Kangkook Jee

Research

Dr. Jee’s current focus primarily spans three research thrusts: (1) system provenance, (2) reversing and decompilation of High-level Dynamic Languages (HDLs), and (3) safety and security of small satellites in Low Earth Orbit (LEO). Various private organizations and public agencies, including NSF and NIST, have supported Dr. Jee’s research.

System provenance research. Dr. Jee is a leading researcher in system provenance, known for developing and deploying a comprehensive framework to collect system events across diverse, real-world networks. He has focused on automating forensic analysis tasks using system provenance data while enhancing storage and processing capacities to support these efforts. His current research explores machine learning (ML) security models built on system provenance, focusing on evasion techniques that target these models, improving model explainability, and addressing the scarcity of public datasets, alongside tackling privacy challenges associated with data sharing.

Perfect decompilation of high-level dynamic language (HDL). With software products and malware increasingly packaged and distributed in HDL bytecode, the lack of effective decompiler support has posed a significant challenge to the community. In response, Dr. Jee’s group developed a novel approach to Python bytecode decompilation: a hybrid system combining ML and PL techniques that can adapt seamlessly to changes in the Python language over time. PyLingual, now available as a public online service, ensures a strict accuracy guarantee through perfect decompilation, enabling users to validate results and refine outputs. PyLingual was showcased at PyCon US 2024 and Black Hat USA 2024 and accepted for presentation at Oakland 2025.

Security and Safety of Small Satellites in LEO. Dr. Jee’s research focuses on small satellites’ security and safety challenges, which are becoming increasingly prevalent due to innovations in reusable rocket boosters and more powerful, resilient microelectronics (ME) technologies. He has built a strong foundation in space security research. Leveraging his expertise in the field, Dr. Jee has served as a technical panelist at the NSF SaTC workshop, presented his research at aerospace conferences, and hosted the first small satellite workshop at UT Dallas. The NSF supports Dr Jee’s research on space system security.

Selected publications (full list)

Papers are listed in chronological order.

  1. PyLingual: Toward Perfect Decompilation of Evolving High-Level Languages
    J Wiedemeier, E Tarbet, M Zheng, S Ko, J Ouyang, SK Cha, K Jee
    IEEE Symposium on Security and Privacy (Oakland), May. 2025
  2. Evading Provenance-Based ML Detectors with Adversarial System Actions
    K Mukherjee, J Wiedemeier, T Wang, J Wei, M Kim, M Kantarcioglu, K Jee
    In Proceedings of Usenix Security, Aug. 2023
  3. Reassembly is Hard: A Reflection on Challenges and Strategies
    H Kim, S Kim, J Lee, K Jee, SK Cha
    In Proceedings of Usenix Security, Aug. 2023
  4. Back-Propagating System Dependency Impact for Attack Investigation
    P Fang, P Gao, C Liu, E Ayday, K Jee, T Wang, Y Ye, Z Liu, X Xiao
    In Proceedings of Usenix Security, Aug. 2022
  5. SEAL: Storage-efficient Causality Analysis on Enterprise Logs with Query-friendly Compression
    P Fei, Z Li, Z Wang, X Yu, D Li, K Jee
    In Proceedings of Usenix Security, Aug. 2021
  6. APTrace: A Responsive System for Agile Enterprise Level Causality Analysis
    J Gui, D Li, Z Chen, J Rhee, X Xiao, M Zhang, K Jee, Z Li, and H Chen
    In Proceedings of ICDE, May 2020.
  7. You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis
    Q. Wang, W. U. Hassan, D. Li, K. Jee, X. Yu, K. Zou, J. Rhee, Z. Chen, W. Cheng, C. A. Gunter, H. Chen
    In Proceedings of NDSS, Feb. 2020
  8. Countering Malicious Processes with End-point DNS Monitoring
    S. Sivakorn, K. Jee, Y. Sun, L. Kort-Parn, Z. Li, C. Lumezanu, Z. Wu, L. Tang, D. Li
    In Proceedings of NDSS, Feb. 2019
  9. NoDoze: Combatting Threat Alert Fatigue with Automated Provenance Triage
    W. U. Hassan, S. Guo, D. Li, Z. Chen, K. Jee, Z. Li, A. Bates
    In Proceedings of NDSS, Nov. 2019
  10. NodeMerge: Template-Based Efficient Data Reduction For Big-Data Causality Analysis
    Y. Tang, D. Li, Z. Li, M. Zhang, K. Jee, Z. Wu, J. Rhee, X. Xiao, F. Xu, Q. Li
    In Proceedings of CCS, Nov. 2018
  11. SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection
    P. Gao, X. Xiao, D. Li, Z. Li, K. Jee, Z. Wu, C. H. Kim, S. R. Kulkarni, P. Mittal
    In Proceedings of Usenix Security Aug. 2018
  12. AIQL: Enabling Efficient Attack Investigation from System Monitoring Data
    P. Gao, X. Xiao, Z. Li, K. Jee, F. Xu, S. R. Kulkarni, P. Mittal
    In Proceedings of Usenix ATC, Jul. 2018
  13. Towards a timely causality analysis for enterprise security
    Y. Liu, M. Zhang, D. Li, K. Jee, Z. Li, Z Wu, J Rhee, P Mittal
    In Proceedings of NDSS, Feb. 2018
  14. High fidelity data reduction for big data security dependency analyses
    Z Xu, Z Wu, Z Li, K Jee, J Rhee, X Xiao, F Xu, H Wang, G Jiang
    In Proceedings of CCS, Nov. 2016
  15. ShadowReplica: Efficient Parallelization of Dynamic Data Flow Tracking
    K. Jee, V. P. Kemerlis, A. D. Keromytis and G. Portokalidis
    In Proceedings of ACM CCS, Nov. 2013
  16. A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware
    K. Jee, G. Portokalidis, V. P. Kemerlis, S. Ghosh, D. I. August, and A. D. Keromytis
    In Proceedings of NDSS, Feb. 2012