University of Massachusetts Dartmouth · College of Engineering Department of CIS Cybersecurity Center
Kul Lab Privacy Aware Defense Laboratory · UMass Dartmouth

Research

We build measurable, reliable systems at the boundary of cybersecurity and machine learning. from query-level threat detection to software that stays performant and safe as it evolves.

ML Resilience & Open-World Recognition

Production ML systems regularly encounter inputs unlike anything in their training data — new attack variants, drifted user behavior, sensor degradation. We study how such systems should behave under those conditions: when to abstain, when to flag a sample as out-of-distribution, and how to quantify the cost of getting it wrong. Our DoA-funded program develops resilience metrics, open-set recognition models, and explainability methods tailored to network intrusion detection.

Key publications:

Sponsor: U.S. Department of the Army ($546k, 2022–2026, PI: Gokhan Kul, Co-PIs: Lance Fiondella and Ruolin Zhou)

Database & Insider Threat Security

Insider attacks against databases are hard precisely because the attacker is already authenticated. Our work on SQL query intent modeling — including the Ettu framework and similarity measures for SQL queries — treats query workloads as a behavioral signal: deviations from intent are what give insider exfiltration away. Spinoffs include detecting data leakage in Android applications and from advanced persistent threats.

Key publications:

Software Performance & Vulnerability Detection

Performance regressions and security vulnerabilities both tend to surface late — after a release, when they are expensive. We build tooling that surfaces them earlier in the development pipeline. PACE is a continuous-integration framework that predicts the performance impact of code changes before merge. Related work targets microarchitectural side-channel vulnerabilities (Spectre-class) using static and ML-based detection.

Key publications:

Sponsor: UMass Dartmouth MUST Program / Office of Naval Research ($286k, 2023–2026, PI: Gokhan Kul)

Code: https://github.com/PADLab/PACE

Digital Forensics

When evidence arrives fragmented or corrupted, recovering it is half engineering and half inference. Our forensics work spans image-attribute estimation for reconstruction from file fragments, after-collision forensic protocols for autonomous vehicles, and inference of adversary capabilities from partial logs.

Key publications:

Cybersecurity Education & Workforce Development

Beyond research, the lab contributes to cybersecurity education and workforce development through NSF-funded programs at UMassD's NSA Center of Academic Excellence — including the Building Blocks of Microprocessors SFS supplement, which uses simulations, labs, and citizen science to broaden participation in inclusive STEM learning.

Sponsor: National Science Foundation ($241k, 2024–2026, Lead Investigator: Gokhan Kul)

Funding