference on Information and Knowledge Management (CIKM). Virtual, 2021.
PDF Blog Video Code BibTeX Featured in Nvidia Data Science Toolkit

			
@article{freitas2020evaluating,
  title={Evaluating Graph Vulnerability and Robustness using TIGER},
  author={Freitas, Scott and Yang, Diyi and Srijan, Kumar and Tong, Hanghang and Chau, Duen Horng},
  journal={CIKM},
  year={2021},
  publisher={ACM International Conference on Information and Knowledge Management}
}
		

EnergyVis: Interactively Tracking and Exploring Energy Consumption for ML Models
Omar Shaikh, Jon Saad-Falcon, Austin P Wright, Nilaksh Das, Scott Freitas, Omar Asensio, Duen Horng Chau
ACM Conference on Human Factors in Computing Systems (CHI). Virtual, 2021.
Demo PDF Video Code BibTeX

			
@article{shaikh2021energyvis,
  title={EnergyVis: Interactively Tracking and Exploring Energy Consumption for ML Models},
  author={Shaikh, Omar and Saad-Falcon, Jon and Wright, Austin P and Das, Nilaksh and Freitas, Scott and Asensio, Omar Isaac and Chau, Duen Horng},
  journal={ACM Conference on Human Factors in Computing Systems (CHI)},
  year={2021}
}
		

UnMask: Adversarial Detection and Defense Through Robust Feature Alignment
Scott Freitas, Shang-Tse Chen, Zijie J. Wang, Duen Horng (Polo) Chau
IEEE International Conference on Big Data (Big Data). Atlanta, GA, 2020.
Project PDF Blog Video Code BibTeX

			
@article{freitas2020detecting,
  title={UnMask: Adversarial Detection and Defense Through Robust Feature Alignment},
  author={Freitas, Scott and Chen, Shang-Tse and Wang, Zijie J. and Chau, Duen Horng},
  journal={IEEE Big Data},
  year={2020},
  publisher={IEEE}
}
		

HAR: Hardness Aware Reweighting for Imbalanced Datasets
Rahul Duggal, Scott Freitas, Sunny Dhamnani, Duen Horng (Polo) Chau, Jimeng Sun
IEEE Conference on Big Data (Big Data). Orlando, USA, 2021.
PDF Video BibTeX

			
@article{duggal2021har,
  title={HAR: Hardness Aware Reweighting for Imbalanced Datasets},
  author={Duggal, Rahul and Freitas, Scott and Dhamnani, Sunny and Chau, Duen Horng and Sun, Jimeng},
  journal={IEEE Conference on Big Data},
  year={2021},
  publisher={IEEE}
}
		

Argo Lite: Open-Source Interactive Graph Exploration and Visualization in Browsers
Siwei Li, Zhiyan Zhou, Anish Upadhayay, Omar Shaikh, Scott Freitas, Haekyu Park, Zijie J. Wang, Susanta Routray, Matthew Hull, Duen Horng (Polo) Chau
ACM International Conference on Information and Knowledge Management (CIKM). Virtual, 2020.
Demo PDF Code BibTeX

			
@inproceedingst{li2020argo,
  title={Argo Lite: Open-Source Interactive Graph Exploration and Visualization in Browsers},
  author={Li, Siwei and Zhou, Zhiyan and Upadhayay, Anish and Shaikh, Omar and Freitas, Scott and Haekyu, Park and Zijie, Wang and Routray, Susanta and Hull, Matthew and Chau, Duen Horng},
  journal={CIKM},
  year={2020},
  publisher={ACM International Conference on Information and Knowledge Management}
}
		

REST: Robust and Efficient Neural Networks for Sleep Monitoring in the Wild
Rahul Duggal*, Scott Freitas*, Cao Xiao, Duen Horng (Polo) Chau, Jimeng Sun
The Web Conference (WWW). Taipei, Taiwan, 2020.
Project PDF Blog Video Code BibTeX * Authors contributed equally

			
@inproceedings{duggal2020rest,
  title={REST: Robust and Efficient Neural Networks for Sleep Monitoring in the Wild},
  author={Duggal, Rahul and Freitas, Scott and Xiao, Cao and Chau, Duen Horng and Sun, Jimeng},
  journal={WWW},
  year={2020},
  publisher={The Web Conference}
}
		

D²M: Dynamic Defense and Modeling of Adversarial Movement in Networks
Scott Freitas, Andrew Wicker, Duen Horng (Polo) Chau, Joshua Neil
SIAM International Conference on Data Mining (SDM). Cincinnati, Ohio, 2020.
Project PDF Blog BibTeX

			
@inproceedings{freitas2020d2m,
  title={D2M: Dynamic Defense and Modeling of Adversarial Movement in Networks},
  author={Freitas, Scott and Wicker, Andrew and Chau, Duen Horng and Neil, Joshua},
  journal={SIAM International Conference on Data Mining},
  year={2020},
  publisher={SIAM}
}
		

Extracting Knowledge For Adversarial Detection and Defense in Deep Learning
Scott Freitas, Shang-Tse Chen, Duen Horng (Polo) Chau
KDD Workshop: Learning and Mining for Cybersecurity (LEMINCS). Anchorage, Alaska, 2019.
PDF BibTeX

			
@article{freitas2019extracting,
  title={Extracting Knowledge For Adversarial Detection and Defense in Deep Learning},
  author={Freitas, Scott and Chen, Shang-Tse and Chau, Duen Horng},
  journal={KDD LEMINCS Workshop},
  year={2019},
  publisher={ACM}
}
		

Local Partition in Rich Graphs
Scott Freitas, Nan Cao, Yinglong Xia, Duen Horng (Polo) Chau, Hanghang Tong
IEEE International Conference on Big Data (Big Data). Seattle, Washington, 2018.
Project PDF BibTeX

			
@inproceedings{freitas2018local,
  title={Local Partition in Rich Graphs}, 
  author={Freitas, Scott and Cao, Nan and Xia, Yinglong and Duen Horng, Chau and Tong, Hanghang}, 
  booktitle={IEEE International Conference on Big Data}, 
  year={2018}, 
  publisher={IEEE}
}
		

X-Rank: Explainable Ranking in Complex Multi-Layered Networks
Jian Kang*, Scott Freitas*, Haichao Yu, Yinglong Xia, Hanghang Tong
ACM International Conference on Information and Knowledge Management (CIKM). Turin, Italy, 2018.
Project PDF BibTeX * Authors contributed equally

			
@inproceedings{kang2018xrank,
  author = {Kang, Jian and Freitas, Scott and Yu, Haichao and Xia, Yinglong and Cao, Nan and Tong, Hanghang},
  title = {X-Rank: Explainable Ranking in Complex Multi-Layered Networks},
  booktitle = {Proceedings of the 27th ACM International Conference on Information and Knowledge Management},
  year = {2018},
  location = {Torino, Italy},
  publisher = {ACM}
} 
		

Rapid Analysis of Network Connectivity
Scott Freitas, Hanghang Tong, Nan Cao, Yinglong Xia
ACM International Conference on Information and Knowledge Management (CIKM). Singapore, 2017.
Project PDF Video Code BibTeX Best Demo Paper, Runner up

			
@inproceedings{Freitas:2017:RAN:3132847.3133170,
  author = {Freitas, Scott and Tong, Hanghang and Cao, Nan and Xia, Yinglong},
  title = {Rapid Analysis of Network Connectivity},
  booktitle = {Proceedings of the 2017 ACM on Conference on Information and Knowledge Management},
  year = {2017},
  location = {Singapore, Singapore},
  publisher = {ACM},
}