Dr. Dinil Mon Divakaran is a senior researcher with more than a decade of experience leading R&D of AI models addressing challenges primarily in the domain of cyber security and privacy, but also in the systems and network domain. He is also an Adjunct Assistant Professor of School of Computing in NUS, and collaborates with numerous researchers, experts and students in the field of cyber security, networking and AI.
In his latest role as Research Lead at Acronis, he led a globally distributed team to develop AI models for detection of threats and attacks (malware, phishing, etc.). In the past, Dinil headed Trustwave Research, the global cyber security R&D unit of Trustwave, developing research solutions and transitioning them into products. He has also worked at A*STAR Institute for Infocomm Research (I²R), and served as the Deputy Head of the Network Security department leading projects on network security and analytics.
Dinil's research experience cuts across both industry and academia. He previously held faculty position at the Indian Institute of Technology (IIT) Mandi. He carried out his doctoral studies at the INRIA lab in ENS Lyon in France, in collaboration with Bell Labs. He holds a Master degree in Computer Science and Engineering from IIT Madras, India.
Research experience and interests:
AI security:
AI models for solving security problems
Security of LLM applications
LLMs for enhancing security solutions
Network, web and end-point security:
Large-scale security log analysis of end-points (EDR) and network perimeter monitoring systems (SIEM)
Phishing: detection, evasion and counter-evasion
Attack and counter-attack strategies in networks of different scale and size - enterprises, home consumers, IoTs, ISPs, etc.
.. and ..
Programmable data planes: P4 switches, SmartNICs
QoS/QoE: Queueing, scheduling, bandwidth allocation of packets, flows, sessions (in previous life)
Research highlights:
Multiple research works on phishing, leveraging ML/DL (including generative) models for defensive and offensive strategies:
Adversarial attack against AI-based phishing detection; an offensive strategy:
[New] Jehyun Lee, Zhe Xin, Melanie Ng Pei See, Kanav Sabharwal, Giovanni Apruzzesel and Dinil Mon Divakaran, “Attacking logo-based phishing website detectors with adversarial perturbations,” ESORICS 2023 [GitHub][PDF].
Dinil Mon Divakaran and Adam Oest, “Phishing detection leveraging machine learning and deep learning: A review,” IEEE Security and Privacy, 2022 [PDF].
The following two works leverage CV models to detect and identify logos on a webpage, for phishing target identification:
Ruofan Liu, Yun Lin, X. Yang, S. H. Ng, Dinil Mon Divakaran, and Jin Song Dong, “Inferring Phishing Intention via Webpage Appearance and Dynamics: A Deep Vision Based Approach,” in USENIX Security Symposium, 2022 [Dataset] [PDF].
Yun Lin, Ruofan Liu, Dinil Mon Divakaran, Jun Yang Ng, Qing Zhou Chan, Yiwen Lu, Yuxuan Si, Fan Zhang, and Jin Song Dong, “Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages,” in USENIX Security Symposium, 2021 [Dataset] [PDF].
.. and to the best of our knowledge, the first work to leverage BERT (LLM) for phishing email detection:
Jehyun Lee, Farren Tang, Pingxiao Ye, Fahim Abbasi, Phil Hay, and Dinil Mon Divakaran, “D-Fence: A Flexible, Efficient, and Comprehensive Phishing Email Detection System,” in IEEE European Symposium on Security and Privacy (IEEE EuroS&P), 2021 [PDF].
Building phishing detector resilient against adversarial attack:
Jehyun Lee, Pingxiao Ye, Ruofan Liu, Dinil Mon Divakaran, and Chan Mun Choon, “Building robust phishing detection system: an empirical analysis,” in NDSS MADWeb, Feb. 2020 [Dataset] [PDF].
Machine Unlearning:
Quoc Phong Nguyen, Ryutaro Oikawa, Dinil Mon Divakaran, Kian Hsiang Low, and Mun Choon Chan, “Markov Chain Monte Carlo-Based Machine Unlearning: Unlearning What Needs to be Forgotten,” in 17th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS), 2022. [PDF]. [Demonstrates unlearning of noises on phishing dataset]
IoT security and privacy: fingerprinting and counter-fingerprinting, attack detection, etc.
An early work on leveraging Transformer model for learning network traffic characteristics:
Offense for defense: adversarial ML for countering fingerprinting attacks:
Akshaye Shenoi, Prasanna Karthik, Kanav Sabharwal, Li Jialin, and Dinil Mon Divakaran, “iPET: Privacy Enhancing Traffic Perturbations for Secure IoT Communications,” in PETS (Privacy Enhancing Technologies Symposium), 2023 [GitHub][PDF].
Biswadeep Chakraborty, Dinil Mon Divakaran, Ido Nevat, Gareth W. Peters, and Mohan Gurusamy, “Cost-aware Feature Selection for IoT Device Classification,” IEEE Internet of Things Journal, 2021 [Dataset] [PDF].
Kushan S. K. Liyanage, Dinil Mon Divakaran, Rhishi Pratap Singh, and Mohan Gurusamy, “ADEPT: Detection and Identification of Correlated Attack-Stages in IoT Networks,” IEEE Internet of Things Journal, 2021 [Dataset] [PDF].
Vijayanand Thangavelu, Dinil Mon Divakaran, Rishi Sairam, Suman Sankar Bhunia, and Mohan Gurusamy, “DEFT: A Distributed IoT Fingerprinting Technique,” IEEE Internet of Things Journal, vol. 6, no. 1, pp. 940–952, Feb 2019 [Dataset] [PDF].
Prioritizing events in large-scale security logs for investigations using an unsupervised approach:
Jehyun Lee, Farren Tang, Phyo May Thet, Desmond Yeoh, Mitch Rybczynski, and Dinil Mon Divakaran, “SIERRA: Ranking Anomalous Activities in Enterprise Networks,” in IEEE European Symposium on Security and Privacy (IEEE EuroS&P), 2022 [PDF].
One of the earliest works to explore unsupervised deep learning for detecting anomalies in network traffic:
Quoc Phong Nguyen, Kar Wai Lim, Dinil Mon Divakaran, Kian Hsiang Low, and Mun Choon Chan, “GEE: a gradient-based explainable variational autoencoder for network anomaly detection,” in IEEE CNS, June 2019 [PDF].
Related works using semi-supervised approaches:
Ido Nevat, Dinil Mon Divakaran, Sai Ganesh Nagarajan, Pengfei Zhang, Su Le, Ko Li Ling, and Vrizlynn Thing, “Anomaly Detection and Attribution in Networks with Temporally Correlated Traffic,” IEEE/ACM Transactions on Networking, 2018 [PDF].
Dinil Mon Divakaran, Fok Kar Wai, Ido Nevat, and Vrizlynn Thing, “Evidence Gathering for Network Security and Forensics,” in Digital Investigation, vol. 20, Supplement, pp. S56 – S65, 2017, DOI: 10.1016/j.diin.2017.02.001 (open access). Note: also presented at DFRWS 2017.
DoH and Web traffic use HTTPS protocol for communications. Does that make DoH hard to be differentiated and thereby identified?