11/06/2023
By Danielle Fretwell

The Francis College of Engineering, Department of Electrical and Computer Engineering, invites you to attend a Doctoral Dissertation defense by Ting-Li Huoh on: Deep Learning for Cybersecurity: Applications in Network Traffic Analysis and Malware Detection

Candidate Name: Ting-Li Huoh
Degree: Doctoral
Defense Date: Wednesday, November 15, 2023
Time:1:30-3 p.m.
Location: Ball Hall 302

Committee:
Advisor: Yan Luo, Ph.D., Professor, Electrical and Computer Engineering, University of Massachusetts Lowell

Committee Members
1. Hengyong Yu, Ph.D., Professor, Electrical and Computer Engineering, UMass Lowell
2. Chunxiao (Tricia) Chigan, Ph.D., Professor, Electrical and Computer Engineering, UMass Lowell
3. Peilong Li, Ph.D., Assistant Professor, Computer Science, Elizabethtown College

Brief Abstract:
As computer network traffic grows, cybersecurity has become a challenge because of the complexity and dynamics of emerging network applications. The aim of this dissertation is to design and implement deep learning tools and frameworks for network traffic analysis and malware intrusion detection. The research shows that graph-domain modeling of encrypted network traffic demonstrates superiority in executing multi-class classification by utilizing network raw data. It also shows that the proposed multi-input Transformer-based model exhibits superiority in performing binary classification on Windows Portable Executable (PE) for malware detection. Moreover, the research demonstrates that the proposed self-supervised contrastive learning-based model has a higher level of effectiveness in performing multi-class classification tasks for Windows PE malware. The significance of this study includes: (i) it demonstrates the graph neural networks' (GNN) proof-of-concept for classifying network traffic flows and establishes a foundation for future graph-based studies in the field; (ii) it provides deep learning-based solutions for classifying network traffic flows and detecting Windows PE malware files, which enables predicting network traces or malicious files as new data come to light; and (iii) it provides a self-supervised contrastive learning-based solution for classifying PE malware with a reduced reliance on labeled data, along with the development of data augmentation techniques tailored to PE files for use during self-supervised learning.