Research Interests
My overarching goal is to establish computer security as a
scientific discipline. The goal of a science is understanding;
a security scientist would understand how secure a system is, what
actions could make the system more secure, and why those actions would
be effective. Current methods of securing a system are often based on
ad-hoc best practices not scientific principles. My immediate
interest is in finding such principles by applying a scientific
approach—defining terms, designing crucial experiments, making
accurate measurements, and applying proper statistical
analysis—to problems such as authentication, intrusion
detection, and malware analysis.
Teaching
15-321:
Research Methods for Experimental Computer Science (Fall 2009)
Publications
- K. Killourhy and R.Maxion, “Should security researchers
experiment more and draw more inferences?,” in 4th Workshop
on Cyber Security Experimentation and Test (CSET-2011), (Aug 8,
2011, San Francisco, CA), The USENIX Association, Berkeley, CA, 2011.
(pdf)
(web)
- K. Killourhy and R. Maxion, “Why did my detector
do that?! Predicting keystroke-dynamics error rates,”
in Recent Advances in Intrusion Detection (RAID 2010),
vol. 6307 of Lecture Notes in Computer Science, (September
15–17, 2010, Ottawa, Ontario), pp. 256–276, Springer-Verlag, Berlin,
2010.
(pdf)
- R. A. Maxion and K. S. Killourhy, “Keystroke biometrics
with number-pad input,&rdquo in IEEE/IFIP International Conference
on Dependable Systems and Networks (DSN-2010), (June 28–July 1,
2010, Chicago, IL), pp. 201–210, IEEE, Los Alamitos, CA, 2010.
(pdf)
- D. L. Banks, L. House, and K. Killourhy, “Cherry-picking
for complex data: Robust structure discovery,” Philosophical
Transactions of the Royal Society, Series A, vol. 367, no. 1906,
pp. 4339–4359, 2009.
- K. S. Killourhy and R. A. Maxion, “Comparing
anomaly-detection algorithms for keystroke dynamics,”
in IEEE/IFIP International Conference on Dependable Systems and
Networks (DSN-2009), (June 29–July 2, 2009, Estoril, Lisbon,
Portugal), pp. 125–134, IEEE Computer Society, Los Alamitos, CA, 2009.
(pdf)
(web/data)
- K. Killourhy, “The role of environmental factors in
keystroke dynamics,” in IEEE/IFIP International Conference on
Dependable Systems and Networks (DSN-2009)—Supplemental Volume
(Student Forum), (June 29–July 2, 2009, Estoril, Lisbon,
Portugal), pp. 125–134, IEEE Computer Society, Los Alamitos, CA, 2009.
(pdf)
- K. Killourhy and R. Maxion, “Naive bayes as a masquerade
detector: Addressing a chronic failure,” in Insider Attack
and Cyber Security: Beyond the Hacker (S. Stolfo, S. Bellovin,
S. Hershkop, A. Keromytis, S. Sinclair, and S. Smith, eds.),
pp. 91–112, Springer, New York, NY, 2008.
- K. Killourhy and R. Maxion, “The effect of clock
resolution on keystroke dynamics,” in Recent Advances in
Intrusion Detection (RAID-2008), vol. 5230 of Lecture Notes in
Computer Science, (September 15–17, 2008, Boston, MA),
pp. 331–350, Springer-Verlag, Berlin, 2008.
(pdf)
- K. S. Killourhy and R. A. Maxion, “Toward realistic and
artifact-free insider-threat data,” in 23rd Annual Computer
Security Applications Conference (ACSAC-2007), (December 10–14,
2007, Miami, FL), pp. 87–96, IEEE Computer Society, Los Alamitos, CA,
2007.
(pdf)
- R. R. Roberts, R. A. Maxion, K. S. Killourhy, and F. Arshad,
“User authentication through structured writing on PDAs,”
in IEEE/IFIP International Conference on Dependable Systems and
Networks (DSN-2007), (June 25–28, 2007, Edinburgh, Scotland),
pp. 378–387, IEEE Computer Society, Los Alamitos, CA, 2007.
(pdf)
- K. Killourhy and R. Maxion, “Learning from a flaw in a
naive-bayes masquerade detector,” in NIPS 2007 Workshop on
Machine Learning in Adversarial Environments, (December 8, 2007,
Whistler, BC), pp. 20:1–2, 2007.
(pdf)
- K. El-Arini and K. Killourhy, “Bayesian detection of
router configuration anomalies,” in ACM SIGCOMM-2005 Workshop
on Mining Network Data (MineNet-2005), (August 22–26, 2005,
Philadelphia, PA), pp. 221–222, ACM, New York, NY, 2005.
(pdf)
- K. Killourhy, R. A. Maxion, and K. M. Tan, “A
defense-centric taxonomy based on attack manifestations,”
in IEEE/IFIP International Conference on Dependable Systems and
Networks (DSN-2004), (June 28–July 1, 2004, Florence, Italy),
pp. 91–100, IEEE Computer Society, Los Alamitos, CA, 2004.
(pdf)
- K. Tan, J. McHugh, and K. Killourhy, “Hiding intrusions:
From the abnormal to the normal and beyond,” in Information
Hiding: 5th International Workshop (IH-2002) (F. Petitcolas, ed.),
vol. 2578 of Lecture Notes in Computer Science, (October 7–9,
2002, Noordwijkerhout, The Netherlands), pp. 1–17, Springer-Verlag,
Berlin, 2003.
(pdf)
- K. M. C. Tan, K. S. Killourhy, and R. A. Maxion,
“Undermining an anomaly-based intrusion detection system using
common exploits,” in Recent Advances in Intrusion Detection
(RAID-2002) (A. Wespi, G. Vigna, and L. Deri, eds.), vol. 2516 of
Lecture Notes in Computer Science, (October 16–18, 2002, Zurich,
Switzerland), pp. 54–73, Springer-Verlag, Berlin, 2002.
(pdf)
|