Guofei Gu Assistant Professor Department of Computer Science Texas A&M University Office: HRBB 515A Email: guofei [AT] cs.tamu.edu http://faculty.cs.tamu.edu/guofei

I am an assistant professor in the Department of Computer Science at Texas A&M University. Before coming to Texas A&M, I received my Ph.D. degree in Computer Science from the College of Computing, Georgia Tech in 2008. What's New release of BotHunter! Now support Linux/Mac/Windows XP! A live-CD distribution also available! I am looking for highly motivated students who are interested in doing research in network/system security. Please drop by my office or email me (with your CV) if you are interested in working with me.

Research Interests

• I'm interested in all aspects of network and system security. To solve practical security problems, I use networking and system techniques, as well as applied cryptography, machine learning, probability and statistics, information theory, etc. My current specific research interests include
  • Internet malware detection, defense and analysis
  • Intrusion Detection System (IDS): model, design, evaluation and optimization

Selected Recent Publications (a full list)

•  Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. "BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection." In Proceedings of the 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008. (Acceptance ratio 15.9%=27/170) [pdf] [bib] [slides]
• Guofei Gu, Junjie Zhang, and Wenke Lee. "BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic." In Proceedings of the 15th  Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008. (Acceptance ratio 17.8%=21/118) [pdf] [bib] [slides]
• David Dagon, Guofei Gu, Chris Lee, and Wenke Lee. "A Taxonomy of Botnet Structures." In Proceedings of the 23 Annual Computer Security Applications Conference (ACSAC'07), Miami Beach, FL, December 2007. (Acceptance ratio 22%=42/191) [pdf] [bib]
• Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee. "BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation." In Proceedings of the 16th USENIX Security Symposium (Security'07), Boston, MA, August 2007. (Acceptance ratio 12.3%=23/187) [pdf] [bib] [slides] [system]
  BotHunter free Internet release now available!
• Roberto Perdisci, Guofei Gu, and Wenke Lee. "Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems." In Proceedings of the IEEE International Conference on Data Mining (ICDM'06) (regular paper), Hong Kong, December 2006. (Acceptance ratio 9.4%=73(regular)/776) [pdf] [bib] [slides]
• Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems." In Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS'06), Hamburg, Germany, September 2006. (Acceptance ratio 20%=32/160) [pdf] [bib] [slides]

Conferences in Focus

• 	Deadline	Notification
  SecureComm'08	Mar. 24	June 6	9/22-25, İstanbul, Turkey
  ACSAC 2008	June 8	Aug. 18	12/8-12, Anaheim, California
  NDSS'09	Sep. 12	Nov. 3	2/8-11, San Diego, CA
  IEEE S&P 2009	Nov. 10	Jan. 30	5/17-20, Oakland, CA
  NSP'08	Oct. 15	Nov. 8	12/7, Austin, TX
  DSN'09	Dec. 8/Dec. 15		6/29-7/2, Estoril, Lisbon, Portugal
  USENIX Security'09	Feb. 4	Apr. 13	8/10-14, Montreal, Canada
  LEET'09	Jan. 16	Mar. 2	4/21, Boston, MA
  RAID'09			9/23-25, France
  ESORICS'09			France
  ACM CCS'09	Apr. 20	July 12	11/9-13, Chicago, IL
  More...

• Other security conferences: ASIACCS , ACNS , DIMVA , CSF/CSFW, NSPW ,  WiSec ,  Crypto, Eurocrypt, Asiacrypt Conferences
• Networking: ACM SIGCOMM , HotNets , IEEE INFOCOM ,  ICNP ,  SIGMETRICS , ICDCS , ACM MOBICOM ,  MOBIHOC  , MOBISYS , SenSys
• P2P: IPTPS , P2P
• System: SOSP , OSDI , NSDI
• I am maintaining a list of computer security conference ranking and statistic.

Teaching

• Fall 2008: Special Topics in Computer and Network Security (CPSC 689).

Professional Services

• Program committee member, 2009 International Symposium on Recent Advances in Intrusion Detection (RAID'09)
• Program committee member, 2009 IEEE Symposium on Security and Privacy (Oakland'09)
• Program co-chair, The First IEEE International Workshop on Network Security and Privacy (NSP'08, In Conjunction with the IEEE IPCCC 2008)

Misc

• Some useful links

visits since Feb 23, 2004. Last Modified Aug. 2008