CIS Lecture Series

This is a past event

Finding Flow: Connecting the Dots to Disclose Attacker Trails


Kangkook Jee, NEC Labs America


Modern computing systems are largely opaque, provide with little to no transparency to its internal mechanisms. This severely limits the defender’s capability in detecting and countering APT (advanced persistent threat) campaigns. The dedicated adversaries act slowly and deliberately. They often stay for months or even years in the target network before achieving their goals (e.g., data leakage, sabotaging the capability). Beyond such sophisticated campaigns, a lack of understanding of complex system operations obstructs efforts to detect less sophisticated attacks or to diagnose non-malicious faulty behavior that spans multiple applications and hosts.


I will introduce my research devoted to a large-scale, end-point security solution that (i) collects system activities (events or artifacts) from each end-host, and then (ii) connects system activities to disclose the relevant context to find individually benign activities but collectively malice or erroneous operations to counter sophisticated attack campaigns. My research is deployed to multiple locations covering hundreds of end-points. Thus, it introduces and tackles interesting research challenges such as efficient data collection, big data processing, automated forensic analysis, and alert flooding. The talk also addresses accuracy and efficiency trade-offs in implementing end-point data collection.

Kangkook Jee is a researcher at NEC Labs America where he has worked on system security solutions for enterprise, IoT, and CPS systems. After graduating with his undergraduate degree from Korea University, he worked for IBM for 5 years and then went to Columbia University for both his Master’s and Ph.D. degrees. His research interests cover topics related to the overall system and software security. In particular, his thesis topic focused on designing an accurate and efficient information flow-tracking framework. He is an avid runner and occasional capture-the-flag player.

Friday, February 22, 2019 at 9:30am to 10:45am

Gore Hall, Room 205
Gore Hall, University of Delaware, Newark, DE 19716, USA

Event Type

Academics, College of Engineering, Students, Lectures & Programs, Community, Lectures and Programs



Computer & Information Sciences

ENGR - Computer & Information Sciences
Contact Email

Contact Name

Chien-Chung Shen

Contact Phone



Recent Activity