RESEARCH

RESEARCH CONTRIBUTIONS SINCE TENURE (2005-PRESENT)


Research can take on both theory and experimental components, and the resulting emphasis can impact various metrics. Note whether the faculty nominated emphasizes more theory, experimental, or is balanced. Dr. Khan's research is balanced. He is an internationally recognized authority in stream data mining fundamentals and applications in cybersecurity and scalable complex data analytics. He pioneered the development of many novel algorithms, frameworks and performance-driven approaches in these areas. He develops a number of novel approaches, supported by mathematical rigors and demonstrates superiority of his approaches over baselines with experimental results. More specifically, his group has done significant research on machine learning (ML)/data mining, data analytics in cyber security, real-time anomaly detection over evolving streams, vulnerability analysis of malware apps for smart phones, encrypted traffic analysis, and secure encrypted stream data processing using modern secure hardware extensions.

Data streams are continuous flows of data. Examples of data streams include network traffic, sensor data, call center records and so on. The sheer volume and speed of data pose a great challenge for the data mining community to mine them. His work on novel class detection over evolving data streams opened up new areas in the field of stream mining/online learning. He was the first researcher to demonstrate that the novel class detection technique can be effectively utilized for finding brand new or emerging class/patterns in streaming data where the data may also possess instances from multiple existing classes (characteristics of data may change). This work had a significant impact in cyber security applications including intrusion detection, insider threat detection, website fingerprinting, and textual stream. In particular to the problem of intrusion detection over a stream of network traffic, one can consider each type of attack as a class label. In this case, novel class occurs when a completely new kind of attack occurs in the traffic. Dr. Khan was the first to investigate this problem, and proposed improved solutions.

Good quality similarity metrics can significantly facilitate the performance of many large-scale, real-world applications. Existing studies have proposed various solutions to learn a Mahalanobis or bilinear metric in an online fashion by either restricting distances between similar (dissimilar) pairs to be smaller (larger) than a given lower (upper) bound or requiring similar instances to be separated from dissimilar instances with a given margin. However, these linear metrics learned by leveraging fixed bounds or margins may not perform well in real-world applications, especially when data distributions are complex. Dr. Khan’s team aims to address the open challenge of “Online Adaptive Metric Learning” (OAML) for learning adaptive metric functions on-the-fly.

In adversarial learning case, the trained models often fail to produce robust or reliable result on the ambiguous test pairs, it is mainly due to the sampling strategies of the training set may fail to describe the distribution of negative samples, especially someone that may closer to the margin (also called hard negative samples). Dr. Khan’s team focuses on addressing such problems and propose an adaptive margin deep adversarial metric learning (AMDAML) framework. It exploits numerous common negative samples to generate potential hard negatives (adversarial examples), then applies them to facilitate robust metric learning.

With regard to cyber-security, With the increase in adoption of blockchain technology in providing decentralized solutions to various problems such as Internet of Things (IoT) data management, and supply chain solutions, there is a need to address different challenges which include vulnerable smart contract applications deployed on the blockchain, susceptibility of the blockchain to adversarial attacks such as denial of service attacks and collusion attacks which limits its full deployment. Dr. Khan’s team is addressing these challenges and propose solutions based on our initial work in secure smart contract, vulnerability detection and mitigation and data processing on the blockchain platform.