12/15/2025
By Danielle Fretwell
The Francis College of Engineering, Department of Electrical and Computer Engineering, invites you to attend a Doctoral Dissertation Proposal defense by Timothy Miskell on: "Design and Evaluation of Deep, Contrastive, and Language Learning Models for Malware Detection in Software-Defined Networking Environments.”
Candidate Name: Timothy Miskell
Degree: Doctoral
Defense Date: Thursday, Dec. 18, 2025
Time: 10-11:30 a.m.
Location: Ball Hall 302
Committee:
- Advisor: Yan Luo, Professor, Electrical and Computer Engineering, University of Massachusetts Lowell
- Hengyong Yu, Professor, Electrical and Computer Engineering, University of Massachusetts Lowell
- Orlando Arias, Assistant Professor, Electrical and Computer Engineering, University of Massachusetts Lowell
- Liang-min Wang, Principal Engineer, Marvell Technology
Brief Abstract:
This work presents the design and evaluation of Deep Learning, Contrastive Learning, as well Large Language Models towards the application of categorizing malicious software in files such as Windows Portable Executable format. Starting with Deep Learning, we first demonstrate how the task of malware classification can be significantly improved based on training the model with raw binary data rather than with extracted signatures or features. Furthermore, we show how the first 1 KB of binary data is sufficient to classify samples as benign or malicious with a high degree of accuracy. Based on these principles we developed a Multi-Input Transformer based approach capable of achieving a 0.976 F1 score, an improvement in accuracy of 5.86% over traditional models such as Malconv and LightGBM. We extend these concepts further by acknowledging that new forms of malicious software are continually being developed, and that such software does not identify itself as either benign or malicious. Towards that end we developed a Self-Supervised Contrastive Learning based model, applying augmentations that are specific to the structure of WinPE files, capable of achieving a macro-averaged F1 score of 0.843 with as few of 50% of the labeled data.
This represents a significant improvement over baseline models such as Malconv which require 100% of the data to be labeled, as well as an improvement of 6.57% over traditional image-based augmentations. Inspired by recent advance in Large language Model, we apply Natural Language Processing to the opcode sequences within each sample, and to the underlying metadata within each WinPE sample. Based on our earlier findings in DL based approach, we fine-tune a foundational Large Language Model (LLM) based on malware samples from the Sophos Reversing Labs 20M dataset, such that it is able to understand, interpret, and decipher each file. We compare the performance of our novel LLM in terms of the macro-averaged F1 score, the macro-averaged sensitivity, while adding in the Time to First Token latency along with Next Token Latency, against a range of general purpose Generative AI models such as TinyLlama, Phi-3, Flan-t5, and Llama3. In the next stage, we plan to conduct an ablation study to determine which specific portions of the metadata have the most impact in terms of the underlying model accuracy. We also plan to investigate how a virtualized LLM can be efficiently deployed in a SDN environment leveraging Kubernetes and SR-IOV in real-world scenarios.