08/27/2021
By Sokny Long

The Francis College of Engineering, Department of Electrical & Computer Engineering, invites you to attend a doctoral proposal defense by Onur Barut on “Network Traffic Analysis and Malware Detection using Deep Neural Networks.”

Ph.D. Candidate: Onur Barut
Defense Date: Friday, Sept 10, 2021
Time: 11 a.m. to 12:30 p.m. EST
Location: This will be a virtual defense via Zoom. Those interested in attending should contact PhD advisor, yan_luo@uml.edu, at least 24 hours prior to the defense to request access to the meeting.

Committee Chair (Advisor): Yan Luo, Ph.D., Professor, Electrical and Computer Engineering, University of Massachusetts Lowell

Committee Members:

  • Vinod Vokkarane, Ph.D., Professor, Electrical and Computer Engineering, University of Massachusetts Lowell
  • Tong Zhang, Ph.D., Principal Engineer, Intel Corporation
  • Liang-Min Wang, Ph.D., Platform Solution Architect, Intel Corporation

Brief Abstract:

Classifying network traffic is the basis for important network applications. Prior research in this area has faced challenges on the availability of representative datasets, and many of the results cannot be readily reproduced. Such a problem is exacerbated by emerging data-driven machine learning based approaches. To address this issue, we present (Net)2 database with three open datasets containing nearly 1.3M labeled flows in total, with a comprehensive list of flow features, for the research community and publicly release them1. As the amount of encrypted traffic is also increasing, payload-based classification methods became obsolete making machine learning based approaches crucial. For this purpose, we propose an accurate, fast, and privacy preserved encrypted traffic classification approach with feature engineering for application classification. We also study the problem of detecting TLS-encrypted malware using metadata and TLS protocol features. We conduct a comprehensive study on a set of widely used machine learning and deep learning algorithms for encrypted malware detection. In addition to the classification accuracy, we quantify the run-time performance in terms of throughput and system resource utilization. Moreover, we further boost the speed of the detection systems using acceleration libraries such as DAAL and OpenVINO. Then, to perform both malware detection and application classification more efficiently, we introduce a Multi-Task Hierarchical Learning (MTHL) model. Our results show that MTHL is capable of accurately performing multiple tasks with hierarchical labeling with a dramatic reduction in training time. As deep neural networks trained directly with the raw data have become more popular and successful for malware traffic classification without explicit feature extraction, we introduce Residual 1-D Image Transformer (R1DIT) model that leverages network domain knowledge to achieve high-speed and accurate detection with deep learning achieving dramatical increase in the classification accuracy when compared to the feature-based approaches. Finally, we utilize R1DIT model for a general malware traffic classification system which leverages prior knowledge to detect unseen TLSv1.3 DDoS attack with meta learning by implementing transfer learning and few-shot learning methods to achieve an accurate malware detection with limited number of samples.

All interested students and faculty members are invited to attend the online defense via remote access.