[Photo] Kevin Killourhy
Postdoctoral Fellow
(Recent Ph.D. Candidate)
Computer Science Department
Carnegie Mellon University
5000 Forbes Ave,
Pittsburgh, PA 15213


Gates-Hillman 9230 (office/lab)
(412) 953-8380 (phone)
(412) 268-5576 (fax)
ksk@cs.cmu.edu

Research Interests

My overarching goal is to establish computer security as a scientific discipline. The goal of a science is understanding; a security scientist would understand how secure a system is, what actions could make the system more secure, and why those actions would be effective. Current methods of securing a system are often based on ad-hoc best practices not scientific principles. My immediate interest is in finding such principles by applying a scientific approach—defining terms, designing crucial experiments, making accurate measurements, and applying proper statistical analysis—to problems such as authentication, intrusion detection, and malware analysis.

Teaching

15-321: Research Methods for Experimental Computer Science (Fall 2009)

Publications
  • K. Killourhy and R.Maxion, “Should security researchers experiment more and draw more inferences?,” in 4th Workshop on Cyber Security Experimentation and Test (CSET-2011), (Aug 8, 2011, San Francisco, CA), The USENIX Association, Berkeley, CA, 2011. (pdf) (web)

  • K. Killourhy and R. Maxion, “Why did my detector do that?! Predicting keystroke-dynamics error rates,” in Recent Advances in Intrusion Detection (RAID 2010), vol. 6307 of Lecture Notes in Computer Science, (September 15–17, 2010, Ottawa, Ontario), pp. 256–276, Springer-Verlag, Berlin, 2010. (pdf)

  • R. A. Maxion and K. S. Killourhy, “Keystroke biometrics with number-pad input,&rdquo in IEEE/IFIP International Conference on Dependable Systems and Networks (DSN-2010), (June 28–July 1, 2010, Chicago, IL), pp. 201–210, IEEE, Los Alamitos, CA, 2010. (pdf)

  • D. L. Banks, L. House, and K. Killourhy, “Cherry-picking for complex data: Robust structure discovery,” Philosophical Transactions of the Royal Society, Series A, vol. 367, no. 1906, pp. 4339–4359, 2009.

  • K. S. Killourhy and R. A. Maxion, “Comparing anomaly-detection algorithms for keystroke dynamics,” in IEEE/IFIP International Conference on Dependable Systems and Networks (DSN-2009), (June 29–July 2, 2009, Estoril, Lisbon, Portugal), pp. 125–134, IEEE Computer Society, Los Alamitos, CA, 2009. (pdf) (web/data)

  • K. Killourhy, “The role of environmental factors in keystroke dynamics,” in IEEE/IFIP International Conference on Dependable Systems and Networks (DSN-2009)—Supplemental Volume (Student Forum), (June 29–July 2, 2009, Estoril, Lisbon, Portugal), pp. 125–134, IEEE Computer Society, Los Alamitos, CA, 2009. (pdf)

  • K. Killourhy and R. Maxion, “Naive bayes as a masquerade detector: Addressing a chronic failure,” in Insider Attack and Cyber Security: Beyond the Hacker (S. Stolfo, S. Bellovin, S. Hershkop, A. Keromytis, S. Sinclair, and S. Smith, eds.), pp. 91–112, Springer, New York, NY, 2008.

  • K. Killourhy and R. Maxion, “The effect of clock resolution on keystroke dynamics,” in Recent Advances in Intrusion Detection (RAID-2008), vol. 5230 of Lecture Notes in Computer Science, (September 15–17, 2008, Boston, MA), pp. 331–350, Springer-Verlag, Berlin, 2008. (pdf)

  • K. S. Killourhy and R. A. Maxion, “Toward realistic and artifact-free insider-threat data,” in 23rd Annual Computer Security Applications Conference (ACSAC-2007), (December 10–14, 2007, Miami, FL), pp. 87–96, IEEE Computer Society, Los Alamitos, CA, 2007. (pdf)

  • R. R. Roberts, R. A. Maxion, K. S. Killourhy, and F. Arshad, “User authentication through structured writing on PDAs,” in IEEE/IFIP International Conference on Dependable Systems and Networks (DSN-2007), (June 25–28, 2007, Edinburgh, Scotland), pp. 378–387, IEEE Computer Society, Los Alamitos, CA, 2007. (pdf)

  • K. Killourhy and R. Maxion, “Learning from a flaw in a naive-bayes masquerade detector,” in NIPS 2007 Workshop on Machine Learning in Adversarial Environments, (December 8, 2007, Whistler, BC), pp. 20:1–2, 2007. (pdf)

  • K. El-Arini and K. Killourhy, “Bayesian detection of router configuration anomalies,” in ACM SIGCOMM-2005 Workshop on Mining Network Data (MineNet-2005), (August 22–26, 2005, Philadelphia, PA), pp. 221–222, ACM, New York, NY, 2005. (pdf)

  • K. Killourhy, R. A. Maxion, and K. M. Tan, “A defense-centric taxonomy based on attack manifestations,” in IEEE/IFIP International Conference on Dependable Systems and Networks (DSN-2004), (June 28–July 1, 2004, Florence, Italy), pp. 91–100, IEEE Computer Society, Los Alamitos, CA, 2004. (pdf)

  • K. Tan, J. McHugh, and K. Killourhy, “Hiding intrusions: From the abnormal to the normal and beyond,” in Information Hiding: 5th International Workshop (IH-2002) (F. Petitcolas, ed.), vol. 2578 of Lecture Notes in Computer Science, (October 7–9, 2002, Noordwijkerhout, The Netherlands), pp. 1–17, Springer-Verlag, Berlin, 2003. (pdf)

  • K. M. C. Tan, K. S. Killourhy, and R. A. Maxion, “Undermining an anomaly-based intrusion detection system using common exploits,” in Recent Advances in Intrusion Detection (RAID-2002) (A. Wespi, G. Vigna, and L. Deri, eds.), vol. 2516 of Lecture Notes in Computer Science, (October 16–18, 2002, Zurich, Switzerland), pp. 54–73, Springer-Verlag, Berlin, 2002. (pdf)