Dr. Dinil Mon Divakaran is a Senior Principal Scientist at A*STAR Institute for Infocomm Research, with more than a decade of experience leading R&D of AI models addressing challenges primarily in the domain of cyber security and privacy, but also in the systems and networking domain. He is also an Adjunct Assistant Professor of School of Computing in NUS, and collaborates with numerous researchers, experts and students in the field of cyber security, networking and AI.
Dinil's research experience cuts across both industry and academia. In the past decade, he headed research teams at two cyber security firms, Acronis and Trustwave. He previously held faculty position at the Indian Institute of Technology (IIT) Mandi. He carried out his doctoral studies at the INRIA lab in ENS Lyon in France, in collaboration with Bell Labs. He holds a Master degree in Computer Science and Engineering from IIT Madras, India.
Research experience and interests:
AI security:
AI models (e.g., LLMs) for solving security problems (see this article for an overview)
Security of LLM applications
Red teaming of AI systems (offensive security)
Network, web and system security:
Phishing: detection, evasion and counter-evasion
Attack and counter-attack strategies in networks of different scale and size - enterprises, home consumers, IoTs, ISPs, etc.
Large-scale security log analysis of endpoints (EDR) and network perimeter monitoring systems (SIEM)
.. and ..
Programmable data planes: P4 switches, SmartNICs
QoS/QoE: Queueing, scheduling, bandwidth allocation of packets, flows, sessions (in previous life)
Research highlights:
How can LLMs help in addressing cyber security problems?
[New] Dinil Mon Divakaran and Sai Teja Peddinti, “LLMs for Cyber Security: New Opportunities,” arXiv preprint arXiv:2404.11338, 2024 [PDF].
Multiple research works on phishing, based on ML/DL (including generative) models for defensive and offensive strategies:
Adversarial attack against AI-based phishing detection; an offensive strategy:
[New] Jehyun Lee, Zhe Xin, Melanie Ng Pei See, Kanav Sabharwal, Giovanni Apruzzesel and Dinil Mon Divakaran, “Attacking logo-based phishing website detectors with adversarial perturbations,” ESORICS 2023 [GitHub][PDF].
Dinil Mon Divakaran and Adam Oest, “Phishing detection leveraging machine learning and deep learning: A review,” IEEE Security and Privacy, 2022 [PDF].
The following two works leverage CV models to detect and identify logos on a webpage, for phishing target identification:
Ruofan Liu, Yun Lin, X. Yang, S. H. Ng, Dinil Mon Divakaran, and Jin Song Dong, “Inferring Phishing Intention via Webpage Appearance and Dynamics: A Deep Vision Based Approach,” in USENIX Security Symposium, 2022 [Dataset] [PDF].
Yun Lin, Ruofan Liu, Dinil Mon Divakaran, Jun Yang Ng, Qing Zhou Chan, Yiwen Lu, Yuxuan Si, Fan Zhang, and Jin Song Dong, “Phishpedia: A Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages,” in USENIX Security Symposium, 2021 [Dataset] [PDF].
.. and to the best of our knowledge, the first work to leverage BERT (LLM) for phishing email detection:
Jehyun Lee, Farren Tang, Pingxiao Ye, Fahim Abbasi, Phil Hay, and Dinil Mon Divakaran, “D-Fence: A Flexible, Efficient, and Comprehensive Phishing Email Detection System,” in IEEE European Symposium on Security and Privacy (IEEE EuroS&P), 2021 [PDF].
Building phishing detector resilient against adversarial attack:
Jehyun Lee, Pingxiao Ye, Ruofan Liu, Dinil Mon Divakaran, and Chan Mun Choon, “Building robust phishing detection system: an empirical analysis,” in NDSS MADWeb, Feb. 2020 [Dataset] [PDF].
Machine Unlearning:
Quoc Phong Nguyen, Ryutaro Oikawa, Dinil Mon Divakaran, Kian Hsiang Low, and Mun Choon Chan, “Markov Chain Monte Carlo-Based Machine Unlearning: Unlearning What Needs to be Forgotten,” in 17th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS), 2022. [PDF]. [Demonstrates unlearning of noises on phishing dataset]
IoT security and privacy: fingerprinting and counter-fingerprinting, attack detection, etc.
An early work on leveraging Transformer model for learning network traffic characteristics:
Offense for defense: adversarial ML for countering fingerprinting attacks:
[New] Akshaye Shenoi, Prasanna Karthik, Kanav Sabharwal, Li Jialin, and Dinil Mon Divakaran, “iPET: Privacy Enhancing Traffic Perturbations for Secure IoT Communications,” in PETS (Privacy Enhancing Technologies Symposium), 2023 [GitHub][PDF].
Biswadeep Chakraborty, Dinil Mon Divakaran, Ido Nevat, Gareth W. Peters, and Mohan Gurusamy, “Cost-aware Feature Selection for IoT Device Classification,” IEEE Internet of Things Journal, 2021 [Dataset] [PDF].
Kushan S. K. Liyanage, Dinil Mon Divakaran, Rhishi Pratap Singh, and Mohan Gurusamy, “ADEPT: Detection and Identification of Correlated Attack-Stages in IoT Networks,” IEEE Internet of Things Journal, 2021 [Dataset] [PDF].
Vijayanand Thangavelu, Dinil Mon Divakaran, Rishi Sairam, Suman Sankar Bhunia, and Mohan Gurusamy, “DEFT: A Distributed IoT Fingerprinting Technique,” IEEE Internet of Things Journal, vol. 6, no. 1, pp. 940–952, Feb 2019 [Dataset] [PDF].
Prioritizing events in large-scale security logs for investigations using an unsupervised approach:
Jehyun Lee, Farren Tang, Phyo May Thet, Desmond Yeoh, Mitch Rybczynski, and Dinil Mon Divakaran, “SIERRA: Ranking Anomalous Activities in Enterprise Networks,” in IEEE European Symposium on Security and Privacy (IEEE EuroS&P), 2022 [PDF].
One of the earliest works to explore unsupervised deep learning for detecting anomalies in network traffic:
Quoc Phong Nguyen, Kar Wai Lim, Dinil Mon Divakaran, Kian Hsiang Low, and Mun Choon Chan, “GEE: a gradient-based explainable variational autoencoder for network anomaly detection,” in IEEE CNS, June 2019 [PDF].
Related works using semi-supervised approaches:
Ido Nevat, Dinil Mon Divakaran, Sai Ganesh Nagarajan, Pengfei Zhang, Su Le, Ko Li Ling, and Vrizlynn Thing, “Anomaly Detection and Attribution in Networks with Temporally Correlated Traffic,” IEEE/ACM Transactions on Networking, 2018 [PDF].
Dinil Mon Divakaran, Fok Kar Wai, Ido Nevat, and Vrizlynn Thing, “Evidence Gathering for Network Security and Forensics,” in Digital Investigation, vol. 20, Supplement, pp. S56 – S65, 2017, DOI: 10.1016/j.diin.2017.02.001 (open access). Note: also presented at DFRWS 2017.
DoH and Web traffic use HTTPS protocol for communications. Does that make DoH hard to be differentiated and thereby identified?