ISI Directory

Erik Kline, Ph.D

Supervising Computer Scientist, Principal Scientist


B.S., Computer Science, Georgia Institute of Technology
M.S., Computer Science, University of California, Los Angeles
Ph.D., Computer Science, University of California, Los Angeles


Dr. Kline is a Computer Scientist and Research Lead in the Network and Cyber-security Division at USC/ISI. His research focuses mainly on network security including anomaly detection, line-rate traffic analysis, DDoS defense, anonymity systems, and security-aware routing. Additionally, he conducts novel research in modeling large-scale networks for scientifically rigorous experimentation and validation of network systems.

Currently, Dr. Kline is the PI on SABRES, USC/ISI's effort in DARPA's OPS-5G Program. SABRES attempts to significantly improve how network slices are constructed and the security of these slices. SABRES uses a novel approach to the network embedding problem, enabling rapid calculation of large-scale network slices, while ensuring constraints upon those slices are valid. Further, powerful security capabilities are provided to protect information transiting a slice, and protect the slice itself, from direct and side-channel attacks.

Dr. Kline is also the PI on APROPOS, USC/ISI's effort in DARPA's SearchLight program. APROPOS is designed to identify applications based on their encrypted network traffic. We accomplish this by applying machine learning to rapidly segregate network flows in to broad categories, and then utilize fine-grained classification techniques to identify specific applications. Once applications have been identified, we can begin to track application entities based on their communcation timings and history, refining the profiles as we see additional traffic. Finally, we're utilizing advanced network tomography capabilities to identify the current state and structure of the network between communicating entities.

Dr. Kline is also Co-PI on DREAMS, an NSF project for the sustainment and advancement of DETERLab. In this role, Dr. Kline is driving new network modeling capabilities on DETER. The goal is to enable knowledge transfer from topological domain experts to experimenters who may not understand the nuances of network topology and the artifacts they cause. His research in this area should enable experiments that provide better scientific validity, promoting overall confidence in the experimenters results.

Additionally, Dr. Kline has been PI on EXCEED as part of DARPA's XD3 program, and EdgeLab as part of DARPA's EdgeCT program. On XD3, USC/ISI was responsible for creating scenarios to evaluated DDoS defenses and validate the results the XD3 teams were presenting. On EdgeCT, he utilized his broad expertise to create a network emulator that can move millions of packets per second while impairing these packets in a multitude of ways relevant to the program. This capability was crucial to the development of the EdgeCT technologies. He also led a successful transition event which has led to the commercialization of many of these technologies.

Finally, Dr. Kline's Ph.D thesis was a security-aware routing scheme, Avoidance Routing. Avoidance Routing enables end-user constraints to be encoded within the routing infrastructure to ensure that their constraints and concerns are met. In general, Avoidance Routing routes packets along paths that do not violate specific security and trust contraints. End-users cannot modify the overall routing structure but can provide some influence over their own packet routing. Using advanced search algorithms, Avoidance Routing can discover optimal paths from source to destination without causing undue burden on the individual routers.

Research Summary

Current Projects:

SABRES: Secure, Adaptive, roBust, Reslient, and Efficient Slices

Principal Investigator, DARPA OPS-5G Program
Develop novel capabilities for the rapid construction and validation of network slices.  These slices will also use advanced security capabilities to protect both the traffic transiting the slice, and the slice itself.

APROPOS: Accurate and Precise Recognition of Obscured Payloads in Operational Systems

Principal Investigator, DARPA Searchlight Program
Developing technologies to identify applications from encrypted network flows.  Additionally, use this information to build entity profiles allowing APROPOS to track entities as they move from site to site.  Finally, use network tomography to estimate network state and structure between end-point enclaves.

DREAMS: DETER: Research, Education and Operations Mission Sustainment.

Operation and advancement of DETER's experimental capabilities. Dr. Kline's primary role is advanced modeling of large-scale network topologies.​

Past Projects:

EXCEED: Expert Comprehensive Experimental Evaluation of Defenses for XD3.

Principal Investigator, DARPA XD3 Program
Evaluate DDoS defenses against a variety of realistic and worst case attacks.  Attacks vary from volumetric to low-rate and assymetric.  The efficacy of the defenses is measured in both nominal conditions and under attack

EdgeLab: Using DETER for EdgeCT Experimentation and Evaluation

Principal Investigator. DARPA EdgeCT Program
Construction of realistic edge and core network emulation and potential deployment scenarios while shepherding three independent technology development teams.  Orchestrated successful multi-corporation technology transfer event

SAFERlab: Using DETER for Test and Evaluation of SAFER Technologies

Key Personnel: DARPA SAFER Program.
Development of evaluation environment and scientifically sound methodologies for anonymity systems.  Collaborative development of solutions to problems discovered in multiple anonymity systems, both novel and extant.

Selected Publications:

Erik Kline and Stephen Schwab. Cybersecurity Experimentation at Program Scale: Guidelines and Principles for Future Testbeds. Proceedings of Cyber Range Applications and Technologies (CACOE), 2019.

Erik Kline, Genevieve Bartlett, Geoff Lawler, Robert Story, and Michael Elkins. Capturing Domain Knowledge through Extensible Components. Proceedings of TRIDENTCOM, 2018.

Jelena Mirkovic, Erik Kline and Peter Reiher. RESECT: Self-Learning Traffic Filters for IP Spoofing Defense. Proceedings of 2017 Annual Computer Security Applications Conference (ACSAC), 2017.

Ryan Goodfellow and Erik Kline. Cypress: A Testbed for Research in Networked Cyber-Physical Systems. Proceedings of TRIDENTCOM 2015.

Charles Fleming, Peter Peterson, Erik Kline and Peter Reiher. Data Tethers: Preventing information leakage by enforcing environmental data access policies. Proceedings of 2012 IEEE International Conference on Communications (ICC).

Erik Kline, Alex Afanasyev and Peter Reiher. Shield: DoS filtering using traffic deflecting. Proceedings of 19th IEEE International Conference on Network Protocols, 2011.

Erik Kline, Matt Beaumont-Gay, Jelena Mirkovic and Peter Reiher. RAD: Reflector Attack Defense Using Message Authentication Codes. Proceedings of 2009 Annual Computer Security Applications Conference (ACSAC), 2009.