Khoury News
After two decades devoted to cybersecurity, Engin Kirda named IEEE fellow
For Khoury–College of Engineering Professor Engin Kirda, defending computer systems against adversaries has been a magical, lifelong passion. Now, thanks to the world's largest group of technical professionals, he has a new honor on his resume.
For Engin Kirda, professor of computer security and engineering at Khoury College and the College of Engineering, cybersecurity is a video game with real stakes. After two decades of work in the field, he’s unlocked a new achievement.
In being named a fellow of the Institute of Electrical and Electronics Engineers, or IEEE, Kirda joins a selective group of technological leaders. The fellowship recognizes exceptional contributions to engineering and computer science, with just 0.1% of the organization’s more than 400,000 members receiving the distinction annually.
“It’s an honor. It’s a very nice thing to be elevated to IEEE fellow,” Kirda said. “I’ve spent the last 20 years doing research on computer security. I have been fortunate enough to build popular systems with my students and with my collaborators.”
As a child, Kirda developed an early fascination with the idea of security. He was especially captivated by “WarGames,” the 1983 sci-fi thriller about a teenage hacker who nearly triggers a nuclear crisis after a computer system mistakes a simulation for reality. The film’s premise — that a few lines of code could have drastic consequences — left a lasting impression.
At the time, the movie felt “groundbreaking,” Kirda said, adding that it feels “more plausible today with the advent of large language models.”
“Back in the day people were not talking about security,” he continued. “There weren’t security courses that you could take. People were not talking about hacking. This was all magical for me.”
Although Kirda completed his PhD in software engineering, he always intended to pivot to security. Rather than abandoning his engineering background, he used it as a foundation, integrating it into his security research to build resilient systems.
“You’re working on a topic where there is an adversary, and they’re trying to make it more difficult for you,” he said. “It can be intellectually very satisfying when you find something that seems to work.”
Kirda has spearheaded several solutions over the course of his career, such as Anubis, which enabled automated dynamic malware analysis; Exposure, which detects and reports malicious domains; and TRex, a transfer-learning-based framework that learns how code behaves from small samples and uses that knowledge to find similar functions.
READ: Khoury PhD student, professor, and alumnus create web extension to protect user privacy
But in cybersecurity, breakthroughs often create new vulnerabilities. One system Kirda worked on, Anubis, was used by attackers to better their malicious software.
“If you’ve written or you’ve produced a tool like Anubis that analyzes some piece of code and it becomes popular, then the bad people use those tools as well to try to figure out how they can improve their malicious code, or their ability to code,” Kirda said.
This dynamic, where defenses can be used against themselves, has convinced Kirda that there will never be a perfect cybersecurity solution.
“This is not always the case in other computer science fields,” he said. “You might work in a field where you come up with a solution, but you’re not working against someone.”
Kirda has watched the security field evolve and become more popular, but he’s also wary knowing that as computer programming changes, new security problems open up.
“A lot of code is being produced by AI, and we don’t know if it’s actually secure or not,” Kirda said. “So, I do expect new problems to emerge that we’re not aware of today.”
These days, Kirda is focusing on web security and has a number of PhD students publishing papers in the space. He is particularly interested in content distribution networks, or CDNs, which administer web content across servers and introduce a slew of security risks.
“These are discrepancy types of attacks,” he said, referring to attacks that take advantage of a difference between how two systems process the same data. “My students and I have been studying them and writing tools to try to detect them. There are not many solutions right now.”
Still, despite LLMs and CDNs, Kirda notes that “simple” attacks — such as suspicious links people are prone to click on — still prevail.
“I don’t think that the number of attacks will go down,” Kirda said. “But I think it would be a great success if people become much more educated in security.”
The Khoury Network: Be in the know
Subscribe now to our monthly newsletter for the latest stories and achievements of our students and faculty