Bio

Brad Reaves is an Associate Professor in the Department of Computer Science at NC State University and a member of the Wolfpack Security and Privacy Research (WSPR) Lab. His research focuses on measuring and improving the security and privacy of computer systems, with particular emphasis on telephone networks and mobile platforms.

Reaves’ work spans topics such as mobile malware detection, fraud in mobile money systems, and techniques to differentiate between legitimate and fraudulent phone calls. His interdisciplinary research integrates concepts from signal processing, digital communications, data science, machine learning, statistics, cryptography, program analysis, reverse engineering, and network security.

He regularly collaborates with students and researchers to address real-world threats and develop practical security solutions that impact both users and systems at scale.

Area(s) of Expertise

Cyber Security

Publications

• AssetHarvester: A Static Analysis Tool for Detecting Secret-Asset Pairs in Software Artifacts , 2025 IEEE/ACM 47th International Conference on Software Engineering (ICSE) (2025)
• Characterizing Robocalls with Multiple Vantage Points , 2025 IEEE Symposium on Security and Privacy (SP) (2025)
• It Should Be Easy but... New Users' Experiences and Challenges with Secret Management Tools , Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security (2025)
• Fixing Insecure Cellular System Information Broadcasts For Good , The 27th International Symposium on Research in Attacks, Intrusions and Defenses (2024)
• Jäger: Automated Telephone Call Traceback , Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (2024)
• On SMS Phishing Tactics and Infrastructure , 45TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP 2024 (2024)
• Pairing Security Advisories with Vulnerable Functions Using Open-Source LLMs , Lecture Notes in Computer Science (2024)
• VFCFinder: Pairing Security Advisories and Patches , Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (2024)
• A Comparative Study of Software Secrets Reporting by Secret Detection Tools , 2023 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM) (2023)
• ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions , Proceedings of the USENIX Security Symposium (2023)

View all publications