Guofei Gu Assistant Professor Department of Computer Science & Engineering Texas A&M University Office: HRBB 502C Email: guofei [AT] cse.tamu.edu http://faculty.cse.tamu.edu/guofei

I am an assistant professor in the Department of Computer Science & Engineering at Texas A&M University. Before joining Texas A&M, I received my Ph.D. degree in Computer Science from the College of Computing, Georgia Tech, in 2008. I'm currently directing the SUCCESS (Secure Communication and Computer Systems) Lab at TAMU. What's Our TaintScope paper is accepted to Oakland'10. In this work we present a tool that has found many zero-day vulnerabilities in several widely used applications. Kudos to Tielei! Our BotProbe work will appear in ACSAC'09. See you in Hawaii! New release of BotHunter! Now support Linux/Mac/Windows XP! A live-CD distribution also available!

Research Interests

• I'm interested in all aspects of network and system security. To solve practical security problems, I use networking and system techniques, as well as applied cryptography, machine learning, probability/statistics, information theory, etc. My current specific research interests include
  • Internet malware detection, defense, and analysis
  • Intrusion detection, anomaly detections
  • Network security
  • Web security

Selected Recent Publications (a full list)

•  Tielei Wang, Tao Wei, Guofei Gu, Wei Zou. "TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection." To appear in Proceedings of the 31st IEEE Symposium on Security & Privacy (Oakland'10), Oakland, CA, May 2010. (Acceptance ratio 10.9%=26/237) [pdf[ [bib] [slides]
• Guofei Gu, Vinod Yegneswaran, Phillip Porras, Jennifer Stoll, and Wenke Lee. "Active Botnet Probing to Identify Obscure Command and Control Channels." In Proceedings of 2009 Annual Computer Security Applications Conference (ACSAC'09), Honolulu, Hawaii, December 2009. (Acceptance ratio 19.6%=44/224)  [pdf] [bib] [slides]
• Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. "BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection." In Proceedings of the 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008. (Acceptance ratio 15.9%=27/170) [pdf] [bib] [slides]
• Guofei Gu, Junjie Zhang, and Wenke Lee. "BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic." In Proceedings of the 15th  Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008. (Acceptance ratio 17.8%=21/118) [pdf] [bib] [slides]
• David Dagon, Guofei Gu, Chris Lee, and Wenke Lee. "A Taxonomy of Botnet Structures." In Proceedings of the 23 Annual Computer Security Applications Conference (ACSAC'07), Miami Beach, FL, December 2007. (Acceptance ratio 22%=42/191) [pdf] [bib]
• Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee. "BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation." In Proceedings of the 16th USENIX Security Symposium (Security'07), Boston, MA, August 2007. (Acceptance ratio 12.3%=23/187) [pdf] [bib] [slides] [system]
  BotHunter free Internet release now available!
• Roberto Perdisci, Guofei Gu, and Wenke Lee. "Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems." In Proceedings of the IEEE International Conference on Data Mining (ICDM'06) (regular paper), Hong Kong, December 2006. (Acceptance ratio 9.4%=73(regular)/776) [pdf] [bib] [slides]
• Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems." In Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS'06), Hamburg, Germany, September 2006. (Acceptance ratio 20%=32/160) [pdf] [bib] [slides]

Conferences in Focus

• 	Deadline	Notification
  IMC'09			11/4-6, Chicago, Illinois
  ACSAC 2009	June 1	Aug. 17	12/7-11, Honolulu, Hawaii
  Infocom'10	July 31	Nov. 21	3/15-19, San Diego, CA
  NDSS'10	Sep. 11/18	Nov. 13	2/28-3/3, San Diego, CA
  IEEE S&P 2010	Nov. 18	Feb. 1	5/16-19, Oakland, CA
  ICDCS'10	Nov. 25	Feb. 8	6/21-25, Genoa, Italy
  DSN'10	Dec. 8		6/28-7/1, Chicago, Illinois
  USENIX Security'10	Feb. 5	Apr. 12	8/11-13, Washington, DC
  DIMVA 2010	Feb. 5	Apr. 5	7/8-9, Bonn, Germany
  LEET'10	Feb. 25	Mar. 24	4/27, San Jose, CA
  RAID'10	Apr. 4	June 7	Ottawa, Canada
  ESORICS'10	Apr. 1	June 10	9/20-22, Athens, Greece
  SecureComm'10	Apr. 5	May 31	9/7-10, Singapore
  ACM CCS'10	Apr. 17	June 21	10/4-8, Chicago, IL
  More...

• Other security conferences: ASIACCS , ACNS , DIMVA , CSF/CSFW, NSPW ,  WiSec ,  Crypto, Eurocrypt, Asiacrypt Conferences
• Networking: ACM SIGCOMM , HotNets , IEEE INFOCOM ,  ICNP ,  SIGMETRICS , ICDCS , IMC, ACM MOBICOM ,  MOBIHOC  , MOBISYS , SenSys
• P2P: IPTPS , P2P
• System: SOSP , OSDI , NSDI
• I am maintaining a list of computer security conference ranking and statistic.

Teaching

• Spring 2010: CSCE 313 Introduction to Computer Systems 
• Fall 2009: CSCE 665 Advanced Networking and Security 
• Spring 2009: CPSC 313 Introduction to Computer Systems
• Fall 2008: CPSC 689 Special Topics in Computer and Network Security

Professional Services

• Program committee member, 2010 International Symposium on Recent Advances in Intrusion Detection (RAID'10)
• Program committee member, 2010 SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'10)
• Program committee member, 2010 Communication and Information System Security Symposium, IEEE GLOBECOM 2010
• Program committee member, 2010 ACM Symposium on Information, Computer & Communication Security (ASIACCS'10)
• Program committee member, 2009 European Symposium on Research in Computer Security (ESORICS'09)
• Program committee member, 2009 International Conference on Security and Privacy in Communication Networks (SecureComm'09)
• Program committee member, 2009 International Symposium on Recent Advances in Intrusion Detection (RAID'09)
• Program committee member, 2009 IEEE Symposium on Security and Privacy (Oakland'09)
• Program co-chair, The First IEEE International Workshop on Network Security and Privacy (NSP'08, in conjunction with IEEE IPCCC 2008)

Misc

• Some useful links

visits since Feb 23, 2004. Last Modified Jan. 2010