Moein Shafi
Welcome

I'm Moein Shafi

Artificial Intelligence Specialist

LLMs
Cybersecurity
IoT
Computer Networks
Software Engineering

Moein Shafi

Moein Shafi

AI Researcher & Cybersecurity Specialist

Hi there!
My name is Moein Shafi, natively written as معین شفی. I'm currently a Cybersecurity Specialist at Behaviour-Centric Cybersecurity Center (BCCC) @ York University.

As an AI researcher and R&D specialist, I build intelligent systems at the frontier of machine learning, IoT security, and network behavior modeling.

I specialize in:

  • 🧠 LLMs & deep neural networks for smart threat detection
  • 🔗 Graph learning for IoT profiling and anomaly detection
  • 📊 Building large-scale benchmark datasets (60M+ records)
  • 🚀 Deploying cloud-native AI pipelines & open-source tools

My focus is real-world impact, bridging academic research and practical AI engineering with purpose and precision.

  • From: Isfahan, Iran
  • Lives In: Toronto, Canada
  • Last Update: April 2025
Areas of Expertise

From algorithms to architecture — here are the pillars of what I build and breathe.

Cybersecurity

Advanced threat modeling, behavior profiling, and adversarial detection systems.

IoT

Behavior-driven device profiling and large-scale smart environment monitoring.

Machine Learning

LLMs, GNNs, anomaly detection, and intelligent pipelines for real-world deployment.

Networks

Deep packet analysis, traffic modeling, and low-level protocol optimization.

Cloud Computing

Scalable ML workflows on AWS, containerized deployments, and data engineering at scale.

Technical Arsenal

Tools I wield to bring intelligence to life — and push systems beyond their limits.

Programming Languages

Where logic meets creativity. Clean, scalable, production-grade code — every time.

Python
85%
C/C++
60%
Java
50%
Bash & Shell Scripting
40%

AI & Machine Learning

From LLMs to graph learning — I build models that see patterns, adapt to change, and defend intelligently.

PyTorch & TensorFlow
80%
Graph Neural Networks
70%
LLMs & Prompt Engineering
65%

IoT Security & Protocols

Smart devices, smarter defenses. My models learn behaviors to detect threats — before they happen.

Z-Wave / ZigBee
70%
MQTT
60%
EtherCat
55%

Cloud & Infrastructure

Built for scale. I containerize, automate, and deploy intelligent systems that don’t just run — they thrive.

AWS (EC2, S3, IAM)
75%
Docker / Jenkins / CI/CD
70%

Network & Traffic Analysis

I see the flow beneath the surface — inspecting, profiling, and mapping digital behavior like a forensic artist.

TCP/IP & DNS
70%
Wireshark / Zabbix
75%

Threat Modeling & Cyber Defense

From malware to misbehavior — I build smart defenses that evolve, adapt, and resist with purpose.

Intrusion Detection (IDS)
80%
Malware Analysis
70%
IoT Behavior Profiling
65%
Work Experience
  • May 2022 - Present
    Icon

    Cyber Security Specialist

    Behaviour-Centric Cybersecurity Center (BCCC)
    Full-Time Tehran, IR

    At the Behaviour-Centric Cybersecurity Center (BCCC), I’ve been leading AI-powered security research at the cutting edge of smart environments and threat intelligence. My focus? Designing models that don't just detect attacks — they understand the behavior behind them.

    🧠 Behavior-Driven AI Models for Smart Environments
    I architected a multi-layer profiling system using Graph Neural Networks, LSTMs, and deep behavior modeling to classify over 88 unique malicious activity classes in smart homes — achieving up to 98% detection accuracy. These models were trained on a rich dataset of traffic I generated myself by simulating 230+ real-world attacks across Z-Wave and IP-based IoT networks.

    🌍 Creating the World's Largest IoT Smart Home Dataset
    I designed a dual-frequency capture system to monitor both Z-Wave (908 MHz) and IP-layer (Ethernet, 2.4 GHz) protocols. The result: BCCC-IoT-Zwave-2025, a dataset with over 600 million records — now used for benchmarking anomaly detection in real-world smart home scenarios.

    ⚙️ Open-Source Tools That Empower AI Research
    I built and released NTLFlowLyzer, ALFlowLyzer, and IoT-ZwaveNetLyzer — Python-based analyzers that convert raw network data into AI-friendly, structured CSVs. These tools integrate custom feature extraction pipelines and enable real-time profiling across multiple network layers.

    🌐 Intrusion Detection with Deep Learning
    I led the development of high-performance IDS models using CNN-RNN hybrids and sequential data analysis. My work contributed to several benchmark datasets, including BCCC-CIC-IDS-2024 and BCCC-CSE-CIC-IDS-2024 — each with millions of labeled flow records collected and structured under my direction.

    📡 DNS Behavior Profiling with Application-Layer AI
    Using deep sequence models, I exposed hidden attack patterns in DNS traffic with ALFlowLyzer, enabling classification of fluxing, tunneling, and spoofed queries. This work powered the BCCC-CIC-DNS-2024 dataset and was published in Elsevier as a first-author contribution.

    🔧 Engineering for Research at Scale
    Behind every model was a full-stack engineering effort: clean Python architecture, object-oriented design, parallel data processing, and SOLID principles at the core. I supervised junior researchers, reviewed pull requests, and maintained the GitHub repos that now power hundreds of experiments across the security research community.

    🚀 My Philosophy?
    Build AI systems that aren’t just reactive — they’re context-aware, intelligent, and fast enough to matter. At BCCC, I turned that philosophy into real tools, real models, and real impact.

    🧪 Currently, I'm working on applying LLMs and generative AI techniques to analyze and summarize complex network behavior patterns — bridging traditional network traffic with modern language-based AI understanding for adaptive profiling and threat explanation.

  • May 2022 - Jan 2024
    Icon

    Cyber Security Specialist

    cPacket
    Part-Time Remote, CA, US

    At cPacket, I brought together cloud engineering, applied machine learning, and real-time attack simulation to create scalable solutions for DDoS detection in modern network infrastructures.

    ☁️ Cloud-Centric AI Security Architecture
    I designed and deployed an AWS-based simulation environment that mimicked enterprise-scale traffic flows, enabling precise measurement of attack impacts and model response. This setup allowed me to orchestrate and monitor 17 custom DDoS attack scenarios, feeding into intelligent model training pipelines.

    📊 BCCC-cPacket-Cloud-DDoS-2024 Dataset
    I led the creation of this benchmark dataset, capturing diverse cloud-based DDoS attacks under different network loads. It’s now used to validate ML algorithms under real-world constraints and varying benign/malicious behavior profiles.

    🧠 Modeling Benign Behavior for Context-Aware Detection
    I developed the open-source Benign User Profiler (BUP), a tool for generating realistic non-malicious traffic patterns. This was critical for training AI systems to understand “normal” before detecting “abnormal.”

    🛡️ ML-Powered DDoS Detection System
    Using a multi-layer approach, I trained classifiers on flow, protocol, and behavioral levels to build a robust detection and attack profiling system. These models were validated across AWS environments, providing high precision under heavy traffic.

    📚 Research & Collaboration
    As first author, I published the paper “Toward generating a new cloud-based Distributed Denial of Service (DDoS) dataset and cloud intrusion traffic characterization”, highlighting our data methodology and ML approach. I also collaborated with BCCC leadership and U.S. security partners to refine research directions.

    This project reinforced my expertise in cloud-native security architecture, AI-driven traffic analysis, and the deployment of scalable attack simulation environments.

  • Jul 2019 - Aug 2022
    Icon

    Software Engineer

    Mahsan
    Full-Time Tehran, IR

    As part of the Infrastructure Team, I addressed a wide range of networking challenges with a particular focus on optimizing performance and security in Ubuntu Linux environments. My work involved extensive use of the SNMP protocol, where I utilized C/C++ and Python to develop robust network management solutions.

    In addition to my core responsibilities, I worked extensively with Docker and Jenkins to create automated build, testing, and deployment pipelines, improving the efficiency of development cycles. I also employed CMake for build automation, ensuring clean and modular code across large projects. For unit testing, I used gtest, which allowed for thorough validation of code functionality, especially in critical network-related features.

    My experience with networking libraries such as Netmap, XDP, and Libpcap enabled me to implement advanced packet processing and network monitoring solutions. I frequently collaborated with cross-functional teams, ensuring smooth integration of new features, security patches, and system updates. Furthermore, I leveraged version control tools like Git and CI/CD practices to maintain code quality and minimize downtime.

    One of my key projects was the enhancement of Ubuntu Linux security features, where I applied my skills in C/C++ and Python to develop system-level security improvements. This role exposed me to other critical tools and practices, such as network virtualization, continuous integration, and monitoring with tools like Zabbix.

    This comprehensive experience gave me a solid foundation in Linux networking, security best practices, and automation techniques, equipping me to handle complex challenges in network performance and security optimization.

Education
  • Sep 2022 - Present
    Icon

    Master of Computer Science

    Cybersecurity, Networking, and IoT Focus
    York University
    Toronto, CA

    GPA: A
    Thesis Titile: A Behavior-driven Model for Malicious Activity Detection in IoT Network Using Graph Learning.
    Supervisor: Dr. Arash Habibi Lashkari, Canada Research Chair in Cybersecurity, Associate Professor, York University

  • Sep 2017 - May 2022
    Icon

    Bachelor Computer Engineering

    Software Engineering Focus
    University of Tehran Tehran, IR

    GPA: A
    Last 2 year's GPA: A+
    Thesis Titile: Enhancing Network Performance through XDP: Strategies for Fast Packet Capture, Correction, and Injection.
    Related Courses: Cyber Physical Systems (17.7/20), Artificial Intelligence (in progress), Computer Security (in progress), Operating Systems (18.5/20), Computer Networks (20/20), Internet Engineering (19.3/20), Software Engineering (19/20), Object Oriented Design Pattern (19.35/20), Principles of Compiler Design and Construction (18.5/20), Computer Aided Design (18.5/20), Design and Analysis of Algorithm, Principles of Database Design, Computer Architecture, Data Structures and Algorithm, Advanced Programming, Engineering Probability and Statistics.


    References:
    Dr. Naser Yazdani, Professor, University of Tehran
    Dr. Mehdi Modarressi, Assistant Professor, University of Tehran
    Dr. Saeed Safari, Associate Professor, University of Tehran
Education
  • Sep 2022 - Present
    Icon

    Master of Computer Science

    Cybersecurity, Networking, and IoT Focus
    York University
    Toronto, CA

    GPA: A
    Thesis Titile: A Behavior-driven Model for Malicious Activity Detection in IoT Network Using Graph Learning.
    Supervisor: Dr. Arash Habibi Lashkari, Canada Research Chair in Cybersecurity, Associate Professor, York University

  • Sep 2017 - May 2022
    Tehran, IR

    Titile:
    Journal:
    Date of Publications:
    Citaitons:
    Authors:
    Dr. Naser Yazdani, Professor, University of Tehran
    Dr. Mehdi Modarressi, Assistant Professor, University of Tehran
    Dr. Saeed Safari, Associate Professor, University of Tehran
    Abstract:

Teaching Assistant Experience

88

Courses

6

Publications

9

Datasets

110

Projects Completed
Projects

See my work

Network and Transport Layers Flow Analyzer (NTLFlowLyzer)

Python, Computer-Network, Cybersecurity

Application Layer Flow Analyzer (ALFlowLyzer)

Python, Computer-Network, Cybersecurity

Benign User Profiler (BUP)

Python, Computer-Network, Cybersecurity

Packet Handling using XDP

C/C++, Computer-Network, Linux-Based

3-Players Bluetooth Based Pong Game (real-time)

Java (Android), Mobile, Cybersecurity

Software Defined Network(SDN)

Python, Computer-Network, Linux-Based

Course Enrollment Website

Java (Spring), Web

Neural Network on FPGA

VHDL, Architecture, AI

Changing XV6 Operating System

C/C++, Architecture, Linux-Based

Customized compiler

C/C++, Flex, Bison, Linux-Based

ARM Processor

Verilog, Architecture

MIPS Processor

Verilog, Architecture

Electric Circuit Solver

Python, Linux-Based

Telegram Bot

Python, Mobile, Bot

Load More
Blog

Latest Post

See All Post
Contact

Get in touch

Moein Shafi

Where to find me

York University, Toronto, Ontario, Canada

Follow me

Contact me

Subscribe

Copyright ©2024. All right reserved to Moein Shafi.