Summary

A fan of digital security, full of passion and curiosity, I have an ambition to improve the anti-malware protection systems utilizing machine learning techniques and to hunt zero-day exploits. Cyber security determinates my life: it is my job, but also my hobby and lifestyle. My areas of expertise are kernel mode rootkit detection, Windows internals and hardware virtualization technologies (Intel VT-x, EPT, PT). 
I have published more than 20 research papers; 5 recent papers are double-blind peer reviewed.

Education

2009-2012 Moscow Engineering Physics Institute (State University)
Department of Cryptology and Discrete Mathematics (#42).
Degree: Ph.D. in Computer Science.
Thesis topic: “Statistical Detection of Hardware Virtualization Based Rootkits”.
2004-2009 Moscow Engineering Physics Institute (State University)
Department of Cryptology and Discrete Mathematics (#42).
Degree: MSc in Computer Science, diploma with distinction.
Master topic: “Stealth Malware Detection System in OS Windows”.
 
Contact info 
MyResume.pdf
igor.korkin@gmail.com 
linkedin.com/in/KorkinIgor

Work History 

Senior Researcher
Rus
sian Research Institute, Moscow, Russia                            February 2009 – present

  • Kernel-mode driver development and user-mode applications using C/C++, WDK, VS, WinDbg;
  • Cyber security and digital forensics research in various expert teams;
  • Various docs and publications for customers.
Visiting Professor
Moscow Engineering Physics Institute, Moscow, Russia            September 2012 – present
  • Scientific advisor for the undergraduate and postgraduate students;
  • External expert for the examination board in Department of Cryptology and Discrete Mathematics;
  • The details are here www.kaf42.mephi.ru/2817-2/

Awards

Research activity

Papers & Conferences

PhD Thesis
  • Igor Korkin,
    Statistical Detection of Hardware Virtualization Based Rootkits 
    Defended on February 9, 2012; approved on August 30, 2012, 151 p, #04201255358, IAEA Ref #45100139 
    (in Russian) 
Conferences/Peer-Reviewed Journal Articles in English:
  • Igor Korkin, Satoshi Tanda 
    Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access 
    Proceedings of the 12th Annual ADFSL 2017 Conference on Digital Forensics, Security and Law, Daytona Beach, Florida, USA, 15-16 May, 2017, ISSN 1931-7379, pp
  • Satoshi Tanda, Igor Korkin
    Monitoring & controlling kernel-mode events by HyperPlatform 
    REcon conference, Montreal, Canada, 17-19 June, 2016. 
  • Igor Korkin, Ivan Nesterov 
    Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump Using CUDA-enabled GPU Hardware 
    Proceedings of the 11th Annual ADFSL 2016 Conference on Digital Forensics, Security and Law, Daytona Beach, Florida, USA, 24-26 May, 2016, ISSN 1931-7379, pp 47-82 
  • Igor Korkin 
    Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluctuations 
    Proceedings of the 10th Annual ADFSL 2015 Conference on Digital Forensics, Security and Law, Daytona Beach, Florida, USA, 19-21 May, 2015, ISSN 1931-7379, pp 33-57 
  • Igor Korkin, Ivan Nesterov 
    Applying Memory Forensics to Rootkit Detection 
    Proceedings of the 9th Annual ADFSL 2014 Conference on Digital Forensics, Security and Law, Richmond, Virginia, USA, 28-29 May, 2014, ISSN 1931-7379, pp 115-141 
Other Publications in English:
  • Igor Korkin 
    Anti-Rootkits in the Era of Cyber Wars 
    Hakin9 Extra Magazine, English Edition, Vol.2. No.7 Issue 07/2012 (11) ISSN 1733-7186. August 2012, pp 26-29
  • Igor Korkin 
    Strong Approach to Hardware-VM Rootkits Detection 
    Hakin9 Extra Magazine, English Edition, Issue 06/2011 (6) ISSN 1733-7186. November 2011, pp 30-33
Other Publications in Russian: 
  • I. Y. Korkin
    Cyber-Security of Autonomous Wireless Medical Devices For Supporting Life 
    Skolkovo Cybersecurity Challenge 2016 (Cyberday Conference 2016), Moscow, Russia
  • I. Y. Korkin 
    Rootkits: Security Issues and Trends 
    Hacker Magazine, Issue 05/2013 (172), ISSN 1609-1019, 74-79.
  • I. Y. Korkin 
    Hypervisor Level Detection Method in Computer Systems 
    21 Russian Scientific Conference "Methods and technical tools of information security", 2012, 110-113.
  • A. E. Zhukov, I. Y. Korkin, B. M. Sukhinin 
    Processor Instructions Execution Models in Computer Systems Supporting Hardware Virtualization When an Intruder Takes Detection Countermeasures 
    Security of Information Technologies №1, 2012, ISSN 2074-7128, 85-89.
  • I. Y. Korkin 
    The Proof of Statistical Criteria for Hardware Virtualization-Based Rootkits Detection in Computer Systems 
    Security of Information Technologies №1, 2012, ISSN 2074-7128, 90-92.
  • I. Y. Korkin 
    Detection of Nested Virtual Machine Monitors (Hypervisors) 
    High Availability Systems №2, 2011, ISSN 2072-9472, 76-77.
  • I. Y. Korkin 
    Statistical Detection of Nested Virtual Machine Monitors 
    20 Russian Scientific Conference "Methods and technical tools of information security", 2011, 146-147.
  • I. Y. Korkin 
    New Statistical Metrics and Methods of Virtual Machines Monitors Detection in Computer Systems 
    Natural and Engineering Sciences №4, 2011, ISSN 1684-2626, 498-502.
  • I. Y. Korkin 
    Detection Hardware Virtual Machine Based Rootkits Method with Caching Approach 
    Security of Information Technologies №1, 2011, ISSN 2074-7128, 101-103.
  • I. Y. Korkin 
    Statistical Identification of Computer Systems’ Modes 
    15 Conference "Telecommunications and New Information Technologies in Education", 2011, 163.
  • I. Y. Korkin 
    A New Approach to Identify Hardware Virtualization in Computer Systems 
    14 International Telecommunication Conference of Students and Young Scientists' "Youth and Science", 2010, 241-242.
  • I. Y. Korkin 
    Virtual Machine Monitors Detection Method 
    19 Russian Scientific Conference "Methods and technical tools of information security", 2010, 113-114. 
  • I. Y. Korkin 
    Hardware Virtualization Method Detection in Computer Systems 
    17 Russian Scientific Conference "Information security issues in universities system", 2010, 114-115.
  • I. Y. Korkin 
    Stealthy Processes Detection Method in Windows 
    16 Russian Scientific Conference "Information security issues in universities system", 2009, 111-112.
  • I. Y. Korkin 
    Stealthy Malware Technologies and New Ways of Detecting Them 
    Security of Information Technologies №1, 2009, ISSN 2074-7128, 43-46.