Kangkook Jee

Publications

Conference publications

  1. Evading Provenance-Based ML Detectors with Adversarial System Actions
    K Mukherjee, J Wiedemeier, T Wang, J Wei, M Kim, M Kantarcioglu, K Jee
    In Proceedings of Usenix Security Aug. 2023
  2. Reassembly is Hard: A Reflection on Challenges and Strategies
    H Kim, S Kim, J Lee, K Jee, SK Cha
    In Proceedings of Usenix Security Aug. 2023
  3. Back-Propagating System Dependency Impact for Attack Investigation
    P Fang, P Gao, C Liu, E Ayday, K Jee, T Wang, Y Ye, Z Liu, X Xiao
    In Proceedings of Usenix Security Aug. 2022
  4. SEAL: Storage-efficient Causality Analysis on Enterprise Logs with Query-friendly Compression
    P Fei, Z Li, Z Wang, X Yu, D Li, K Jee
    In Proceedings of Usenix Security Aug. 2021.
  5. UTrack: Enterprise User Tracking Based on OS-Level Audit Logs
    Y Li, Z Wu, H Wang, K Sun, Z Li, K Jee, J Rhee, H Chen
    In Proceedings of DIMVA, May 2021.
  6. This is Why We Can’t Cache Nice Things: Lightning-Fast Threat Hunting using Suspicion-Based Hierarchical Storage
    WU Hassan, D Li, K Jee, X Yu, K Zou, D Wang, Z Chen, Z Li, J Rhee, J Gui, A Bates
    In Proceedings of ACSAC, Dec. 2020.
  7. Detecting Malware Injection with Program-DNS Behavior
    Y Sun, K Jee, S Sivakorn, Z Li, C Lumezanu, L Korts-Parn, Z Wu, J Rhee, C Kim, M Chiang, P Mittal
    In Proceedings of EuroSnP, Sep. 2020.
  8. Evolving Advanced Persistent Threat Detection using Provenance Graph and Metric Learning
    G Ayoade, K Akbar, P Sahoo, Y Gao, A Agarwal, K Jee, L Khan, A Singhal
    IEEE Conference on Communications and Network Security (CNS) 2020
  9. APTrace: A Responsive System for Agile Enterprise Level Causality Analysis
    J Gui, D Li, Z Chen, J Rhee, X Xiao, M Zhang, K Jee, Z Li, and H Chen
    In Proceedings of ICDE, May 2020.
  10. You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis
    Q Wang, WU Hassan, D Li, K Jee, X Yu, K Zou, J Rhee, Z Chen, W Cheng, CA Gunter, H Chen
    In Proceedings of NDSS, Feb. 2020.
  11. Countering Malicious Processes with End-point DNS Monitoring
    S Sivakorn, K. Jee, Y. Sun, L. Kort-Parn, Z. Li, C. Lumezanu, Z. Wu, L. Tang, D. Li
    In Proceedings of NDSS, Feb. 2019.
  12. NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage
    WU Hassan, S Guo, D Li, Z Chen, K Jee, Z Li, A Bates
    In Proceedings of NDSS, Nov. 2019.
  13. NodeMerge: Template-Based Efficient Data Reduction For Big-Data Causality Analysis
    Y Tang, D Li, Z Li, M Zhang, K Jee, Z Wu, J Rhee, X Xiao, F Xu, Q Li
    In Proceedings of CCS, Nov. 2018.
  14. SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection
    P Gao, X Xiao, D Li, Z Li, K Jee, Z Wu, CH Kim, SR Kulkarni, P Mittal
    In Proceedings of Usenix Security Aug. 2018.
  15. AIQL: Enabling Efficient Attack Investigation from System Monitoring Data
    P Gao, X Xiao, Z Li, K Jee, F Xu, SR Kulkarni, P Mittal
    In Proceedings of Usenix ATC, Jul. 2018.
  16. Towards a timely causality analysis for enterprise security
    Y Liu, M Zhang, D Li, K Jee, Z Li, Z Wu, J Rhee, P Mittal
    In Proceedings of NDSS, Feb. 2018.
  17. High fidelity data reduction for big data security dependency analyses
    Z Xu, Z Wu, Z Li, K Jee, J Rhee, X Xiao, F Xu, H Wang, G Jiang
    In Proceedings of CCS, Nov. 2016.
  18. IntFlow: improving the accuracy of arithmetic error detection using information flow tracking
    M Pomonis, T Petsios, K Jee, M Polychronakis, AD Keromytis
    In Proceedings of ACSAC, Oct. 2014.
  19. ShadowReplica: Efficient Parallelization of Dynamic Data Flow Tracking
    K. Jee, V. P. Kemerlis, A. D. Keromytis and G. Portokalidis
    In Proceedings of ACM CCS, Nov. 2013.
  20. libdft: Practical Dynamic Data Flow Tracking for Commodity Systems
    V. P. Kemerlis, G. Portokalidis, K. Jee, and A. D. Keromytis
    In Proceedings of VEE, Apr. 2012
  21. A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware
    K. Jee, G. Portokalidis, V. P. Kemerlis, S. Ghosh, D. I. August, and A. D. Keromytis
    In Proceedings of NDSS, Feb. 2012
  22. An Adversarial Evaluation of Network Signaling and Control Mechanisms
    K. Jee, S. Sidiroglou-Douskos, A. Stavrou, and A. D. Keromytis
    In Proceedings of ICISC, Dec. 2010

Journals

  1. Advanced Persistent Threat Detection Using Data Provenance and Metric Learning
    K Akbar, Y Wang, G Ayoade, Y Gao, A. Singhal, L Khan, B Thuraisingham, K Jee
    IEEE Transactions on Dependable and Secure Computing 2022

Archive preprints

  1. Interpreting GNN-based IDS Detections Using Provenance Graph Structural Features
    K Mukherjee, J Wiedemeier, T Wang, M Kim, F Chen, M Kantarcioglu, K Jee
    CoRR/abs/2306.00934 2023

Demo papers

  1. Querying Streaming System Monitoring Data for Enterprise System Anomaly Detection (Demo paper)
    P. Gao, X. Xiao, D. Li, K. Jee, H. Chen, S. Kulkarni, and P. Mittal
    In Proceedings of ICDE, May 2020.
  2. A Query System for Efficiently Investigating Complex Attack Behaviors for Enterprise Security (Demo paper)
    P.Gao, X.Xiao, Z.Li, K.Jee, F.Xu, S.R.Kulkarni, P.Mittal
    In Proceedings of VLDB, Aug. 2019.

Books

Thesis

Patents

  1. Confidential machine learning with program compartmentalization
    CH Kim, J Rhee, K Jee, LI Zhichun
    US Patent 11,423,142
  2. Graphics processing unit accelerated trusted execution environment
    CH Kim, J Rhee, K Jee, LI Zhichun, A Ahmad, H Chen
    US Patent 11,295,008
  3. Real-time threat alert forensic analysis
    D Li, K Jee, LI Zhichun, Z Chen, X Yu
    US Patent 11,275,832
  4. User-added-value-based ransomware detection and prevention
    Z Wu, Y Li, J Rhee, K Jee, Z Li, J Kamimura, LA Tang, Z Chen
    US Patent 11,223,649
  5. Automated threat alert triage via data provenance
    D Li, K Jee, Z Chen, LI Zhichun, WU Hassan
    US Patent 11,194,906
  6. Inter-application dependency analysis for improving computer system threat detection
    D Li, K Jee, Z Chen, LA Tang, LI Zhichun
    US Patent 11,030,308
  7. Template based data reduction for commercial data mining
    D Li, K Jee, LI Zhichun, M Zhang, Z Wu
    US Patent 11,030,157
  8. Host behavior and network analytics based automotive secure gateway
    J Rhee, H Li, HAO Shuai, CH Kim, Z Wu, LI Zhichun, K Jee, L Korts-Parn
    US Patent 10,931,635
  9. Automated software safeness categorization with installation lineage and hybrid information sources
    J Rhee, Z Wu, L Korts-Parn, K Jee, LI Zhichun, O Setayeshfar
    US Patent 10,929,539
  10. Path-based program lineage inference analysis
    J Rhee, Z Wu, L Korts-Parn, K Jee, LI Zhichun, O Setayeshfar
    US Patent 10,853,487
  11. Template based data reduction for security related information flow data
    D Li, K Jee, LI Zhichun, M Zhang, Z Wu
    US Patent 10,733,149
  12. Automated blackbox inference of external origin user behavior
    Z Wu, J Rhee, J Yuseok, LI Zhichun, K Jee, G Jiang
    US Patent 10,572,661
  13. Host level detect mechanism for malicious DNS activities
    K Jee, LI Zhichun, G Jiang, L Korts-Parn, Z Wu, Y Sun, J Rhee
    US Patent 10,574,674
  14. Blackbox program privilege flow analysis with inferred program behavior context
    J Rhee, J Yuseok, LI Zhichun, K Jee, Z Wu, G Jiang
    US Patent 10,505,962
  15. Fine-grained analysis and prevention of invalid privilege transitions
    J Rhee, J Yuseok, LI Zhichun, K Jee, Z Wu, G Jiang
    US Patent 10,402,564
  16. Extraction and comparison of hybrid program binary features
    J Rhee, LI Zhichun, Z Wu, K Jee, G Jiang
    US Patent 10,289,843
  17. Timely causality analysis in homogeneous enterprise hosts
    M Zhang, K Jee, LI Zhichun, D Li, Z Wu, J Rhee
    US Patent App. 15/972,911
  18. Intrusion detection using efficient system dependency analysis
    Z Wu, LI Zhichun, J Rhee, F Xu, G Jiang, K Jee, X Xiao, Z Xu
    US Patent App. 15/416,462
  19. High Fidelity Data Reduction for System Dependency Analysis
    Z Wu, LI Zhichun, J Rhee, F Xu, G Jiang, K Jee, X Xiao, Z Xu
    US Patent App. 15/416,346