Z. Berkay Celik

344 IST Building
University Park, PA 16802
zbc102@cse.psu.edu

CV
Google Scholar
Github
Linkedin



News


About Me

I am a research assistant in Department of Electrical Engineering and Computer Science at the Pennsylvania State University working with Prof. Patrick McDaniel and a member of the Systems and Internet Infrastructure Security Laboratory (SIIS).

During my Msc. studies, I worked with Prof. George Kesidis and Prof. David J. Miller on NSF NeTSE Unsupervised Flow-Based Clustering project (also supported by Cisco Systems URP gift and DHS/NSF EMIST/DETER project). My research there focused on network security and learning algorithms.

I also worked under the direction of Prof. Sema Oktug at Istanbul Technical University focusing on practical network security problems (e.g., fast-flux networks).


Projects

I’ve had the opportunity to work on a number of interesting research projects during my Msc. and PhD. studies. Here is a summary of some of my efforts.

Patient-Driven Privacy Control

The introduction of data analytics into medicine has changed the nature of treatment. In this, patients are asked to disclose personal information such as genetic markers, lifestyle habits, and clinical history. This data is then used by statistical models to predict personalized treatments. However, due to privacy concerns, patients often desire to withhold sensitive information. This self-censorship can impede proper diagnosis and treatment, which may lead to serious health complications and even death. In this work, we present privacy distillation, a mechanism which allows patients to control the type and amount of information they wish to disclose to the healthcare providers for use in statistical models. Meanwhile, it retains the accuracy of models that have access to all patient data under a sufficient but not full set of privacy-relevant information. We validate privacy distillation using a corpus of patients prescribed to warfarin for a personalized dosage. We use a deep neural network to implement privacy distillation for training and making dose predictions. We find that privacy distillation with sufficient privacy-relevant information i) retains accuracy almost as good as having all patient data (only 3% worse), and ii) is effective at preventing errors that introduce health-related risks (yielding on average 3.9% of under- or over-prescriptions).

This paper is under peer-review: Patient-Driven Privacy Control through Generalized Distillation, Z. Berkay Celik, David Lopez-Paz, and Patrick McDaniel, 2016.

Extending Detection with Forensic Information

For over a quarter century, security-relevant detection has been driven by models learned from input features collected from real or simulated environments. An artifact (e.g., network event, potential malware sample, suspicious email) is deemed malicious or non-malicious based on its similarity to the learned model at run-time. However, the training of the models has been historically limited to only those features available at run time. This talk covers an alternate model construction approach that trains models using forensic “privileged” information–features available at training time but not at runtime–to improve the accuracy and resilience of detection systems. In particular, we adapt and extend recent advances in knowledge transfer, model influence, and distillation to enable the use of forensic data in a range of security domains. Such techniques open the door to systems that can integrate forensic data directly into detection models, and therein provide a means to fully exploit the information available about past security-relevant events.

This paper is under peer-review: Extending Detection with Forensic Information, Z. Berkay Celik, Patrick McDaniel, Rauf Izmailov, Nicolas Papernot and Ananthram Swami, 2016. Read more about formulation and implementation in technical report.

Malware Traffic Detection and Experimentation Artifacts

We present a framework for evaluating the transport layer feature space of malware heartbeat traffic. We utilize these features in a prototype detection system to distinguish malware traffic from traffic generated by legitimate applications. In contrast to previous work, we eliminate features at risk of producing overly optimistic detection results, detect previously unobserved anomalous behavior, and rely only on tamperresistant features making it difficult for sophisticated malware to avoid detection. Further, we characterize the evolution of malware evasion techniques over time by examining the behavior of 16 malware families. In particular, we highlight the difficulty of detecting malware that use traffic-shaping techniques to mimic legitimate traffic. Read more about the study here.

In our CSET 2011 work my co-authors and I also take a closer look at the experimentation artifacts of malware detection. We find that current approaches do not consider timing-based calibration of the C&C traffic traces prior to using this traffic to salt a background traffic trace. Thus, timing-based features of the C&C traffic may be artificially distinctive, potentially leading to (unrealistically) optimistic flow classification results.

We also studied the detection of Fast-Flux Service Networks (FFSNs) using DNS (Domain Name System) response packets. We have observed that current approaches do not employ a large combination of DNS features to feed into the proposed detection systems. The lack of features leads to high false positive or false negative rates triggered by benign activities including Content Distribution Networks (CDNs). Read more about the study here.

Machine Learning in Adversarial Settings

One of the limitations of machine learning in practice is that they are subject to adversarial samples. Adversarial samples are carefully modified inputs crafted to dictate a selected output. In the context of classification, adversarial samples are crafted so as to force a target model to classify them in a class different from their legitimate class. In this work, we focus on Deep Neural Networks (DNNs) for adversarial sample generation and attacker’s capabilities to evade systems built on DNNs.

In collaboration with Nicolas Papernot.

Science of Security

I am involved in Cyber-Security Collaborative Research Alliance (CSec CRA) with the Army Research Laboratory, Penn State, Carnegie Mellon, UC Riverside, UC Davis, and Indiana University. Our mandate is to develop a new science of security. As part of this effort, I’ve worked on the foundation for representing of operational and environmental knowledge. (See my work on operational models here). Our goal to reason about both current and future states of a system to make optimal decisions.


Invited Talks

Publications

Berkay references
Celik ZB, McDaniel Patrick and Izmailov R (2017), "Feature Cultivation in Privileged Information-augmented Detection", In Proc. International Workshop on Security And Privacy Analytics (CODASPY IWSPA) (Invited Paper).
BibTeX:
@conference{berkayIWSPA17,
  author = {Celik, Z. Berkay and McDaniel, Patrick, and Izmailov, Rauf},
  title = {Feature Cultivation in Privileged Information-augmented Detection},
  booktitle = {Proc. International Workshop on Security And Privacy Analytics (CodaSpy, IWSPA) (Invited Paper)},
  year = {2017}
}
Celik ZB, Lopez-Paz D, McDaniel P and Izmailov (2016), "Patient-Driven Privacy Control through Generalized Distillation", arXiv preprint arXiv:1611.08648.
BibTeX:
@article{celik2017Pets,
  author = {Celik, Z. Berkay and Lopez-Paz, David, and McDaniel, Patrick and Izmailov},
  title = {Patient-Driven Privacy Control through Generalized Distillation},
  journal = {In submission},
  year = {2016},
  url = {https://arxiv.org/pdf/1611.08648v1.pdf}
}
Celik ZB, McDaniel P, Izmailov R, Papernot N and Swami A (2016), "Extending Detection with Forensic Information", arXiv preprint arXiv:1603.09638.
BibTeX:
@article{celik2016building,
  author = {Celik, Z. Berkay and McDaniel, Patrick and Izmailov, Rauf and Papernot, Nicolas and Swami, Ananthram},
  title = {Extending Detection with Forensic Information},
  journal = {arXiv preprint arXiv:1603.09638},
  year = {2016},
  url = {https://arxiv.org/pdf/1603.09638v3.pdf}
}
Hu N, Bartolini N., La Porta T, Celik ZB and McDaniel P (2016), "Action-Driven Operation Model with Evaluation of Risk and Executability (ADOM-ERE)", In submission.
BibTeX:
@inproceedings{nanberkay,
  author = {Hu, Nan and Bartolini, Novella, and La Porta, Tom and Celik, Z. Berkay and McDaniel, Patrick},
  title = {Action-Driven Operation Model with Evaluation of Risk and Executability (ADOM-ERE)},
  booktitle = {In submission },
  year = {2016}
}
Celik ZB, Hu N, Li Y, Papernot N, McDaniel P, Rowe J, Walls R, Levitt K, Bartolini N, La Porta T and Chadha R (2016), "Mapping Sample Scenarios to Operational Models", In Internatonal Conference for Military Communications (MILCOM).
BibTeX:
@inproceedings{celik2016mapping,
  author = {Celik, Z. Berkay and Hu, Nan and Li, Yun and Papernot, Nicolas and McDaniel, Patrick and Rowe, Jeff and Walls, RobertJ. and Levitt, Karl and Bartolini, Novella and La Porta, Thomas and Chadha, Ritu},
  title = {Mapping Sample Scenarios to Operational Models},
  booktitle = {Internatonal Conference for Military Communications (MILCOM)},
  year = {2016}
}
McDaniel P, Papernot N and Celik ZB (2016), "Machine Learning in Adversarial Settings", Security & Privacy Magazine. Vol. 14(3) IEEE.
BibTeX:
@article{mcdaniel2016machine,
  author = {McDaniel, Patrick and Papernot, Nicolas and Celik, Z. Berkay},
  title = {Machine Learning in Adversarial Settings},
  journal = {Security & Privacy Magazine},
  publisher = {IEEE},
  year = {2016},
  volume = {14},
  number = {3},
  url = {http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=7478523&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D7478523}
}
Papernot N, McDaniel P, Jha S, Fredrikson M, Celik ZB and Swami A (2016), "The limitations of deep learning in adversarial settings", In 2016 IEEE European Symposium on Security and Privacy (EuroS&P).
BibTeX:
@inproceedings{papernot2016limitations,
  author = {Papernot, Nicolas and McDaniel, Patrick and Jha, Somesh and Fredrikson, Matt and Celik, Z Berkay and Swami, Ananthram},
  title = {The limitations of deep learning in adversarial settings},
  booktitle = {2016 IEEE European Symposium on Security and Privacy (EuroS&P)},
  year = {2016},
  url = {https://arxiv.org/pdf/1511.07528v1.pdf}
}
Papernot N, McDaniel P, Goodfellow I, Jha S, Berkay Celik Z and Swami A (2016), "Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples", arXiv preprint arXiv:1602.02697.
BibTeX:
@article{papernot2016practical,
  author = {Papernot, Nicolas and McDaniel, Patrick and Goodfellow, Ian and Jha, Somesh and Berkay Celik, Z and Swami, Ananthram},
  title = {Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples},
  journal = {arXiv preprint arXiv:1602.02697},
  year = {2016},
  url = {https://arxiv.org/pdf/1602.02697v2.pdf}
}
Celik ZB, Walls RJ, McDaniel P and Swami A (2015), "Malware Traffic Detection using Tamper Resistant Features", In Internatonal Conference for Military Communications (MILCOM).
BibTeX:
@inproceedings{celik2015malware,
  author = {Celik, Z Berkay and Walls, Robert J and McDaniel, Patrick and Swami, Ananthram},
  title = {Malware Traffic Detection using Tamper Resistant Features},
  booktitle = {Internatonal Conference for Military Communications (MILCOM)},
  year = {2015},
  url = {https://beerkay.github.io/papers/Celik15_Milcom.pdf}
}
Celik ZB, Izmailov R and McDaniel P (2015), "Proof and Implementation of Algorithmic Realization of Learning Using Privileged Information (LUPI) Paradigm: SVM+".
BibTeX:
@misc{celik2015proof,
  author = {Celik, Z. Berkay and Izmailov, Rauf and McDaniel, Patrick},
  title = {Proof and Implementation of Algorithmic Realization of Learning Using Privileged Information (LUPI) Paradigm: SVM+},
  journal = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
  publisher = {http://www.cse.psu.edu/zbc102/files/svmplustechnicalreport15.pdf},
  year = {2015},
  number = {NAS-TR-0187-2015},
  url = {http://www.cse.psu.edu/~zbc102/files/svm_plus_technical_report_15.pdf}
}
Celik ZB and Oktug S (2013), "Detection of fast-flux networks using various DNS feature sets", In Computers and Communications Symposium (ISCC).
BibTeX:
@inproceedings{celik2013detection,
  author = {Celik, Z Berkay and Oktug, Sema},
  title = {Detection of fast-flux networks using various DNS feature sets},
  booktitle = {Computers and Communications Symposium (ISCC)},
  year = {2013},
  url = {https://beerkay.github.io/papers/Celik13_ISCC.pdf}
}
Celik ZB, Raghuram J, Kesidis G and Miller DJ (2011), "Salting public traces with attack traffic to test flow classifiers", In In USENIX 4th CSET Workshop.
BibTeX:
@inproceedings{celik2011salting,
  author = {Celik, Z Berkay and Raghuram, Jayaram and Kesidis, George and Miller, David J},
  title = {Salting public traces with attack traffic to test flow classifiers},
  booktitle = {In USENIX 4th CSET Workshop},
  year = {2011},
  url = {https://beerkay.github.io/papers/Celik11_CSET.pdf}
}