Summary

An expert in digital security, full of passion and curiosity, I have ambitions to improve anti-malware protection systems utilizing machine learning techniques and to hunt zero-day exploits. Cybersecurity is my life: my job, and also my hobby and lifestyle. My areas of expertise are kernel mode rootkits detection, Windows internals, and hardware virtualization technologies (Intel VT-x, EPT, PT).

I have published more than 20 research papers; six recent papers are double-blind peer-reviewed, see my blog - igorkorkin.blogspot.com.


Education

2009-2012 Moscow Engineering Physics Institute 
Department of Cryptology and Discrete Mathematics (#42).
Ph.D. in Computer Science.
Thesis topic: “Statistical Detection of Hardware Virtualization Based Rootkits”.
2004-2009 Moscow Engineering Physics Institute 
Department of Cryptology and Discrete Mathematics (#42).
MSc in Computer Science, diploma with distinction.
Master topic: “Stealth Malware Detection System in OS Windows”.
 
Contact info 
MyResume.pdf
igor.korkin@gmail.com 
linkedin.com/in/KorkinIgor

Work History 

Senior Researcher
Rus
sian Research Institute, Moscow, Russia                            February 2009 – present

  • Kernel-mode driver development and user-mode applications using C/C++, WDK, VS, WinDbg;
  • Cybersecurity and digital forensics research in various expert teams;
  • Various docs and publications for customers.
Visiting Professor
Moscow Engineering Physics Institute, Moscow, Russia            September 2012 – present
  • Scientific advisor for the undergraduate and postgraduate students;
  • External expert for the examination board in Department of Cryptology and Discrete Mathematics (#42);
  • The details are here www.kaf42.mephi.ru/2817-2/

Awards

Research activity

Papers & Conferences

Ph.D. Thesis
  • Igor Korkin,
    Statistical Detection of Hardware Virtualization Based Rootkits 
    Defended on February 9, 2012; approved on August 30, 2012, 151 p, #04201255358, IAEA Ref #45100139 
    (in Russian) 
Conferences/Peer-Reviewed Journal Articles in English:
  • Igor Korkin
    Hypervisor-Based Active Data Protection for Integrity and Confidentiality of Dynamically Allocated Memory in Windows Kernel 
    Proceedings of the 13th Annual ADFSL 2018 Conference on Digital Forensics, Security and Law, San Antonio, Texas, USA, 17-18 May 2018, ISSN 1931-7379.
      • Igor Korkin, Satoshi Tanda 
        Detect Kernel-Mode Rootkits via Real-Time Logging & Controlling Memory Access 
        Proceedings of the 12th Annual ADFSL 2017 Conference on Digital Forensics, Security and Law, Daytona Beach, Florida, USA, 15-16 May 2017, ISSN 1931-7379.
      • Satoshi Tanda, Igor Korkin
        Monitoring & controlling kernel-mode events by HyperPlatform 
        REcon conference, Montreal, Canada, 17-19 June 2016. 
      • Igor Korkin, Ivan Nesterov 
        Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump Using CUDA-enabled GPU Hardware 
        Proceedings of the 11th Annual ADFSL 2016 Conference on Digital Forensics, Security and Law, Daytona Beach, Florida, USA, 24-26 May 2016, ISSN 1931-7379, pp 47-82 
      • Igor Korkin 
        Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluctuations 
        Proceedings of the 10th Annual ADFSL 2015 Conference on Digital Forensics, Security and Law, Daytona Beach, Florida, USA, 19-21 May 2015, ISSN 1931-7379, pp 33-57 
      • Igor Korkin, Ivan Nesterov 
        Applying Memory Forensics to Rootkit Detection 
        Proceedings of the 9th Annual ADFSL 2014 Conference on Digital Forensics, Security and Law, Richmond, Virginia, USA, 28-29 May 2014, ISSN 1931-7379, pp 115-141 
      Other Publications in English:
      • Igor Korkin 
        Anti-Rootkits in the Era of Cyber Wars 
        Hakin9 Extra Magazine, English Edition, Vol.2. No.7 Issue 07/2012 (11) ISSN 1733-7186. August 2012, pp 26-29
      • Igor Korkin 
        Strong Approach to Hardware-VM Rootkits Detection 
        Hakin9 Extra Magazine, English Edition, Issue 06/2011 (6) ISSN 1733-7186. November 2011, pp 30-33
      Other Publications in Russian: 
      • I. Y. Korkin
        Cyber-Security of Autonomous Wireless Medical Devices For Supporting Life 
        Skolkovo Cybersecurity Challenge 2016 (Cyberday Conference 2016), Moscow, Russia
      • I. Y. Korkin 
        Rootkits: Security Issues and Trends 
        Hacker Magazine, Issue 05/2013 (172), ISSN 1609-1019, 74-79.
      • I. Y. Korkin 
        Hypervisor Level Detection Method in Computer Systems 
        21 Russian Scientific Conference "Methods and technical tools of information security", 2012, 110-113.
      • A. E. Zhukov, I. Y. Korkin, B. M. Sukhinin 
        Processor Instructions Execution Models in Computer Systems Supporting Hardware Virtualization When an Intruder Takes Detection Countermeasures 
        Security of Information Technologies №1, 2012, ISSN 2074-7128, 85-89.
      • I. Y. Korkin 
        The Proof of Statistical Criteria for Hardware Virtualization-Based Rootkits Detection in Computer Systems 
        Security of Information Technologies №1, 2012, ISSN 2074-7128, 90-92.
      • I. Y. Korkin 
        Detection of Nested Virtual Machine Monitors (Hypervisors) 
        High Availability Systems №2, 2011, ISSN 2072-9472, 76-77.
      • I. Y. Korkin 
        Statistical Detection of Nested Virtual Machine Monitors 
        20 Russian Scientific Conference "Methods and technical tools of information security", 2011, 146-147.
      • I. Y. Korkin 
        New Statistical Metrics and Methods of Virtual Machines Monitors Detection in Computer Systems 
        Natural and Engineering Sciences №4, 2011, ISSN 1684-2626, 498-502.
      • I. Y. Korkin 
        Detection Hardware Virtual Machine Based Rootkits Method with Caching Approach 
        Security of Information Technologies №1, 2011, ISSN 2074-7128, 101-103.
      • I. Y. Korkin 
        Statistical Identification of Computer Systems’ Modes 
        15 Conference "Telecommunications and New Information Technologies in Education", 2011, 163.
      • I. Y. Korkin 
        A New Approach to Identify Hardware Virtualization in Computer Systems 
        14 International Telecommunication Conference of Students and Young Scientists' "Youth and Science", 2010, 241-242.
      • I. Y. Korkin 
        Virtual Machine Monitors Detection Method 
        19 Russian Scientific Conference "Methods and technical tools of information security", 2010, 113-114. 
      • I. Y. Korkin 
        Hardware Virtualization Method Detection in Computer Systems 
        17 Russian Scientific Conference "Information security issues in universities system", 2010, 114-115.
      • I. Y. Korkin 
        Stealthy Processes Detection Method in Windows 
        16 Russian Scientific Conference "Information security issues in universities system", 2009, 111-112.
      • I. Y. Korkin 
        Stealthy Malware Technologies and New Ways of Detecting Them 
        Security of Information Technologies №1, 2009, ISSN 2074-7128, 43-46.