Erik Kline

About

Education

Ph.D, Computer Science, University of California, Los Angeles - 2012. Thesis: Avoidance Routing
M.S., Computer Science, University of California, Los Angeles - 2009
B.S., Computer Science, Georgia Institute of Technology, - 2005

Bio

Dr. Kline is a Computer Scientist and Research Lead in the Network and Cyber-security Division at USC/ISI.  His research focuses mainly on network security including anomaly detection, line-rate traffic analysis, DDoS defense, anonymity systems, and security-aware routing.  Additionally, he conducts novel research in modeling large-scale networks for scientifically rigorous experimentation and validation of network systems.  

Currently, Dr. Kline is the PI on APROPOS, USC/ISI's effort in DARPA's SearchLight program.  APROPOS is designed to identify applications based on their encrypted network traffic.  We accomplish this by applying machine learning to rapidly segregate network flows in to broad categories, and then utilize fine-grained classification techniques to identify specific applications.  Once applications have been identified, we can begin to track application entities based on their communcation timings and history, refining the profiles as we see additional traffic.  Finally, we're utilizing advanced network tomography capabilities to identify the current state and structure of the network between communicating entities.

Further, Dr. Kline serves as PI on EXCEED, USC/ISI's effort in DARPA's XD3 program.  The goal of EXCEED is to evaluate DDoS defenses developed within XD3 against realistic attacks on representative networks.  ISI is developing new attack tools to generate accurate attacks at scale for this evaluation effort.  Additionally, low-rate, assymmetric attacks are modeled in order to evalaute the efficacy of the defenses against this style of attack.  Finally, defenses are evaluated when not under attack to determine the cost of the defense during normal operations.

Dr. Kline is also Co-PI on DREAMS, an NSF project for the sustainment and advancement of DETERLab.  In this role, Dr. Kline is driving new network modeling capabilities on DETER.  The goal is to enable knowledge transfer from topological domain experts to experimenters who may not understand the nuances of network topology and the artifacts they cause.  His research in this area should enable experiments that provide better scientific validity, promoting overall confidence in the experimenters results.

Additionally, Dr. Kline has been PI on EdgeLab, USC/ISI's effort in DARPA's EdgeCT program.  In this role, he utilized his broad expertise to create a network emulator that can move millions of packets per second while impairing these packets in a multitude of ways relevant to the program.  This capability was crucial to the development of the EdgeCT technologies.  He also led a successful transition event which has led to the commercialization of many of these technologies.

Finally, Dr. Kline's Ph.D thesis was a security-aware routing scheme, Avoidance Routing.  Avoidance Routing enables end-user constraints to be encoded within the routing infrastructure to ensure that their constraints and concerns are met.  In general, Avoidance Routing routes packets along paths that do not violate specific security and trust contraints.  End-users cannot modify the overall routing structure but can provide some influence over their own packet routing.  Using advanced search algorithms, Avoidance Routing can discover optimal paths from source to destination without causing undue burden on the individual routers.

Current Projects:

APROPOS: Accurate and Precise Recongition of Obsecured Payloads in Operational Systems

  • Principal Investigator, DARPA SearchLight Program
  • Developing technologies to identify applications from encrypted network flows.  Additionally, use this information to build entity profiles allowing APROPOS to track entities as they move from site to site.  Finally, use network tomography to estimate network state and structure between end-point enclaves.

EXCEED: Expert Comprehensive Experimental Evaluation of Defenses for XD3.

  • Principal Investigator, DARPA XD3 Program
  • Evaluate DDoS defenses against a variety of realistic and worst case attacks.  Attacks vary from volumetric to low-rate and assymetric.  The efficacy of the defenses is measured in both nominal conditions and under attack

DREAMS: DETER: Research, Education and Operations Mission Sustainment.

  • CO-Pi, NSF 
  • Operation and advancement of DETER's experimental capabilities. Dr. Kline's primary role is advanced modeling of large-scale network topologies.‚Äč

Past Projects:

EdgeLab: Using DETER for EdgeCT Experimentation and Evaluation

  • Principal Investigator. DARPA EdgeCT Program
  • Construction of realistic edge and core network emulation and potential deployment scenarios while shepherding three independent technology development teams.  Orchestrated successful multi-corporation technology transfer event

SAFERlab: Using DETER for Test and Evaluation of SAFER Technologies

  • Key Personnel: DARPA SAFER Program.
  • Development of evaluation environment and scientifically sound methodologies for anonymity systems.  Collaborative development of solutions to problems discovered in multiple anonymity systems, both novel and extant.

Selected Publications:

Erik Kline and Stephen Schwab. Cybersecurity Experimentation at Program Scale: Guidelines and Principles for Future Testbeds. Proceedings of Cyber Range Applications and Technologies (CACOE), 2019.

Erik Kline, Genevieve Bartlett, Geoff Lawler, Robert Story, and Michael Elkins.  Capturing Domain Knowledge through Extensible Components.  Proceedings of TRIDENTCOM, 2018.

Jelena Mirkovic, Erik Kline and Peter Reiher.  RESECT: Self-Learning Traffic Filters for IP Spoofing Defense.  Proceedings of 2017 Annual Computer Security Applications Conference (ACSAC), 2017. 

Ryan Goodfellow and Erik Kline.  Cypress: A Testbed for Research in Networked Cyber-Physical Systems. Proceedings of TRIDENTCOM 2015.

Charles Fleming, Peter Peterson, Erik Kline and Peter Reiher.  Data Tethers: Preventing information leakage by enforcing environmental data access policies.  Proceedings of 2012 IEEE International Conference on Communications (ICC).

Erik Kline, Alex Afanasyev and Peter Reiher.  Shield: DoS filtering using traffic deflecting.  Proceedings of 19th IEEE International Conference on Network Protocols, 2011.

Erik Kline, Matt Beaumont-Gay, Jelena Mirkovic and Peter Reiher.  RAD: Reflector Attack Defense Using Message Authentication Codes.  Proceedings of 2009 Annual Computer Security Applications Conference (ACSAC), 2009.
 

Groups: