Nepali researcher from remote village invents cybersecurity tools

By Katia Moskvitch

Image for post
Image for post
From left to right, IBM scientists Marc Ph. Stoecklin, Jiyong Jang and Dhilung Kirat.

“As a kid, I always imagined this ‘other world’– a world with something called computers,” says Dhilung Kirat, brushing his long black hair off his forehead. In his early 30s, he is one of the youngest, yet most prominent IBM cybersecurity researchers — and the brains behind applying artificial intelligence to cybersecurity.

But in the remote Himalayan village where he grew up, people didn’t have computers. Or telephones. There was no running water, either. No roads. No electricity. “I had to do homework sitting on the floor under a kerosene lamp,” he says.

Kirat was born in Bhojpur, 200 km from Nepal’s capital Kathmandu. Two decades later, he became the first person to leave his village for a foreign country to pursue higher education. Today, at IBM, he is a researcher focused on the intersection of AI and cybersecurity.

But it wasn’t easy for him to get where he is.

“My parents, teachers at my school, kept telling me that there was a much bigger world out there, beyond our village,” says Kirat, sitting in his small office at the technology-packed IBM Thomas J. Watson Research Center in Yorktown Heights, New York.

He saw a tiny picture of a computer as a kid, and imagined taking it apart and exploring it inside — but only saw one for real when he was 15.

Coming to America

Having finished school in early 2000s, Kirat moved to Kathmandu to study computer engineering at Tribhuvan University. One day, he was playing with a Rubik’s Cube — and suddenly thought how great it would be to build a program to solve it, every time. “I did that, with pencil and paper first, and then created a program with 3d visualization in DOS,” he says.

Kirat’s first program could solve any Rubik’s Cube’s orientation problem. Credit: Dhilung Kirat

The program could solve any Rubik’s Cube’s orientation problem. And it kickstarted Kirat’s career — he was the only one from his class selected for an internship, followed by a security research position in a leading offshore software company in Nepal. A few years later, in 2011, he applied for the International Fulbright S&T PhD fellowship and won— and left home for the US with a PhD offer from the University of California, Santa Barbara.

The first several months in America were a culture shock for the young Nepali student. He encountered blurred social hierarchy, strong work ethics and “baffling encounters with science PhDs who do not believe in evolution.”

What he also noticed straight away was the amount of security — everywhere, both in the physical world and online. “I wanted to make a change — I was fascinated by the social and digital worlds where anything can be shared, replicated and traced. Not only the technical challenges but also the massive social implications made me passionate about computer security,” he says. He started conducting malware analysis research and getting involved in some of the largest hacking competitions and conferences, such as the DEF CON, which caught the attention of IBM. Fast forward four years later, and armed with his PhD, in 2015 Kirat joined IBM Research and moved to New York.

Image for post
Image for post
DeepLocker a technique that could be used to evade AI-powered malware.

The focus of his early research was Watson for Cybersecurity, software that aims to help clients deal with advanced, next generation AI-powered cyberattacks. Artificial intelligence is positively impacting many areas of our lives, from autonomous cars to smart digital assistants, but it can also be used by criminals. In 2018 at the Black Hat USA conference, Kirat and his IBM colleagues demonstrated DeepLocker, a technique that could be used to evade AI-powered malware.

DeepLocker is a proof-of-concept malware that conceals its intent until the moment it reaches its target. Its AI system spots the target using facial and voice recognition and geolocation. Such malware could infect millions of systems without being detected. “It’s like a disease that, when you go to a doctor, suddenly doesn’t show any symptoms,” says Kirat. “And as soon as you go back home, it starts giving you trouble again.”

Image for post
Image for post
Kirat is an avid drone photographer. This is an aerial vertorama taken with a DJI Phantom 3 pro of the IBM T.J Watson Research Center where he works. The image is of three photos manually stitched together. Credit: Dhilung Kirat

Connections to Nepal

While being on the other side of the Atlantic, Kirat also stays connected to home— for instance, by remotely mentoring a medical drone engineering team in Nepal. It’s a non-profit organization building autonomous drones for medical supply during natural disasters, such as the massive earthquake that hit the country in 2015.

An avid tech lover, Kirat tinkers with drones too. Some he builds, others — commercial ones — he uses for landscape photography. One of the pictures he took with a drone is a bird view of the IBM Yorktown lab in the fall, bathing in a stunning palette of colors, and it has been used by many publications.

“As a kid, I didn’t know what computers were — and I never thought that one day I’d use one — and even make a flying computer, a drone, myself,” he says. “Decades later, there are still plenty of kids like I once was, and not just in Nepal. I hope that one day, they, too, will know that their tiny village is not the only thing in the world.”

Follow Dhilung Kirat on Twitter @dhilung

Written by

This is the official Medium account of IBM Research. It’s managed by IBM Research’s Chief Writer Katia Moskvitch & follows the IBM Social Computing Guidelines.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store