Guofei Gu Assistant Professor Department of Computer Science & Engineering Texas A&M University Office: HRBB 502C Email: guofei [AT] cse.tamu.edu http://faculty.cse.tamu.edu/guofei

I am an assistant professor in the Department of Computer Science & Engineering at Texas A&M University. Before joining Texas A&M, I received my Ph.D. degree in Computer Science from the College of Computing, Georgia Tech, in 2008. I'm currently directing the SUCCESS (Secure Communication and Computer Systems) Lab at TAMU. What's Our BotProbe work will appear in ACSAC'09. See you in Hawaii! New release of BotHunter! Now support Linux/Mac/Windows XP! A live-CD distribution also available! I am looking for highly motivated students who are interested in doing research in network/system security. Please drop by my office or email me (with your CV) if you are interested in working with me.

Research Interests

• I'm interested in all aspects of network and system security. To solve practical security problems, I use networking and system techniques, as well as applied cryptography, machine learning, probability/statistics, information theory, etc. My current specific research interests include
  • Internet malware detection, defense, and analysis
  • Intrusion detection, anomaly detection
  • Network security
  • Web security

Selected Recent Publications (a full list)

•  Guofei Gu, Vinod Yegneswaran, Phillip Porras, Jennifer Stoll, and Wenke Lee. "Active Botnet Probing to Identify Obscure Command and Control Channels." To appear in Proceedings of 2009 Annual Computer Security Applications Conference (ACSAC'09), Honolulu, Hawaii, December 2009. [bib]
• Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. "BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection." In Proceedings of the 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008. (Acceptance ratio 15.9%=27/170) [pdf] [bib] [slides]
• Guofei Gu, Junjie Zhang, and Wenke Lee. "BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic." In Proceedings of the 15th  Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008. (Acceptance ratio 17.8%=21/118) [pdf] [bib] [slides]
• David Dagon, Guofei Gu, Chris Lee, and Wenke Lee. "A Taxonomy of Botnet Structures." In Proceedings of the 23 Annual Computer Security Applications Conference (ACSAC'07), Miami Beach, FL, December 2007. (Acceptance ratio 22%=42/191) [pdf] [bib]
• Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee. "BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation." In Proceedings of the 16th USENIX Security Symposium (Security'07), Boston, MA, August 2007. (Acceptance ratio 12.3%=23/187) [pdf] [bib] [slides] [system]
  BotHunter free Internet release now available!
• Roberto Perdisci, Guofei Gu, and Wenke Lee. "Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems." In Proceedings of the IEEE International Conference on Data Mining (ICDM'06) (regular paper), Hong Kong, December 2006. (Acceptance ratio 9.4%=73(regular)/776) [pdf] [bib] [slides]
• Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems." In Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS'06), Hamburg, Germany, September 2006. (Acceptance ratio 20%=32/160) [pdf] [bib] [slides]

Conferences in Focus

• 	Deadline	Notification
  IMC'09			11/4-6, Chicago, Illinois
  RAID'09	Apr. 12	June 8	9/23-25, Saint Malo, France
  ESORICS'09	Apr. 24	June 15	9/21-23, Saint Malo, France
  SecureComm'09	Apr. 7	Jun. 12	9/14-18, Athens, Greece
  ACM CCS'09	Apr. 20	July 12	11/9-13, Chicago, IL
  ACSAC 2009	June 1	Aug. 17	12/7-11, Honolulu, Hawaii
  Infocom'10	July 31	Nov. 21	3/15-19, San Diego, CA
  NDSS'10	Sep. 11/18	Nov. 13	2/28-3/3, San Diego, CA
  IEEE S&P 2010	Nov. 18	Feb. 1	5/16-19, Oakland, CA
  ICDCS'10	Nov. 25	Feb. 8	6/21-25, Genoa, Italy
  DSN'10	Dec. 8		6/28-7/1, Chicago, Illinois
  USENIX Security'10	Feb. 5	Apr. 12	8/11-13, Washington, DC
  LEET'10	Feb. 25	Mar. 24	4/27, San Jose, CA
  DIMVA 2010			7/8-9, Bonn, Germany
  More...

• Other security conferences: ASIACCS , ACNS , DIMVA , CSF/CSFW, NSPW ,  WiSec ,  Crypto, Eurocrypt, Asiacrypt Conferences
• Networking: ACM SIGCOMM , HotNets , IEEE INFOCOM ,  ICNP ,  SIGMETRICS , ICDCS , IMC, ACM MOBICOM ,  MOBIHOC  , MOBISYS , SenSys
• P2P: IPTPS , P2P
• System: SOSP , OSDI , NSDI
• I am maintaining a list of computer security conference ranking and statistic.

Teaching

• Fall 2009, CSCE 665 Advanced Networking and Security
• Spring 2009: CPSC 313 Introduction to Computer Systems
• Fall 2008: CPSC 689 Special Topics in Computer and Network Security

Professional Services

• Program committee member, 2010 SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'10)
• Program committee member, Communication and Information System Security Symposium, IEEE GLOBECOM 2010
• Program committee member, 2010 ACM Symposium on Information, Computer & Communication Security (ASIACCS'10)
• Program committee member, 2009 European Symposium on Research in Computer Security (ESORICS'09)
• Program committee member, 2009 International Conference on Security and Privacy in Communication Networks (SecureComm'09)
• Program committee member, 2009 International Symposium on Recent Advances in Intrusion Detection (RAID'09)
• Program committee member, 2009 IEEE Symposium on Security and Privacy (Oakland'09)
• Program co-chair, The First IEEE International Workshop on Network Security and Privacy (NSP'08, in conjunction with IEEE IPCCC 2008)

Misc

• Some useful links

visits since Feb 23, 2004. Last Modified Sep. 2009