Z. Berkay Celik

344 IST Building
University Park, PA 16802
zbc102@cse.psu.edu

CV
Google Scholar
Github
Linkedin



News


About Me

I am a research assistant in Department of Electrical Engineering and Computer Science at the Pennsylvania State University working with Prof. Patrick McDaniel and a member of the Systems and Internet Infrastructure Security Laboratory (SIIS).

During my Msc. studies, I worked with Prof. George Kesidis and Prof. David J. Miller on NSF NeTSE Unsupervised Flow-Based Clustering project (also supported by Cisco Systems URP gift and DHS/NSF EMIST/DETER project). My research there focused on network security and learning algorithms.

I also worked under the direction of Prof. Sema Oktug at Istanbul Technical University focusing on practical network security problems (e.g., fast-flux networks).


Projects

I’ve had the opportunity to work on a number of interesting research projects during my Msc. and PhD. studies. Here is a summary of some of my efforts.

Policy-based Secure Data Exchange

Data sharing among partners—users, organizations, companies—is crucial for the advancement of data analytics in many domains. Sharing through secure computation and differential privacy allows these partners to perform private computations on their sensitive data in controlled ways. However, in reality, there exist complex relationships among members. Politics, regulations, interest, trust, data demands and needs are one of the many reasons. Thus, there is a need for a mechanism to meet these conflicting relationships on data sharing. This paper presents Curie, an approach to exchange data among members whose membership has complex relationships. The CPL policy language that allows members to define the specifications of data exchange requirements is introduced. Members (partners) assert who and what to exchange through their local policies and negotiate a global sharing agreement. The agreement is implemented in a multi-party computation that guarantees sharing among members will comply with the policy as negotiated. The use of Curie is validated through an example of a health care application built on recently introduced secure multi-party computation and differential privacy frameworks, and policy and performance trade-offs are explored.

This paper is under peer-review: Curie: Policy-based Secure Data Exchange, Z. Berkay Celik, Hidayet Aksu, Abbas Acar,Ryan Sheatsley, A. Selcuk Uluagac and Patrick McDaniel, 2017. We extend the algorithms used in Curie paper and construct algorithms for Achieving Secure and Differentially Private Computations in Multiparty Settings. This paper is accepted to IEEE Privacy-aware computing (PAC) conference.

Patient-Driven Privacy Control

The introduction of data analytics into medicine has changed the nature of treatment. In this, patients are asked to disclose personal information such as genetic markers, lifestyle habits, and clinical history. This data is then used by statistical models to predict personalized treatments. However, due to privacy concerns, patients often desire to withhold sensitive information. This self-censorship can impede proper diagnosis and treatment, which may lead to serious health complications and even death. In this work, we present privacy distillation, a mechanism which allows patients to control the type and amount of information they wish to disclose to the healthcare providers for use in statistical models. Meanwhile, it retains the accuracy of models that have access to all patient data under a sufficient but not full set of privacy-relevant information. We validate privacy distillation using a corpus of patients prescribed to warfarin for a personalized dosage. We use a deep neural network to implement privacy distillation for training and making dose predictions. We find that privacy distillation with sufficient privacy-relevant information i) retains accuracy almost as good as having all patient data (only 3% worse), and ii) is effective at preventing errors that introduce health-related risks (yielding on average 3.9% of under- or over-prescriptions).

This paper is accepted to IEEE Privacy-aware computing (PAC) conference Patient-Driven Privacy Control through Generalized Distillation, Z. Berkay Celik, David Lopez-Paz, and Patrick McDaniel, 2016.

Extending Detection with Forensic Information

For over a quarter century, security-relevant detection has been driven by models learned from input features collected from real or simulated environments. An artifact (e.g., network event, potential malware sample, suspicious email) is deemed malicious or non-malicious based on its similarity to the learned model at run-time. However, the training of the models has been historically limited to only those features available at run time. This talk covers an alternate model construction approach that trains models using forensic “privileged” information–features available at training time but not at runtime–to improve the accuracy and resilience of detection systems. In particular, we adapt and extend recent advances in knowledge transfer, model influence, and distillation to enable the use of forensic data in a range of security domains. Such techniques open the door to systems that can integrate forensic data directly into detection models, and therein provide a means to fully exploit the information available about past security-relevant events.

This paper is under peer-review: Extending Detection with Forensic Information, Z. Berkay Celik, Patrick McDaniel, Rauf Izmailov, Nicolas Papernot and Ananthram Swami, 2016. Read more about formulation and implementation in our technical report, and feature cultivation in privileged-augmented detection Feature Cultivation in Privileged Information-augmented Detection (invited paper)

Malware Traffic Detection and Experimentation Artifacts

We present a framework for evaluating the transport layer feature space of malware heartbeat traffic. We utilize these features in a prototype detection system to distinguish malware traffic from traffic generated by legitimate applications. In contrast to previous work, we eliminate features at risk of producing overly optimistic detection results, detect previously unobserved anomalous behavior, and rely only on tamperresistant features making it difficult for sophisticated malware to avoid detection. Further, we characterize the evolution of malware evasion techniques over time by examining the behavior of 16 malware families. In particular, we highlight the difficulty of detecting malware that use traffic-shaping techniques to mimic legitimate traffic. Read more about the study here.

In our CSET 2011 work my co-authors and I also take a closer look at the experimentation artifacts of malware detection. We find that current approaches do not consider timing-based calibration of the C&C traffic traces prior to using this traffic to salt a background traffic trace. Thus, timing-based features of the C&C traffic may be artificially distinctive, potentially leading to (unrealistically) optimistic flow classification results.

We also studied the detection of Fast-Flux Service Networks (FFSNs) using DNS (Domain Name System) response packets. We have observed that current approaches do not employ a large combination of DNS features to feed into the proposed detection systems. The lack of features leads to high false positive or false negative rates triggered by benign activities including Content Distribution Networks (CDNs). Read more about the study here.

Machine Learning in Adversarial Settings

One of the limitations of machine learning in practice is that they are subject to adversarial samples. Adversarial samples are carefully modified inputs crafted to dictate a selected output. In the context of classification, adversarial samples are crafted so as to force a target model to classify them in a class different from their legitimate class. In this work, we focus on Deep Neural Networks (DNNs) for adversarial sample generation and attacker’s capabilities to evade systems built on DNNs.

In collaboration with Nicolas Papernot.

Science of Security

I am involved in Cyber-Security Collaborative Research Alliance (CSec CRA) with the Army Research Laboratory, Penn State, Carnegie Mellon, UC Riverside, UC Davis, and Indiana University. Our mandate is to develop a new science of security. As part of this effort, I’ve worked on the foundation for representing of operational and environmental knowledge. (See my work on operational models here). Our goal is to reason about both current and future states of a cyber-operation to make optimal decisions.


Professional Activities

  • 2016, Technical Program Committee for MILCOM’16 Track 3: Cyber Security and Trusted Computing.
  • 2017, Program Committee for ACM CCS Workshop on Internet-of-Things Security and Privacy (IoT S&P)
  • 2017, Publicity Chair for IEEE Conference on Communications and Network Security (CNS) Workshop on Cyber-Physical Systems Security (CPS-Sec)
  • Reviewer: IEEE S&P Magazine (2016), NDSS (2016), Journal of Network and Computer Applications (JNCA) (2016), Computers-Open Access Journal (2016), College of Engineering Research Symposium (CERS) (2016)

Invited Talks


Publications

JabRef references
Celik ZB, Raghuram J, Kesidis G and Miller DJ (2011), "Salting Public Traces with Attack Traffic to Test Flow Classifiers", In In USENIX Cyber Security and Experimentation (CSET) Workshop.
BibTeX:
@inproceedings{celik2011salting,
  author = {Celik, Z Berkay and Raghuram, Jayaram and Kesidis, George and Miller, David J},
  title = {Salting Public Traces with Attack Traffic to Test Flow Classifiers},
  booktitle = {In USENIX Cyber Security and Experimentation (CSET) Workshop},
  year = {2011},
  url = {https://beerkay.github.io/papers/Celik11_CSET.pdf}
}
Celik ZB and Oktug S (2013), "Detection of Fast-flux Networks using Various DNS Feature Sets", In IEEE Computers and Communications Symposium (ISCC).
BibTeX:
@inproceedings{celik2013detection,
  author = {Celik, Z. Berkay and Oktug, Sema},
  title = {Detection of Fast-flux Networks using Various DNS Feature Sets},
  booktitle = {IEEE Computers and Communications Symposium (ISCC)},
  year = {2013},
  url = {https://beerkay.github.io/papers/Celik13_ISCC.pdf}
}
Celik ZB, Walls RJ, McDaniel P and Swami A (2015), "Malware Traffic Detection using Tamper Resistant Features", In Internatonal Conference for Military Communications (MILCOM).
BibTeX:
@inproceedings{celik2015malware,
  author = {Celik, Z Berkay and Walls, Robert J and McDaniel, Patrick and Swami, Ananthram},
  title = {Malware Traffic Detection using Tamper Resistant Features},
  booktitle = {Internatonal Conference for Military Communications (MILCOM)},
  year = {2015},
  url = {https://beerkay.github.io/papers/Celik15_Milcom.pdf}
}
Celik ZB, Izmailov R and McDaniel P (2015), "Proof and Implementation of Algorithmic Realization of Learning Using Privileged Information (LUPI) Paradigm: SVM+".
BibTeX:
@misc{celik2015proof,
  author = {Celik, Z. Berkay and Izmailov, Rauf and McDaniel, Patrick},
  title = {Proof and Implementation of Algorithmic Realization of Learning Using Privileged Information (LUPI) Paradigm: SVM+},
  journal = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
  publisher = {http://www.cse.psu.edu/zbc102/files/svmplustechnicalreport15.pdf},
  year = {2015},
  number = {NAS-TR-0187-2015},
  url = {http://www.cse.psu.edu/~zbc102/files/svm_plus_technical_report_15.pdf}
}
Celik ZB, McDaniel P, Izmailov R, Papernot N and Swami A (2016), "Detection with Privileged Information", arXiv preprint arXiv:1603.09638.
BibTeX:
@article{celik2016building,
  author = {Celik, Z. Berkay and McDaniel, Patrick and Izmailov, Rauf and Papernot, Nicolas and Swami, Ananthram},
  title = {Detection with Privileged Information},
  journal = {arXiv preprint arXiv:1603.09638},
  year = {2016},
  url = {https://arxiv.org/pdf/1603.09638v3.pdf}
}
Celik ZB, Hu N, Li Y, Papernot N, McDaniel P, Rowe J, Walls R, Levitt K, Bartolini N, La Porta T and Chadha R (2016), "Mapping Sample Scenarios to Operational Models", In Internatonal Conference for Military Communications (MILCOM).
BibTeX:
@inproceedings{celik2016mapping,
  author = {Celik, Z. Berkay and Hu, Nan and Li, Yun and Papernot, Nicolas and McDaniel, Patrick and Rowe, Jeff and Walls, RobertJ. and Levitt, Karl and Bartolini, Novella and La Porta, Thomas and Chadha, Ritu},
  title = {Mapping Sample Scenarios to Operational Models},
  booktitle = {Internatonal Conference for Military Communications (MILCOM)},
  year = {2016}
}
McDaniel P, Papernot N and Celik ZB (2016), "Machine Learning in Adversarial Settings", Security & Privacy Magazine. Vol. 14(3) IEEE.
BibTeX:
@article{mcdaniel2016machine,
  author = {McDaniel, Patrick and Papernot, Nicolas and Celik, Z. Berkay},
  title = {Machine Learning in Adversarial Settings},
  journal = {Security & Privacy Magazine},
  publisher = {IEEE},
  year = {2016},
  volume = {14},
  number = {3},
  url = {http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=7478523&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D7478523}
}
Papernot N, McDaniel P, Jha S, Fredrikson M, Celik ZB and Swami A (2016), "The limitations of Deep Learning in Adversarial Settings", In IEEE European Symposium on Security and Privacy (EuroS&P).
BibTeX:
@inproceedings{papernot2016limitations,
  author = {Papernot, Nicolas and McDaniel, Patrick and Jha, Somesh and Fredrikson, Matt and Celik, Z Berkay and Swami, Ananthram},
  title = {The limitations of Deep Learning in Adversarial Settings},
  booktitle = {IEEE European Symposium on Security and Privacy (EuroS&P)},
  year = {2016},
  url = {https://arxiv.org/pdf/1511.07528v1.pdf}
}
Acar A, Celik ZB, Aksu H, Uluagac AS and McDaniel P (2017), "Achieving Secure and Differentially Private Computations in Multiparty Settings", In IEEE Privacy-Aware Computing (PAC).
BibTeX:
@inproceedings{abbas2017PAC,
  author = {Abbas Acar and Z. Berkay Celik and Hidayet Aksu and A. Selcuk Uluagac and Patrick McDaniel},
  title = {Achieving Secure and Differentially Private Computations in Multiparty Settings},
  booktitle = {IEEE Privacy-Aware Computing (PAC)},
  year = {2017}
}
Celik ZB, McDaniel Patrick and Izmailov R (2017), "Feature Cultivation in Privileged Information-augmented Detection", In International Workshop on Security And Privacy Analytics (Codaspy, IWSPA) (Invited Paper).
BibTeX:
@conference{berkayIWSPA17,
  author = {Celik, Z. Berkay and McDaniel, Patrick, and Izmailov, Rauf},
  title = {Feature Cultivation in Privileged Information-augmented Detection},
  booktitle = {International Workshop on Security And Privacy Analytics (Codaspy, IWSPA) (Invited Paper)},
  year = {2017}
}
Celik ZB, McDaniel P and Bowen T (2017), "Malware Modeling and Experimentation through Parameterized Behavior", Journal of Defense Modeling and Simulation (JDMS).
BibTeX:
@article{berkayMalwareModelling,
  author = {Celik, Z. Berkay and McDaniel, Patrick and Bowen, Thomas},
  title = {Malware Modeling and Experimentation through Parameterized Behavior},
  journal = {Journal of Defense Modeling and Simulation (JDMS)},
  year = {2017},
  url = {https://beerkay.github.io/papers/Celik17_JDMS.pdf}
}
Celik ZB, Lopez-Paz David, McDaniel P and Izmailov R (2017), "Patient-Driven Privacy Control through Generalized Distillation", IEEE Symposium on Privacy-Aware Computing (PAC).
BibTeX:
@article{celik2017Pets,
  author = {Celik, Z. Berkay and Lopez-Paz, David, and McDaniel, Patrick and Izmailov, Rauf},
  title = {Patient-Driven Privacy Control through Generalized Distillation},
  journal = {IEEE Symposium on Privacy-Aware Computing (PAC)},
  year = {2017},
  url = {https://arxiv.org/pdf/1611.08648v1.pdf}
}
Hu N, Bartolini Novella, La Porta T, Celik ZB and McDaniel P (2017), "Action-Driven Operation Model with Evaluation of Risk and Executability (ADOM-ERE)", In In submission.
BibTeX:
@inproceedings{nanberkay,
  author = {Hu, Nan and Bartolini, Novella, and La Porta, Tom and Celik, Z. Berkay and McDaniel, Patrick},
  title = {Action-Driven Operation Model with Evaluation of Risk and Executability (ADOM-ERE)},
  booktitle = {In submission},
  year = {2017}
}
Papernot N, McDaniel P, Goodfellow I, Jha S, Berkay Celik Z and Swami A (2017), "Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples", ACM Asia Conference on Computer and Communications Security (ASIACCS).
BibTeX:
@article{papernot2016practical,
  author = {Papernot, Nicolas and McDaniel, Patrick and Goodfellow, Ian and Jha, Somesh and Berkay Celik, Z and Swami, Ananthram},
  title = {Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples},
  journal = {ACM Asia Conference on Computer and Communications Security (ASIACCS)},
  year = {2017},
  url = {https://arxiv.org/pdf/1602.02697v2.pdf}
}