Sitemap
A list of all the posts and pages found on the site. For you robots out there, there is an XML version available for digesting as well.
Pages
Posts
Future Blog Post
Published:
This post will show up by default. To disable scheduling of future posts, edit config.yml and set future: false.
Blog Post number 4
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
Blog Post number 3
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
Blog Post number 2
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
Blog Post number 1
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
portfolio
Portfolio item number 1
Short description of portfolio item number 1
Portfolio item number 2
Short description of portfolio item number 2
publications
Rigorous Evaluation of Machine Learning-Based Intrusion Detection Against Adversarial Attacks
Published in IEEE International Conference on Cyber Security and Resilience, 2024
Abstract: The rapid growth of the Internet of Things (IoT) has engendered profound security challenges. Intrusion detection system (IDS) is a security measure to mitigate these challenges by continuously monitoring system data and alerting to any suspicious activity. While machine learning (ML) has emerged as a promising IDS solution, its vulnerability to adversarial attacks raises concerns about the reliability of these systems. In this paper, we present a rigorous evaluation framework to assess the performance of ML-based IDS against various adversarial attacks in IoT environments. Our framework employs a wide range of adversarial attack techniques, including white-box, gray-box, and black-box adversarial attacks, across four realistic and recent IoT intrusion datasets. Our results showed that the intrusion detection performance of state-of-the-art ML and DL models deteriorates by up to 49.5 × under adversarial attacks. This observation indicates an urgent need for more resilient ML-IDS solutions against adversarial attacks in IoT systems.
Recommended citation: Gungor, O., Li, E., Shang, Z., Guo, Y., Chen, J., Davis, J., & Rosing, T. (2024). Rigorous Evaluation of Machine Learning-Based Intrusion Detection Against Adversarial Attacks. In 2024 IEEE International Conference on Cyber Security and Resilience (CSR) (pp. 152-158).
Download Paper | Download Slides
DYNAMITE: Dynamic Defense Selection for Enhancing Machine Learning-based Intrusion Detection Against Adversarial Attacks
Published in IEEE/ACM Workshop on the Internet of Safe Things, 2025
Abstract: The rapid proliferation of the Internet of Things (IoT) has introduced substantial security vulnerabilities, highlighting the need for robust Intrusion Detection Systems (IDS). Machine learning-based intrusion detection systems (ML-IDS) have significantly improved threat detection capabilities; however, they remain highly susceptible to adversarial attacks. While numerous defense mechanisms have been proposed to enhance ML-IDS resilience, a systematic approach for selecting the most effective defense against a specific adversarial attack remains absent. To address this challenge, we propose Dynamite, a dynamic defense selection framework that enhances ML-IDS by intelligently identifying and deploying the most suitable defense using a machine learning-driven selection mechanism. Our results demonstrate that Dynamite achieves a 96.2% reduction in computational time compared to the Oracle, significantly decreasing computational overhead while preserving strong prediction performance. Dynamite also demonstrates an average F1-score improvement of 76.7% over random defense and 65.8% over the best static state-of-the-art defense.
Recommended citation: Jing Chen, Onat Gungor, Zhengli Shang, Elvin Li, & Tajana Rosing. (2025). DYNAMITE: Dynamic Defense Selection for Enhancing Machine Learning-based Intrusion Detection Against Adversarial Attacks.
Download Paper | Download Slides
SAFE: Self-Supervised Anomaly Detection Framework for Intrusion Detection
Published in AAAI'25 Workshop on Artificial Intelligence for Cybersecurity, 2025
Abstract: The proliferation of IoT devices has significantly increased network vulnerabilities, creating an urgent need for effective Intrusion Detection Systems (IDS). Machine Learning-based IDS (ML-IDS) offer advanced detection capabilities but rely on labeled attack data, which limits their ability to identify unknown threats. Self-Supervised Learning (SSL) presents a promising solution by using only normal data to detect patterns and anomalies. This paper introduces SAFE, a novel framework that transforms tabular network intrusion data into an image-like format, enabling Masked Autoencoders (MAEs) to learn robust representations of network behavior. The features extracted by the MAEs are then incorporated into a lightweight novelty detector, enhancing the effectiveness of anomaly detection. Experimental results demonstrate that SAFE outperforms the state-of-the-art anomaly detection method, Scale Learning-based Deep Anomaly Detection method (SLAD), by up to 26.2% and surpasses the state-of-the-art SSL-based network intrusion detection approach, Anomal-E, by up to 23.5% in F1-score.
Recommended citation: Elvin Li, Zhengli Shang, Onat Gungor, & Tajana Rosing. (2025). SAFE: Self-Supervised Anomaly Detection Framework for Intrusion Detection.
Download Paper | Download Slides
CITADEL: Continual Anomaly Detection for Enhanced Learning in IoT Intrusion Detection
Published in IEEE Internet of Things Journal, 2025
The Internet of Things (IoT), with its high degree of interconnectivity and limited computational resources, is particularly vulnerable to a wide range of cyber threats. Intrusion detection systems (IDS) have been extensively studied to enhance IoT security, and machine learning-based IDS (ML-IDS) show considerable promise for detecting malicious activity. However, their effectiveness is often constrained by poor adaptability to emerging threats and the issue of catastrophic forgetting during continuous learning. To address these challenges, we propose CITADEL, a self-supervised continual learning framework designed to extract robust representations from benign data while preserving long-term knowledge through optimized memory consolidation mechanisms. CITADEL integrates a tabular-to-image transformation module, a memory-aware masked autoencoder for self-supervised representation learning, and a novelty detection component capable of identifying anomalies without dependence on labeled attack data. Our design enables the system to incrementally adapt to emerging behaviors while retaining its ability to detect previously observed threats. Experiments on multiple intrusion datasets demonstrate that CITADEL achieves up to a 72.9% improvement over the VAE-based lifelong anomaly detector (VLAD) in key detection and retention metrics, highlighting its effectiveness in dynamic IoT environments.
Recommended citation: Elvin Li, Onat Gungor, Zhengli Shang, Tajana Rosing (2025). CITADEL: Continual Anomaly Detection for Enhanced Learning in IoT Intrusion Detection.
Download Paper | Download Slides
talks
Talk 1 on Relevant Topic in Your Field
Published:
This is a description of your talk, which is a markdown file that can be all markdown-ified like any other post. Yay markdown!
Conference Proceeding talk 3 on Relevant Topic in Your Field
Published:
This is a description of your conference proceedings talk, note the different field in type. You can put anything in this field.
teaching
Teaching experience 1
Undergraduate course, University 1, Department, 2014
This is a description of a teaching experience. You can use markdown like any other post.
Teaching experience 2
Workshop, University 1, Department, 2015
This is a description of a teaching experience. You can use markdown like any other post.