Dinil Mon Divakaran

Dr. Dinil Mon Divakaran (Senior Member '14, IEEE) is a Senior Principal Scientist at A*STAR Institute for Infocomm Research (I2R), with more than 20 years of research experience in security of network, web, software and AI systems. Over the years, he has been leading the research and development of AI models addressing challenges in the area of cybersecurity and privacy. He is also an Adjunct Assistant Professor of School of Computing in NUS. He collaborates with numerous researchers, experts and students around the globe.

Dinil's research experience spans both industry and academia. In the past decade, he headed research teams at two cybersecurity firms, Acronis and Trustwave. He previously held faculty position at the Indian Institute of Technology (IIT) Mandi. He carried out his doctoral studies at the INRIA lab in ENS Lyon in France, in collaboration with Bell Labs. He holds a Master degree in Computer Science and Engineering from IIT Madras, India.

Dinil often gives talks on AI and Cybersecurity (recent talks are listed here).

Google Scholar profile . Full list of publications . DBLP

Open research positions at all levels - undergraduates, recent PhD graduates and experienced researchers, in the domain of AI for Security as well as Security of AI systems. If interested, mail in your CV and statement of interest.

Research experience and interests:

AI security:

AI models (e.g., LLMs) for solving security problems (see this article for an overview)
Security of AI systems and applications
Red teaming of AI systems (offensive security)

Network, web and system security:

- Phishing: detection, evasion and counter-evasion
- Attack and counter-attack strategies in networks of different scale and size - enterprises, home consumers, IoTs, ISPs, etc.
- Large-scale security log analysis of endpoints (EDR) and network perimeter monitoring systems (SIEM)

.. and ..

- Programmable data planes: P4 switches, SmartNICs
- QoS/QoE: Queueing, scheduling, bandwidth allocation of packets, flows, sessions (in previous life)

Research highlights:

How can LLMs help in addressing cyber security problems?
- [New] Dinil Mon Divakaran and Sai Teja Peddinti, “Large Language Models for Cybersecurity: New Opportunities,” IEEE Security & Privacy, 2024 [preprint PDF] [arXiv].
Multiple research works on phishing, based on ML/DL/LLMs (GenAI) models for defensive and offensive strategies:

Our first attempt at utilizing LLMs for phishing detection and interpretation:

- [New] Jehyun Lee, Peiyuan Lim, Bryan Hooi, and Dinil Mon Divakaran, “Multimodal Large Language Models for Phishing Webpage Detection and Identification,” in eCrime (Symposium on Electronic Crime Research), 2024 [GitHub][PDF].

Adversarial attack against AI-based phishing detection; an offensive strategy:

- Jehyun Lee, Zhe Xin, Melanie Ng Pei See, Kanav Sabharwal, Giovanni Apruzzesel and Dinil Mon Divakaran, “Attacking logo-based phishing website detectors with adversarial perturbations,” ESORICS 2023 [GitHub][PDF].
- Dinil Mon Divakaran and Adam Oest, “Phishing detection leveraging machine learning and deep learning: A review,” IEEE Security and Privacy, 2022 [PDF].

The following two works leverage CV models to detect and identify logos on a webpage, for phishing target identification:

- Ruofan Liu, Yun Lin, X. Yang, S. H. Ng, Dinil Mon Divakaran, and Jin Song Dong, “Inferring Phishing Intention via Webpage Appearance and Dynamics: A Deep Vision Based Approach,” in USENIX Security Symposium, 2022 [Dataset] [PDF].
- Yun Lin, Ruofan Liu, Dinil Mon Divakaran, Jun Yang Ng, Qing Zhou Chan, Yiwen Lu, Yuxuan Si, Fan Zhang, and Jin Song Dong, “Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages,” in USENIX Security Symposium, 2021 [Dataset] [PDF].

.. and to the best of our knowledge, the first work to leverage BERT (LLM) for phishing email detection:

- Jehyun Lee, Farren Tang, Pingxiao Ye, Fahim Abbasi, Phil Hay, and Dinil Mon Divakaran, “D-Fence: A Flexible, Efficient, and Comprehensive Phishing Email Detection System,” in IEEE European Symposium on Security and Privacy (IEEE EuroS&P), 2021 [PDF].

Building phishing detector resilient to adversarial attack:

- Jehyun Lee, Pingxiao Ye, Ruofan Liu, Dinil Mon Divakaran, and Chan Mun Choon, “Building robust phishing detection system: an empirical analysis,” in NDSS MADWeb, Feb. 2020 [Dataset] [PDF].
Machine Unlearning:
- Quoc Phong Nguyen, Ryutaro Oikawa, Dinil Mon Divakaran, Kian Hsiang Low, and Mun Choon Chan, “Markov Chain Monte Carlo-Based Machine Unlearning: Unlearning What Needs to be Forgotten,” in 17th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS), 2022 [PDF]. [Demonstrates unlearning of noises on phishing dataset]
IoT security and privacy: fingerprinting and counter-fingerprinting, attack detection, etc.

An early work on leveraging Transformer model for learning network traffic characteristics:

- [New] Binghui Wu, Philipp Gysel, Dinil Mon Divakaran, and Mohan Gurusamy. “ZEST: Attention-based Zero-Shot Learning for Unseen IoT Device Classification," IEEE NOMS, 2024 [GitHub][PDF]

Offense for defense: adversarial ML for countering fingerprinting attacks:

- Akshaye Shenoi, Prasanna Karthik, Kanav Sabharwal, Li Jialin, and Dinil Mon Divakaran, “iPET: Privacy Enhancing Traffic Perturbations for Secure IoT Communications,” in PETS (Privacy Enhancing Technologies Symposium), 2023 [GitHub][PDF].
- Biswadeep Chakraborty, Dinil Mon Divakaran, Ido Nevat, Gareth W. Peters, and Mohan Gurusamy, “Cost-aware Feature Selection for IoT Device Classification,” IEEE Internet of Things Journal, 2021 [Dataset] [PDF].
- Kushan S. K. Liyanage, Dinil Mon Divakaran, Rhishi Pratap Singh, and Mohan Gurusamy, “ADEPT: Detection and Identification of Correlated Attack-Stages in IoT Networks,” IEEE Internet of Things Journal, 2021 [Dataset] [PDF].
- Vijayanand Thangavelu, Dinil Mon Divakaran, Rishi Sairam, Suman Sankar Bhunia, and Mohan Gurusamy, “DEFT: A Distributed IoT Fingerprinting Technique,” IEEE Internet of Things Journal, vol. 6, no. 1, pp. 940–952, Feb 2019 [Dataset] [PDF].
One of the earliest works to explore unsupervised deep learning for detecting anomalies in network traffic:
- Quoc Phong Nguyen, Kar Wai Lim, Dinil Mon Divakaran, Kian Hsiang Low, and Mun Choon Chan, “GEE: a gradient-based explainable variational autoencoder for network anomaly detection,” in IEEE CNS, June 2019 [PDF].

Related works using semi-supervised approaches:

- Ido Nevat, Dinil Mon Divakaran, Sai Ganesh Nagarajan, Pengfei Zhang, Su Le, Ko Li Ling, and Vrizlynn Thing, “Anomaly Detection and Attribution in Networks with Temporally Correlated Traffic,” IEEE/ACM Transactions on Networking, 2018 [PDF].
- Dinil Mon Divakaran, Fok Kar Wai, Ido Nevat, and Vrizlynn Thing, “Evidence Gathering for Network Security and Forensics,” in Digital Investigation, vol. 20, Supplement, pp. S56 – S65, 2017, DOI: 10.1016/j.diin.2017.02.001 (open access). Note: also presented at DFRWS 2017.
Website fingerprinting:

Are regular users safe from WFP attacks when using the latest QUIC protocol for both DNS and web browsing?

[New] Levente Csikor, Ziyue Lian, Haoran Zhang, Nitya Lakshmanan and Dinil Mon Divakaran, “DNS-over-QUIC and HTTP/3 in the Era of Transformers: The New Internet Privacy Battle,” IEEE Communications Magazine, 2025.

DoH and Web traffic use HTTPS protocol for communications. Does that make DoH hard to be differentiated and thereby identified?

- Levente Csikor, Himanshu Singh, Min Suk Kang, and Dinil Mon Divakaran, “Privacy of DNS-over-HTTPS: Requiem for a Dream?,” in IEEE European Symposium on Security and Privacy (IEEE EuroS&P), 2021 [GitHub] [PDF].

7. Prioritizing events in large-scale security logs for investigations using an unsupervised approach:

- [New] Philipp Gysel, Candid Wüest, Kenneth Nwafor, Otakar Jašek, Andrey Ustyuzhanin, and Dinil Mon Divakaran, “EagleEye: Attention to Unveil Malicious Event Sequences from Provenance Graphs,” in eCrime (Symposium on Electronic Crime Research), 2024 [GitHub][PDF].
- Jehyun Lee, Farren Tang, Phyo May Thet, Desmond Yeoh, Mitch Rybczynski, and Dinil Mon Divakaran, “SIERRA: Ranking Anomalous Activities in Enterprise Networks,” in IEEE European Symposium on Security and Privacy (IEEE EuroS&P), 2022 [PDF].