Kevin Killourhy Ph.D. Student Advisor: Roy Maxion Computer Science Department Carnegie Mellon University 5000 Forbes Ave, Pittsburgh, PA 15213 Wean Hall 3402 (office) (412) 268-3266 (phone) (412) 268-5576 (fax) ksk@cs.cmu.edu Research The domain of computer security is challenging for machine learning algorithms. It is often difficult to develop an intuition for how algorithms (e.g., classifiers and anomaly detectors) will work when they are used in critical systems (e.g., intrusion detection and biometrics). My interest is in developing algorithms and designing evaluation methods to test when they can be trusted. For instance, can we use digital traces of an intruder as forensic evidence of their identity? How do we design experiments to rigorously test the performance of an intrusion-detection system? What role does machine-learning play in environments with an intelligent adversary? Publications K. Killourhy and R. Maxion, ``Comparing Anomaly-Detection Algorithms for Keystroke Biometrics,'' in Proceedings of the 39th Annual Dependable Systems and Networks Conference (DSN-09), (June 31-July 2, 2009, Estoril and Lisbon, Portugal), IEEE Press, 2009. (pdf-preprint) K. Killourhy and R. Maxion, ``The effect of clock resolution on keystroke dynamics,'' in International Symposium on Recent Advances in Intrusion Detection (R. Lippmann, E. Kirda, and A. Trachtenberg, eds.), vol. 5230, (September 15-17, 2008, Boston, MA), pp. 331-350, Lecture Notes in Computer Science (LNCS), Springer-Verlag, Berlin, 2008. (pdf) K. Killourhy and R. Maxion, ``Naive Bayes as a masquerade detector: Addressing a chronic failure,'' in Insider Attack and Cyber Security: Beyond the Hacker (S. Stolfo, S. Bellovin, S. Hershkop, A. Keromytis, S. Sinclair, and S. Smith, eds.), pp. 91-112, Springer, New York, 2008. K. S. Killourhy and R. A. Maxion, ``Toward realistic and artifact-free insider-threat data,'' in 23rd Annual Computer Security Applications Conference (ACSAC-07), (December 10-14, 2007, Miami, FL), pp. 87--96, IEEE Computer Society Press, Los Alamitos, CA, 2007. (pdf) K. Killourhy and R. Maxion, ``Learning from a flaw in a naive-Bayes masquerade detector,'' (abstract and poster) at the NIPS 2007 Workshop on Machine Learning in Adversarial Environments, December 8, 2007, Whistler, BC, 2007. (pdf) R. R. Roberts, R. A. Maxion, K. S. Killourhy, and F. Arshad, ``User authentication through structured writing on PDAs,'' in International Conference on Dependable Systems & Networks (DSN-07), (June 25-28, 2007, Edinburgh, Scotland), pp. 378--387, IEEE Computer Society Press, Los Alamitos, CA, 2007. (pdf) K. El-Arini and K. Killourhy, ``Bayesian detection of router configuration anomalies,'' in Proceedings of the ACM SIGCOMM 2005 Workshops (MineNet'05), (August 22--26, 2005, Philadelphia, PA), pp. 221--222, ACM Press, New York, NY, 2005. (pdf) An extended version of this paper was also written. (pdf) K. Killourhy, R. A. Maxion, and K. M. Tan, ``A defense-centric taxonomy based on attack manifestations,'' in Proceedings of the 2004 International Conference on Dependable Systems and Networks (DSN-2004), (June 28--July 1, 2004, Florence, Italy), pp. 91--100, IEEE Press, Los Alamitos, CA, 2004. (pdf) K. Tan, J. McHugh, and K. Killourhy, ``Hiding intrusions: From the abnormal to the normal and beyond,'' in Information Hiding: 5th International Workshop (IH-2002) (F. Petitcolas, ed.), (October 7--9, 2002, Noordwijkerhout, The Netherlands), pp. 1--17, Lecture Notes in Computer Science #2578, Springer-Verlag, Heidelberg, Germany, 2003. (pdf) K. M. C. Tan, K. S. Killourhy, and R. A. Maxion, ``Undermining an anomaly-based intrusion detection system using common exploits,'' in Fifth International Symposium on Recent Advances in Intrusion Detection (RAID-2002) (A. Wespi, G. Vigna, and L. Deri, eds.), (October 16--18, 2002, Zurich, Switzerland), pp. 54--73, Lecture Notes in Computer Science #2516, Springer-Verlag, Berlin, 2002. (pdf)