About |
| | Research |
| | Publications |
| | Contact |
-
Network-based Threat and Attack Detection:
Our research introduces automated techniques to detect and classify network-based threats and attacks, such as DNS botnets, DoS attacks, and fast-flux networks. Using machine learning, genetic algorithms, and feature optimization, we develop detection systems that analyze network traffic patterns to uncover malicious activities, even when attackers attempt to evade traditional defenses. This approach eliminates the need for manual rule creation and allows for continuous adaptation to emerging threats, providing security teams with a more proactive and resilient solution for safeguarding networks. Papers published:
- Automated network incident identification through genetic algorithm-driven feature selection
- Automated fast-flux detection using machine learning and genetic algorithms
-
Network Host Fingerprinting and Identification:
Our work on network host fingerprinting and identification focuses on analyzing network traffic characteristics to uncover the unique signatures of individual hosts. Through advanced feature selection and machine learning algorithms, we develop fingerprints that can distinguish hosts with high accuracy, even in encrypted or complex environments. These fingerprints are then used to identify devices automatically, supporting tasks like inventory, monitoring, and anomaly detection. This fully automated process reduces reliance on manual signatures and enables scalable, real-time network management. Papers published:
- Automated Host Identification Using SSL/TLS Traffic with SHAP and Artificial Bee Colony
-
IoT Device Fingerprinting and Identification:
Our research develops automated methods for fingerprinting and identifying IoT devices based on their network behavior. By analyzing packets or single TCP/IP headers, we create unique fingerprints that reveal the type and vendor of each device, even with minimal data. We then use machine learning and optimization techniques to classify these devices accurately and efficiently. This approach helps network administrators detect, isolate, and manage IoT devices in large-scale environments, significantly improving overall security and visibility without the need for intrusive or device-dependent tools. Papers published:
- Automated IoT Fingerprinting with LLMs: Harnessing Explainable AI and Artificial Bee Colony Optimization
- Automated iot device identification using network traffic
- Comparative Analysis of Feature Selection Algorithms for Automated IoT Device Fingerprinting
- AI-Driven Genetic Algorithms for Enhanced Numeric Feature Quantization in IoT Device Fingerprinting for Threat Detection
-
Explainable AI and Feature Optimization in Network Security:
We focus on integrating explainable AI techniques and advanced feature optimization to enhance network security analytics. By using methods such as SHAP for explainability and algorithms like Artificial Bee Colony or genetic algorithms for feature selection, we reduce the complexity of data while maintaining or improving detection accuracy. This makes security models not only more efficient but also transparent and interpretable for practitioners. Our approach bridges the gap between high-performing black-box models and the practical need for understanding decision-making processes, empowering security teams to make more informed and confident responses. Papers published:
- Automated Host Identification Using SSL/TLS Traffic with SHAP and Artificial Bee Colony
- Automated IoT Fingerprinting with LLMs
- AI-Driven Genetic Algorithms for Enhanced Numeric Feature Quantization
-
Operating System Fingerprinting and Identification:
We propose a fully automated approach for fingerprinting and identifying operating systems by analyzing network packets without requiring expert-crafted signatures. By leveraging genetic algorithms for feature selection and various machine learning models, we create OS-specific fingerprints from protocol headers such as TCP/IP, HTTP, and DNS. These fingerprints are then used to accurately classify operating systems on hosts, facilitating enhanced network monitoring, vulnerability assessment, and asset management. Our method adapts to new or evolving OS versions, offering a robust and future-proof alternative to traditional manual techniques. Papers published:
- Operating system fingerprinting via automated network traffic analysis
- Operating System Classification Performance of TCP/IP Protocol Headers