Guofei Gu

Assistant Professor

Department of Computer Science & Engineering

Texas A&M University

Office: HRBB 502C

Phone: (979) 845-2475

Email: guofei [AT] cse.tamu.edu

I am an assistant professor in the Department of Computer Science & Engineering at Texas A&M University. Before joining Texas A&M, I received my Ph.D. degree in Computer Science from the College of Computing, Georgia Tech, in 2008. I am a recipient of 2010 NSF CAREER award and a co-recipient of 2010 IEEE Symposium on Security & Privacy (Oakland'10) best student paper award. I'm currently directing the SUCCESS (Secure Communication and Computer Systems) Lab at TAMU.

What's

[Apr. 2012] Our paper "Bin-Carver: Automatic Recovery of Binary Executable Files" is accepted to DFRWS'12. A new forensics tool "Bin-Carver" is developed to automatically recover deleted or otherwise unreachable executable ﬁles.
[Jan. 2012] Our paper "Analyzing Spammers' Social Networks For Fun and Profit -- A Case Study of Cyber Criminal Ecosystem on Twitter" is accepted to WWW'12. We have some interesting findings such as that criminal accounts tend to be socially connected, forming a small-world network. We also revealed several interesting types of criminal support accounts and designed a new criminal account inference algorithm by exploiting their social relationships and semantic coordinations. Congratulations, Chao!
[Nov. 2011] Our paper "EFFORT: Efficient and Effective Bot Malware Detection" has been accepted to INFOCOM'12 mini-conference. In this paper, we propose EFFORT, a new host-network cooperated detection framework attempting to combine the best from network-level approaches (efficiency) and host-level approaches (effectiveness) while overcoming their shortcomings. Specifically, we propose a multi-module approach to correlate information from different host- and network-level aspects and design a multi-layered architecture to efﬁciently coordinate modules to perform heavy monitoring only when necessary.
[Nov. 2011] Our paper "Shadow Attacks: Automatically Evading System-Call-Behavior based Malware Detection" will appear in Journal in Computer Virology. In this paper, we present a new class of attacks, namely "shadow attacks", to evade current behavior-based malware detectors by partitioning one piece of malware into multiple "shadow processes". We have developed a compiler-level prototype tool, AutoShadow, to automatically generate shadow-process version of malware given the source code of original malware.
[Oct. 2011] Our extended Conficker analysis (ACSAC'10) paper is accepted to IEEE Transactions on Information Forensics and Security.
[Sept. 2011] Please consider submitting your paper to a special issue of Computer Networks (Elsevier Journal) on "Botnet Activity: Analysis, Detection and Shutdown"! The deadline is Dec. 1, 2011 extended to Dec. 19, 2011.
[Aug. 2011] Our paper "SEMAGE: A New Image-based Two-Factor CAPTCHA" is accepted to ACSAC'11, in which we propose a new explicit-semantic-relationship-based CAPTCHA system to defeat web bots. We have conducted a large-scale user study involving 174 users to gauge and compare accuracy and usability with existing state-of-the-art CAPTCHA systems like reCAPTCHA (text-based) and Asirra (image-based). Nice job, Shardul & Yinan!
New release of BotHunter! Now support Linux/Mac/Windows XP! A live-CD distribution also available!

Research Interests

I'm interested in all aspects of network and system security. To solve practical security problems, I use networking and system techniques, as well as applied cryptography, machine learning, probability/statistics, information theory, etc. My current specific research interests include
- Internet malware/botnet detection, defense, and analysis
- Web and social networking security
- Cloud and software-defined networking security
- Intrusion detection, anomaly detections

Selected Recent Publications (a full list)

Scott Hand, Zhiqiang Lin, Guofei Gu, and Bhavani Thuraisingham. "Bin-Carver: Automatic Recovery of Binary Executable Files." To appear in Proceedings of the 12th Annual Digital Forensics Research Conference (DFRWS'12), Washington DC, August 2012. (Acceptance ratio 29.8%=14/47) [pdf] [bib]
Chao Yang, Robert Harkreader, Jialong Zhang, Suengwon Shin, and Guofei Gu. "Analyzing Spammers' Social Networks For Fun and Profit -- A Case Study of Cyber Criminal Ecosystem on Twitter." In Proceedings of the 21st International World Wide Web Conference (WWW'12), Lyon, France, April 2012. (Acceptance ratio 12%=108/885) [pdf] [bib]
Seungwon Shin, Zhaoyan Xu, Guofei Gu. "EFFORT: Efficient and Effective Bot Malware Detection." In Proceedings of the 31th Annual IEEE Conference on Computer Communications (INFOCOM'12) Mini-Conference, Orlando, Florida, March 2012. (Acceptance ratio 24.4%=378/1547) [pdf] [Tech Report (extended version)] [bib]
Weiqin Ma, Pu Duan, Sanmin Liu, Guofei Gu, Jyh-Charn Liu. "Shadow Attacks: Automatically Evading System-Call-Behavior based Malware Detection." To appear in Springer Journal in Computer Virology, 2012. [pdf] [bib]
Seungwon Shin, Guofei Gu, Narasimha Reddy, Christopher Lee. “A Large-Scale Empirical Study of Conficker.” In IEEE Transactions on Information Forensics and Security, 2012. [pdf] [bib]
Shardul Vikram, Yinan Fan, Guofei Gu. "SEMAGE: A New Image-based Two-Factor CAPTCHA." In Proceedings of 2011 Annual Computer Security Applications Conference (ACSAC'11), Orlando, Florida, December 2011. (Acceptance ratio 20%=39/195) [pdf] [bib] [slides]
Chao Yang, Robert Harkreader, Guofei Gu. "Die Free or Live Hard? Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers." In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011), Menlo Park, California, September 2011. (Acceptance ratio 23%=20/87) [pdf] [Tech Report (extended version)] [bib] [slides]
Seungwon Shin, Raymond Lin, Guofei Gu. "Cross-Analysis of Botnet Victims: New Insights and Implications." In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011), Menlo Park, California, September 2011. (Acceptance ratio 23%=20/87) [pdf] [bib] [slides]
Tielei Wang, Tao Wei, Guofei Gu, Wei Zou. "Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution." ACM Transactions on Information and System Security (TISSEC), vol. 14, no. 2, September 2011. [pdf] [bib]
Kevin Zhijie Chen, Guofei Gu, Jose Nazario, Xinhui Han and Jianwei Zhuge. "WebPatrol: Automated Collection and Replay of Web-based Malware Scenarios." In Proceedings of 2011 ACM Symposium on Information, Computer and Communications Security (ASIACCS'11), Hong Kong, March 2011. (Acceptance ratio 16%=35/217) [pdf] [bib] [slides]
Junjie Zhang, Xiapu Luo, Roberto Perdisci, Guofei Gu, Wenke Lee and Nick Feamster. "Boosting the Scalability of Botnet Detection Using Adaptive Traffic Sampling." In Proceedings of 2011 ACM Symposium on Information, Computer and Communications Security (ASIACCS'11), Hong Kong, March 2011. (Acceptance ratio 16%=35/217) [pdf] [bib] [slides]
Seungwon Shin and Guofei Gu. "Conficker and Beyond: A Large-Scale Empirical Study." In Proceedings of 2010 Annual Computer Security Applications Conference (ACSAC'10), Austin, Texasi, December 2010. (Acceptance ratio 17%=39/227) [pdf] [bib] [slides]
Yimin Song, Chao Yang, Guofei Gu. "Who Is Peeping at Your Passwords at Starbucks? -- To Catch an Evil Twin Access Point." In Proceedings of the 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'10), Chicago, IL, June 2010. (Acceptance ratio 23.2%=39/168) [pdf] [bib] [slides]
Tielei Wang, Tao Wei, Guofei Gu, Wei Zou. "TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection." In Proceedings of the 31st IEEE Symposium on Security & Privacy (Oakland'10), Oakland, CA, May 2010. (Acceptance ratio 11.6%=31/267) [pdf[ [bib] [slides] (Best Student Paper Award)
Guofei Gu, Vinod Yegneswaran, Phillip Porras, Jennifer Stoll, and Wenke Lee. "Active Botnet Probing to Identify Obscure Command and Control Channels." In Proceedings of 2009 Annual Computer Security Applications Conference (ACSAC'09), Honolulu, Hawaii, December 2009. (Acceptance ratio 19.6%=44/224) [pdf] [bib] [slides]
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. "BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection." In Proceedings of the 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008. (Acceptance ratio 15.9%=27/170) [pdf] [bib] [slides]
Guofei Gu, Junjie Zhang, and Wenke Lee. "BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic." In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008. (Acceptance ratio 17.8%=21/118) [pdf] [bib] [slides]
David Dagon, Guofei Gu, Chris Lee, and Wenke Lee. "A Taxonomy of Botnet Structures." In Proceedings of the 23 Annual Computer Security Applications Conference (ACSAC'07), Miami Beach, FL, December 2007. (Acceptance ratio 22%=42/191) [pdf] [bib]
Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee. "BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation." In Proceedings of the 16th USENIX Security Symposium (Security'07), Boston, MA, August 2007. (Acceptance ratio 12.3%=23/187) [pdf] [bib] [slides] [system]
BotHunter free Internet release now available!
Roberto Perdisci, Guofei Gu, and Wenke Lee. "Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems." In Proceedings of the IEEE International Conference on Data Mining (ICDM'06) (regular paper), Hong Kong, December 2006. (Acceptance ratio 9.4%=73(regular)/776) [pdf] [bib] [slides]
Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems." In Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS'06), Hamburg, Germany, September 2006. (Acceptance ratio 20%=32/160) [pdf] [bib] [slides]

Conferences in Focus

	Deadline	Notification
DIMVA'12	Feb. 24	Apr. 13	7/26-27, Crete, Greece
LEET'12	Feb. 23	Mar. 12	4/24, San Jose, CA
USENIX Security'11	Feb. 16	Apr. 24	8/8-12, Bellevue, WA
RAID'12	Apr. 6	June 2	9/12-14, Amsterdam, Netherlands
ESORICS'12	Mar. 31	June 10	9/10-12, Pisa, Italy
SecureComm'12	May 10	June 25	9/3-6, Padua, Italy
ACM CCS'12	May 4	June 11/July 9	10/16-18, Raleigh, NC
IMC'12	May	July	11/14-16, Boston
ACSAC 2012	June 1	Aug. 15	12/3-7, Orlando, FL
NDSS'12	Aug. 9/16	Oct. 23	2/5-8, San Diego, CA
ICDCS'12	Nov. 1, Nov. 8	Feb. 7	6/18-21, Macau, China
IEEE S&P 2012	Nov. 16	Feb. 1	5/20-23, SFO, CA
WWW'12	Nov. 1, Nov. 7	Jan. 30	4/16-20, Lyon, France
DSN'12	Nov. 30, Dec 7	Feb. 29	6/25-28, Boston, MA
More...

Other security conferences: ASIACCS , ACNS , CSF/CSFW, NSPW , WiSec , Crypto, Eurocrypt, Asiacrypt Conferences
Networking: ACM SIGCOMM , HotNets , IEEE INFOCOM , ICNP , SIGMETRICS , ICDCS , IMC, ACM MOBICOM , MOBIHOC , MOBISYS , SenSys
P2P: IPTPS , P2P
System: SOSP , OSDI , NSDI
I am maintaining a list of computer security conference ranking and statistic.

Success Lab Students

Seungwon Shin
Chao Yang
Zhaoyan Xu
Jialong Zhang

Vijayasenthil VC
Lingfeng Chen

Undergrad

Louis Lang

Alumni

Shardul Vikram (MS, first employment: Microsoft), 2011
Robert Harkreader (MS, first employment: Cisco), 2011
Yimin Song (MS, first employment: Juniper Networks), 2010

Teaching

Spring 2012: CSCE 313 Introduction to Computer Systems
Spring 2012: CSCE 465 Computer & Network Security
Fall 2011: CSCE 665 Advanced Networking and Security
Spring 2011: CSCE 465 Computer & Network Security
Fall 2010: CSCE 665 Advanced Networking and Security
Spring 2010: CSCE 313 Introduction to Computer Systems
Fall 2009: CSCE 665 Advanced Networking and Security
Spring 2009: CPSC 313 Introduction to Computer Systems
Fall 2008: CPSC 689 Special Topics in Computer and Network Security

Professional Services

Guest Editor, Computer Networks (Elsevier), special issue on "Botnet Activity: Analysis, Detection and Shutdown", 2011
Editorial Board, International Journal of Security and Networks (IJSN), 2011 -
Program committee member, 2012 Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'12)
Program committee member, 2012 International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS'12), Cloud Computing Track
Program committee member, 2012 Annual Computer Security Applications Conference (ACSAC'12)
Program committee member, 2012 ACM Conference on Computer and Communications Security (CCS'12)
Program committee member, 2012 Communication and Information System Security Symposium, IEEE GLOBECOM 2012
Program committee member, 2012 International Symposium on Recent Advances in Intrusion Detection (RAID'12)
Program committee member, 2012 International Conference on Applied Cryptography and Network Security (ACNS'12)
Program committee member, 2012 IEEE Symposium on Security and Privacy (Oakland'12)
Program committee member, 2011 Annual Computer Security Applications Conference (ACSAC'11)
Program committee member and Publicity Chair, 2011 International Symposium on Recent Advances in Intrusion Detection (RAID'11)
Program committee member, 2011 Information Security Conference (ISC'11)
Program committee member, 2011 USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET'11)
Program committee member and Publicity co-Chair, 2011 ACM Conference on Computer and Communications Security (CCS'11)
Program committee member, 2011 Communication and Information System Security Symposium, IEEE GLOBECOM 2011
Program committee member, 2011 IEEE Symposium on Security and Privacy (Oakland'11)
Program committee member, 2011 ACM Symposium on Information, Computer & Communication Security (ASIACCS'11)
Program committee member, 2010 International Symposium on Recent Advances in Intrusion Detection (RAID'10)
Program committee member, 2010 SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'10)
Program committee member, 2010 Communication and Information System Security Symposium, IEEE GLOBECOM 2010
Program committee member, 2010 International Conference on Distributed Computing Systems (ICDCS'10)
Program committee member, 2010 ACM Symposium on Information, Computer & Communication Security (ASIACCS'10)
Program committee member, 2009 European Symposium on Research in Computer Security (ESORICS'09)
Program committee member, 2009 International Conference on Security and Privacy in Communication Networks (SecureComm'09)
Program committee member, 2009 International Symposium on Recent Advances in Intrusion Detection (RAID'09)
Program committee member, 2009 IEEE Symposium on Security and Privacy (Oakland'09)
Program co-chair, The First IEEE International Workshop on Network Security and Privacy (NSP'08, in conjunction with IEEE IPCCC 2008)

Misc

Some useful links

visits since Feb 23, 2004. Last Modified Mar. 2012