I am a Graduate Student at Penn State, where I attend the laboratory led by Liu Peng, the director of the Cyber Security Lab.My research focuses on Network and System Security, and Deep Learning.
Research Experience
Research Assistant
Pennsylvania State University• 08.2023 - Present
Reinforcement Learning for Advanced Persistent Threat
Analyzing real-world enterprise login data and network data to reconstruct the actual network environment.
Simulating the attack behavior of APT groups such as APT28 or APT41.
Academia Sinica• 09.2021 - 06.2023
Graph-based Neural Attack Behavior Detection and Alignment with Kernel Audit Logs for Advanced Persistent Threats
Simulated APT attack on Linux and Windows
Developed a theory for efficiently reducing kernel audit logs to ensure the high quality of behavior detection
Developed models leveraging graph embedding to correlate and mine suspicious behavior in audit logs
Modeling Threat Representation through Building Cyber Threat Knowledge Base for Advanced Persistent Threats
Developed models to extract semantic context from cyber threat intelligence platforms for generating provenance graphs
Using Honeypot Logs and Packets for Identifying Network Attack Patterns and their Signature
Utilizing BERT-based models to analyze packets and logs from honeypots provided by Soft Bank
P.-Y. Tseng, P.-C. Lin, Edy Kristianto, Vehicle Theft Detection by Generative Adversarial Networks on Driving Behavior. Engineering Applications of Artificial Intelligence (published) [Paper]
Project
Reinforcement Learning for Advanced Persistent Threat
A novel approach to defend against APT attacks, specifically targeting lateral movement.
To formulate APT attack into Observable Markov Decision Process (POMDP) problems
APT Discovery using OSINT and Network & System Logs
Integrated Open-source intelligence, Cyber threat intelligence, and MITRE ATT&CK framework into a cyber threat knowledge base, and developed neural network architectures to analyze and detect APT attacks in a multi-host environment.
Aligned the observed evidence to adversary lifecycle and correlated the relation between the detected