Mohammad Saidur Rahman

Sixth Year Ph.D. Candidate &
Graduate Research Assistant
ESL Global Cybersecurity Institute
Rochester Institute of Technology
Email: Saidur.Rahman [at] mail [dot] rit [dot] edu

Last Updated: September 20, 2023.

Resume (PDF)»

Open for Tenure Track Asst. Professor/ Postdoc/
Research Scientist position from Summer/Fall 2024.


  • [May 2023] Passed Ph.D. Proposal Defense.
  • [January 2023] Accepted Cybersecurity Research Intern offer at Cisco Quantum Lab.
  • [January 2023] Teaching CSEC-759: Advanced Malware Forensic course.
  • [August 2022] Continual Learning and Malware paper is accepted at the Conference on Lifelong Learning Agents - CoLLAs 2022.
  • [June 2022] SoK on Website Fingerprinting Defense paper is accepted at IEEE S&P (Oakland) 2023.
  • [March 2022] Transformer for Information Security paper is accepted at ACM Workshop on Robust Malware Analysis (WoRMA) 2022 (co-located with ACM AsiaCCS 2022).
  • [November 2021] DeepCoFFEA paper is accepted at IEEE S&P (Oakland) 2022.
  • [November 2021] Giving a Talk at Cybersecurity Healthy Arguments about Advancing The State-of-the-art (CHAATS).
  • [June 2021] Serving as a Program Committee (PC) member at SECURWARE 2021.
  • [February 2021] Accepted Research Intern offer at Bell Labs for Summer 2021.
  • [November 2020] GANDaLF paper is accepted at PETS 2021.
  • [October 2020] Mockingbird paper is accepted at IEEE TIFS.
  • [October 2020] Giving a Talk at Ph.D. Colloquium 2020 at RIT.
  • [September 2020] Giving a Talk at Cybersecurity Healthy Arguments about Advancing The State-of-the-art (CHAATS).
  • [April 2020] Accepted Summer Intern offer at FireEye.
  • [February 2020] One paper accepted in PETS 2020.
  • [November 2019] Awarded travel grant to attend ACM CCS 2019.
  • [September 2019] Two posters accepted in ACM CCS 2019.
  • [August 2019] One Paper accepted in ACM CCS 2019.

Research Summary

My research is firmly anchored at the intersection of machine learning, security, and privacy. My primary focus is on developing ML-driven intelligent systems, specifically tailored for malware analysis and network traffic analysis. Presently, my involvement is deep-seated in exploring continual learning systems for refined malware detection and categorization. Since Fall 2016, I have delved extensively into traffic analysis on Tor, encompassing website fingerprinting (WF) attacks, WF defenses, and flow correlation attacks. Additionally, my experiences extend to short-term projects involving defenses against adversarial examples, detection of adversarial patches, and predicting autonomous system paths on the Internet utilizing machine learning models. Peering into the future, I am enthusiastic about exploring the defensive capabilities of quantum key distribution (QKD) networks. My aim is to fortify our networking infrastructure's resilience against the looming threats in the post-quantum era.

Malware Analysis

In this area of research, I am working on static malware analysis where we investigate an intelligent dynamic malware classification/detection system using human learning properties in machine learning (ML) techniques, more commonly referred to as continual learning/lifelong learning and some other variations. In particular, we are investigating how we can mitigate catastrophic forgetting of a malware classification/detection model while the model is learning sequentially like the human learning process. Our first ever investgation on this space is published in the CoLLAs 2022. At present, we are investigating some more exciting questions from the outcome of our first paper. I have had spent the summer of 2020 at Mandiant as a Data Science intern where I have worked on investigating the feasibility of a transformer model for static malware analysis which got published in the WoRMA 2022.

Traffic Analysis

I started working on this area while I was doing my Master's and continuted working on this as a PhD student. The primary focus of this area of research is to investigate vulnerabilities in network traffic of an anonymous system such as Tor. To measure the severity of discovered vulnerability as a realistic attack known as website fingerprinting (WF), we apply several ML and deep learning (DL) techniques. A flip side of the WF attack is to investigate an efficient (i.e., low bandwidth and low latency) WF defense which can effectively defend these ML and DL based WF attacks which prompted us to investigate WF defenses as well.
Recently we have worked on flow correlation attack on Tor where we improve the current state-of-the-art leveraging metric learning. Our work on WF attack, WF defense, and flow correlation space have been recognized in several top security venues and journal including ACM CCS 2018, ACM CCS 2019, PETS 2020, PETS 2021, IEEE TIFS 2020, IEEE S&P (Oakland) 2022, and IEEE S&P (Oakland) 2023.


ESL Global Cybersecurity Institute,
Rochester Institute of Technology,
Rochester, NY 14623