About |
| | Research |
| | Publications |
| | Contact |
-
Automated Network Threat Detection:
We develop automated detection frameworks that identify malicious network behavior directly from packet-level telemetry. Our work focuses on DNS botnets, DoS attacks (HULK, GoldenEye), fast-flux networks, and OS scanning activity. Rather than relying on manually crafted signatures, we use search-based feature selection and machine learning models to discover discriminative header-level representations that adapt to evolving attack patterns.
Papers published:- Automated Network Incident Identification through Genetic Algorithm-Driven Feature Selection
- Automated Fast-Flux Detection using Machine Learning and Genetic Algorithms
-
Device and Host Fingerprinting:
We design automated fingerprinting systems capable of identifying devices, operating systems, and hosts using packet-level protocol headers, including encrypted SSL/TLS metadata. Our methods rely on wrapper-based search optimization to extract minimal yet highly discriminative feature subsets. These automatically generated fingerprints support device inventory, anomaly detection, and network visibility without dependence on expert-defined signatures.
Papers published:- Automated Host Identification Using SSL/TLS Traffic with SHAP and Artificial Bee Colony
- Automated IoT Device Identification using Network Traffic
- Comparative Analysis of Feature Selection Algorithms for Automated IoT Device Fingerprinting
- Operating System Fingerprinting via Automated Network Traffic Analysis
- Operating System Classification Performance of TCP/IP Protocol Headers
-
Optimization-Driven Feature Reduction and Explainable AI:
A central theme of our research is reducing informational redundancy in high-dimensional security telemetry while maintaining strong classification performance. We investigate genetic algorithms, Artificial Bee Colony optimization, and multi-method feature selection strategies to minimize feature sets without sacrificing predictive accuracy. We also integrate explainable AI techniques (e.g., SHAP) to analyze model behavior and guide feature reduction decisions. Recent work extends these principles to LLM-based IoT classification and numeric feature quantization.
Papers published:- Automated IoT Fingerprinting with LLMs: Harnessing Explainable AI and Artificial Bee Colony Optimization
- AI-Driven Genetic Algorithms for Enhanced Numeric Feature Quantization in IoT Device Fingerprinting for Threat Detection
- Comparative Analysis of Feature Selection Algorithms for Automated IoT Device Fingerprinting