I am a Ph.D. student in Computer Science at the University of California, Santa Barbara, where I am supervised by Prof. Giovanni Vigna and Prof. Christopher Kruegel. My research focuses on web application security and automated vulnerability discovery, with a particular emphasis on developing algorithmic approaches to identify security flaws in web-based systems. I also actively compete in Capture The Flag (CTF) competitions as a member of the Shellphish team.
PhD in computer science
Institution: University of California, Santa Barbara, USA
Status: Reading (2023 - )
Bachelor of Science Honours in Software Engineering [First Class]
Institution: University of Colombo School of Computing, Sri Lanka
College Honors: Gold Medal, Professor Soma Goonetillake Memorial Award
Thesis: CGraph-Graph Based Extensible Cyber Threat Intelligence System
Degree Awarded: 1st May 2021
Security Researcher - Intern: Palo Alto Networks, CA, USA.
Year: June 2025 -
Graduate Researcher: UC Santa Barbara, CA, USA. (SecLab)
Supervisors: Dr. Giovanni Vigna and Dr. Christopher Kruegel
Research Domain: Web Application Security | Automated Vulnerability Discovery
Year: 2023 -
Research Associate: UC Santa Barbara, CA, USA. (SecLab)
Supervisors: Dr. Giovanni Vigna and Dr. Christopher Kruegel
Work carried out: Developed deep reinforcement learning simulation to mimic user actions
against zk-snark-based smart contracts
Results: GuideEnricher: Protecting the Anonymity of Ethereum Mixing Service Users with Deep Reinforcement Learning, USENIX Security 24
Year: 2022
Security Researcher - Intern : Qatar Computing Research Institute[Remote].
Supervisors: Dr. Mohamed Nabeel (QCRI)
Work carried out: Research conducted to identify attackers created and compromised
domains using machine learning
Results: Compromised or Attacker-Owned: A Large Scale Classification and Study of Hosting Domains of Malicious URL, USENIX Security 21
Year: 2020
GuideEnricher: Protecting the Anonymity of Ethereum Mixing Service Users with Deep Reinforcement Learning.
Ravindu De Silva, Wenbo Guo, Nicola Ruaro, Ilya Grishchenko, Christopher Kruegel, Giovanni Vigna
University of California, Santa Barbara. (USENIX Security 24)
A Large Scale Study and Classification of VirusTotal Reports on Phishing and Malware URLs
Euijin Choo, Mohamed Nabeel. Doowon Kim, Ravindu De Silva, Ting Yu,Issa Khalil.
ACM on Measurement and Analysis of Computing Systems
(ACM MAC Volume7)
Compromised or Attacker-Owned: A Large Scale Classification and Study of Hosting Domains of Malicious URLs
Ravindu De Silva, M Nabeel, C Elvitigala, I Khalil, T Yu, C Keppitiyagama
30th USENIX Security Symposium (USENIX Security 21)
Finalist - Team Shellphish - 5th Place, DARPA AIxCC
Institution: The Defense Advanced Research Projects Agency, USA (DARPA)
Year: Aug 2025
Qualified Finals - Shellphish - DARPA AIxCC
Institution: The Defense Advanced Research Projects Agency, USA (DARPA)
Year: Aug 2024
Professor Soma Goonetillake Memorial Award for the Best Final Year Software Engineering research project in B.Sc.(Hons) Software Engineering, Gold Medal.
Institution: University Of Colombo, Sri Lanka.
Year: 2021
Success in DARPA Cyberdefense Competition Nets Team a Trip to the Finals — and $2 Million
What a ride it’s been! Working on this project with some of the brightest minds in the world has been nothing short of incredible. Our mission? Build a fully autonomous system that can find software vulnerabilities and automatically generate patches, basically, an AI security researcher that never sleeps.
It all kicked off in 2023. By 2024, we’d made it to the finals. And in 2025. we placed 5th in the world. Along the way, we tackled unanswered security challenges, blending classic program analysis techniques with AI to create a system that could reason about code on its own.
It wasn’t just a technical challenge, it was a blast. Long days, new ideas, late-night breakthroughs… all in service of making software more secure for everyone. I couldn’t be prouder of what we built, or more excited for what’s next.
Team Shellphish.