I am a fourth year PhD student at the Internet Research Lab at University of Iowa. My advisor is Prof. Zubair Shafiq.

I conduct research on web security and privacy with an emphasis on privacy enhancing technologies. Specifically, my research focuses on improving the effectiveness of ad and tracker blocking technologies. Online advertisements have become an attractive target for various type of abuses, such as online tracking. Adblockers serve as a tool to protect user privacy by blocking these advertisements. A vast majority of adblockers rely on filter lists to block advertisements. However, filter lists suffer from two major problems. First, they are manually curated with informal crowdsourced feedback and thus lack precision and accuracy. Second, manual curation adds an update overhead and make filter lists susceptible to evasion attacks.

In my research, I address these problems using machine learning approaches.




Resume [Updated: 09/04/2019] | Twitter | Google Scholar | Linkedin



Joined Mozilla Firefox as a privacy research intern.
Invited to give a talk on ad and tracker blocking at the Mozilla Security Research Summit, 2019 [ video ].
Invited to review a paper at RAID 2019.
Paper on ML/graph-based ad and tracker blocking accepted at IEEE S&P, 2020.
Attended The Web Conference (WWW) 2019 in San Franscisco.
Passed my comprehensive exam.
Presented [ ShadowBlock ] poster at the Midwest Security Workshop 2019.
Paper accepted at The Web Conference (WWW) 2019.
Joined Brave Software as a summer research intern.
Presented poster on anti-adblocking at the Midwest Security Workshop 2018.
Our research on adblocking covered by [ Bleeping Computer ] [ PerformanceIN ].
Presented our work on anti-adblocking at IMC 2017.
Our work on adblocking got accepted at IMC 2017.
Shadow program committee member for IMC 2017 [ Shadow PC member ].
Internship at Microsoft.
Attended IEEE CNS 2016 in Philadelphia. Had a good learning experience.
Started my PhD at University of Iowa.
Attended USENIX Security conference, and got to hear some interesting ideas.
Published my first paper on malware propogation in IEEE/IFIP DSN 2016.
Left research assistantship at Lahore University of Management Sciences.




Umar Iqbal, Peter Snyder, Shitong Zhu, Benjamin Livshits, Zhiyun Qian, and Zubair Shafiq
IEEE Symposium on Security & Privacy (S&P), 2020.



Shitong Zhu, Umar Iqbal, Zhongjie Wang, Zhiyun Qian, Zubair Shafiq and Weiteng Chen
The Web Conference (WWW), San Francisco 2019.



Umar Iqbal, Zubair Shafiq, Zhiyun Qian
17th Annual ACM Internet Measurement Conference (IMC), United Kingdom, 2017.



Salman Yousaf, Umar Iqbal, Shehroze Farooqi, Raza Ahmad, Zubair Shafiq, Fareed Zaffar
46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), France, 2016.



Shitong Zhu, Umar Iqbal, Zhongjie Wang, Zhiyun Qian, Zubair Shafiq and Weiteng Chen
Midwest Security Workshop, Chicago , 2019.
The Web Conference (WWW), San Francisco 2019.

Umar Iqbal, Zubair Shafiq, Zhiyun Qian
Midwest Security Workshop, Urbana Champaign , 2018.




Mozilla Security Research Summit, San Francisco, May 2019

Mozilla Corporation, Mountain View, August 2019




As an intern at Brave. I instrumented Chromium web browser to capture the rendering of a webpage. Webpages are parsed and represented as DOM trees in modern browsers. The DOM tree captures relationships among HTML elements (e.g. parent-child, sibling-sibling). In my instrumentation, we enrich this existing tree-representation with additional information about the execution and communication of the page, such as edges to capture JavaScript's interactions with HTML elements, or which code unit triggered a given network request. These edge additions transform the DOM tree to a graph.
The graph representation of page execution tracks changes in the website's HTML structure, network requests, and JavaScript behavior. Because the graph contains information about the cause and content of every network request and DOM modification during the page's life cycle, the graph allows for tracing the provenance of any change or behavior back to either the responsible JavaScript code unit, or, in the case of initial HTML text, the browser's HTML parser. The contextual information captured by the instrumentation far exceeds what is available in the existing literature.




As an intern at Microsoft, I wrote a technical report describing the current landscape of ad and tracker blockers. I evaluated the state-of-the-art ad and tracker blocking solutions proposed in research, deployed ad and tracker blocking browser extensions, and current state of ad and tracker blocking in mainstream browsers. In addition, the report also discussed policies and consortiums around ad and tracker blocking solutions.
In light of developments around ad and tracker blocking and the current landscape of these privacy enhancing technnologies, the report outlined how and what an adblocker for Microsoft Edge would look like.




As a solution analyst at LMKT Corporation., I worked on a number of projects. The most prominent projects were:
(1) PTCL Smartlink: A mobile app for calling and instant messaging. It was packaged for PTCL (Pakistan Telecomunication Company Limited).
(2) V-Govern: An e-governance solution. I added search functionality to the product with configurable similarity models.
(3) RAFM (Revenue Assurance and Fraud management): A reporting dashboard. It provided near real time data analytics to monitor revenue and fraud critical situations by processing over one billion CDRs on daily basis.