Summary
Information security and particularly stealth malware research is not only a job, but also hobby and lifestyle. Interested in finding implicit relationships in complex tasks. Currently integrating concepts developed in Ph.D. thesis into the Malware Analysis System for Hidden Knotty Anomalies detecting stealth malware on the operating system and hypervisor levels.

Education
  • 2012 Ph.D., Computer Science – 05.13.19 (Methods and systems for information security), 'Statistical Approach to Detection of Hardware Virtualization Based Rootkit'. 
  • 2009 – 2012 Postgraduate student
  • 2004 – 2009 Moscow Engineering Physics Institute, 'Information Security' department, diploma with honors; specialist in Information Security, speciality – ‘Complex supply of automated systems' information security”.
 
Contact info 
@IgorKorkin 
igor.korkin@gmail.com 
linkedin.com/in/KorkinIgor

Work History 

Senior researcher

Research Institution
 February 2009 – present
  • Developing kernel mode drivers and user mode programs using C++, WDK, STL; 
  • Successfully realized two large-scale projects, currently investing ideas into a new one. All results are put into production; 
  • Interviewed and recruited a new employee who has helped to meet the deadline. 

Freelance teacher

 Moscow Engineering Physics Institute, Russia
 September 2012 – present

Working as scientific consultant for post-graduate students and supervising students’ research activities in the “Information Security” department.

Awards

Research activity

  • participated in REcon 2016 conference;
  • made presentations at three conferences on Digital Forensics, Security and Law in the USA in 2014, 2015 and 2016;
  • 21 scientific papers published.
Main papers

PhD Thesis
  • Igor Korkin,
    Statistical Approach to Detection of Hardware Virtualization Based Rootkits, 
    Defended on February 9, 2012; approved on August 30, 2012, 151 p, #04201255358, IAEA Ref #45100139 
    (in Russian) 
Conferences/Peer-Reviewed Journal Articles in English:
  • Igor Korkin, Satoshi Tanda 
    Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory Access 
    Proceedings of the 12th Annual ADFSL 2017 Conference on Digital Forensics, Security and Law, Daytona Beach, Florida, USA, 15-16 May, 2017, ISSN 1931-7379, pp
  • Satoshi Tanda, Igor Korkin
    Monitoring & controlling kernel-mode events by HyperPlatform 
    REcon conference, Montreal, Canada, 17-19 June, 2016. 
  • Igor Korkin, Ivan Nesterov 
    Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump Using CUDA-enabled GPU Hardware 
    Proceedings of the 11th Annual ADFSL 2016 Conference on Digital Forensics, Security and Law, Daytona Beach, Florida, USA, 24-26 May, 2016, ISSN 1931-7379, pp 47-82 
  • Igor Korkin 
    Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluctuations 
    Proceedings of the 10th Annual ADFSL 2015 Conference on Digital Forensics, Security and Law, Daytona Beach, Florida, USA, 19-21 May, 2015, ISSN 1931-7379, pp 33-57 
  • Igor Korkin, Ivan Nesterov 
    Applying Memory Forensics to Rootkit Detection 
    Proceedings of the 9th Annual ADFSL 2014 Conference on Digital Forensics, Security and Law, Richmond, Virginia, USA, 28-29 May, 2014, ISSN 1931-7379, pp 115-141 
Other Publications in English:
  • Igor Korkin 
    Anti-Rootkits in the Era of Cyber Wars 
    Hakin9 Extra Magazine, English Edition, Vol.2. No.7 Issue 07/2012 (11) ISSN 1733-7186. August 2012, pp 26-29
  • Igor Korkin 
    Strong Approach to Hardware-VM Rootkits Detection 
    Hakin9 Extra Magazine, English Edition, Issue 06/2011 (6) ISSN 1733-7186. November 2011, pp 30-33