Guofei Gu Assistant Professor Department of Computer Science & Engineering Texas A&M University Office: HRBB 502C Phone: (979) 845-2475 Email: guofei [AT] cse.tamu.edu
I am an assistant professor in the Department of Computer Science & Engineering at Texas A&M University. Before joining Texas A&M, I received my Ph.D. degree in Computer Science from the College of Computing, Georgia Tech, in 2008. I am a recipient of 2010 NSF CAREER Award, 2013 AFOSR Young Investigator Award, and 2010 IEEE Symposium on Security & Privacy (Oakland'10) best student paper award. I'm currently directing the SUCCESS (Secure Communication and Computer Systems) Lab at TAMU. What's [Apr. 2013] We have a short paper ("Attacking Software-Defined Networks: A First Feasibility Study") accepted to HotSDN'13. [Apr. 2013] Seungwon attended Open Networking Summit (ONS'13) and presented our accepted poster paper "A Framework For Security Service Integration to Software-Defined Networks" (collaborated with SRI)! [Mar. 2013] Congratulations to Zhaoyan for his winning of the 2nd place in the CSE Department's Industrial Affiliates Poster Competition! [Feb. 2013] Our paper "AUTOVAC: Automatically Extracting System Resource Constraints and Generating Vaccines for Malware Immunization" is accepted to ICDCS'13. Congratulations, Zhaoyan! [Jan. 2013] Another paper from our SDN/OpenFlow security research is accepted to ICC'13. In this paper, we present a new model checking system, FLOVER, which can formally verify whether the aggregate of flow policies instantiated within an OpenFlow network will violate the network’s security policy or not.  [Jan. 2013] I received AFOSR Young Investigator Award for my research on proactive cyber defense. [Jan. 2013]  We are releasing some of our research data and programs here. For example, now you can obtain some datasets from our Twitter spammers and malicious social network research. And our FRESCO/FortNOX release is forthcoming! [Dec. 2012] I was invited to give a talk "Security as an App and Security as a Service: New Killer Apps for Software Defined Networking?" at the DIMACS Workshop on Software Defined Networking. [Oct. 2012] Interested in SDN/OpenFlow security? Please check out our dedicated website on this topic (collaborated with SRI International): http://www.OpenFlowSec.org   [Oct. 2012] We have two papers accepted to NDSS'13, one on SDN/OpenFlow security and one on web security. Congratulations, Seungwon and Jialong! [Oct. 2012] I gave a keynote speech ("Machine Learning Meets Social Networking Security: Detecting and Analyzing Malicious Social Networks for Fun and Profit") at AISec'12. [Sep. 2012] Our position paper on Security Monitoring as a Service for Clouds is invited to present in NPSec'12, a workshop co-located with ICNP'12 at Austin. [Aug. 2012] Our paper on Android security is accepted to CCS workshop SPSM'12. Also, we have two posters accepted in CCS'12. See you in Raleigh! [July 2012] Our paper on a novel technique for proactive malware detection is accepted to CCS'12. Congratulations, Zhaoyan! more...

Research Interests

• I'm interested in all aspects of network and system security. To solve practical security problems, I use networking and system techniques, as well as applied cryptography, machine learning, probability/statistics, information theory, etc. My current specific research interests include
  • Internet malware/botnet detection, defense, and analysis
  • Web and social networking security
  • Cloud and software-defined networking (SDN/OpenFlow) security
  • Intrusion detection, anomaly detection

Selected Recent Publications (full list here, or see my google scholar page. Research data/program release)

• Seungwon Shin and Guofei Gu. "Attacking Software-Defined Networks: A First Feasibility Study" (short paper). In Proc. of ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN'13), Hong Kong, August 2013. [pdf] [bib]
• Seungwon Shin, Phillip Porras, Vinod Yegneswaran, Guofei Gu. "A Framework For Integrating Security Services into Software-Defined Networks." In 2013 Open Networking Summit (ONS’13, Research Track poster paper), Santa Clara, CA, April 2013. [pdf] [bib]
  
• Zhaoyan Xu, Jialong Zhang, Guofei Gu, Zhiqiang Lin. "AUTOVAC: Towards Automatically Extracting System Resource Constraints and Generating Vaccines for Malware Immunization." In Proc. of the 33rd International Conference on Distributed Computing Systems (ICDCS'13), Philadelphia, July 2013. (Acceptance ratio: 13%=61/464) [pdf] [bib]
  
• Sooel Son, Seungwon Shin, Vinod Yegneswaran, Phillip Porras, Guofei Gu. "Model Checking Invariant Security Properties in OpenFlow." In Proc. of 2013 IEEE International Conference on Communications (ICC'13), Budapest, Hungary, June 2013. [pdf] [bib]
•  Seungwon Shin, Phillip Porras, Vinod Yegneswaran, Martin Fong, Guofei Gu, and Mabry Tyson. "FRESCO: Modular Composable Security Services for Software-Defined Networks." In Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS'13), San Diego, CA, USA, February 2013. (Acceptance ratio 18.8%=47/250) [pdf] [bib]
• Jialong Zhang and Guofei Gu. "NeighborWatcher: A Content-Agnostic Comment Spam Inference System." In Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS'13), San Diego, CA, USA. February 2013.  (Acceptance ratio 18.8%=47/250) [pdf] [bib]
• Seungwon Shin, Guofei Gu. “CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to Provide Security Monitoring as a Service in Clouds?)” In Proceedings of the 7th Workshop on Secure Network Protocols (NPSec’12), co-located with IEEE ICNP’12, Austin, TX, USA, October 2012 (invited paper) [pdf] [bib]
  
• Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong and Wei Zou. "SmartDroid: An Automatic System for Revealing UI-based Trigger Conditions in Android Applications." In Proceedings of the 2nd ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM’12), Raleigh, NC, USA, October 2012. (Acceptance ratio 36.7%=11/30) [pdf] [bib]
• Zhaoyan Xu, Lingfeng Chen, Guofei Gu and Christopher Kruegel. "PeerPress: Utilizing Enemies' P2P Strength against Them." In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS'12), Raleigh, NC, USA, October 2012. (Acceptance ratio 18.9%=80/423) [pdf] [bib] [slides]
• Chao Yang, Yimin Song, Guofei Gu. "Active User-side Evil Twin Access Point Detection Using Statistical Techniques." In IEEE Transactions on Information Forensics and Security, 2012. [pdf] [bib]
  
• Jialong Zhang, Chao Yang, Zhaoyan Xu, Guofei Gu. "PoisonAmplifier: A Guided Approach of Discovering Compromised Websites through Reversing Search Poisoning Attacks." In Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'12), Amsterdam, The Netherlands. September 2012. (Acceptance ratio 21%=18/84) [pdf] [bib]
• Phillip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, and Guofei Gu. "A Security Enforcement Kernel for OpenFlow Networks." In Proc. of ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN'12), Helsinki, Finland. August 2012. (Acceptance ratio 30%=22/71) [pdf] [bib]
• Scott Hand, Zhiqiang Lin, Guofei Gu, and Bhavani Thuraisingham. "Bin-Carver: Automatic Recovery of Binary Executable Files." In Proceedings of the 12th Annual Digital Forensics Research Conference (DFRWS'12), Washington DC, August 2012. (Acceptance ratio 29.8%=14/47) [pdf] [bib]
• Chao Yang, Robert Harkreader, Jialong Zhang, Suengwon Shin, and Guofei Gu. "Analyzing Spammers' Social Networks For Fun and Profit -- A Case Study of Cyber Criminal Ecosystem on Twitter." In Proceedings of the 21st International World Wide Web Conference (WWW'12), Lyon, France, April 2012. (Acceptance ratio 12%=108/885) [pdf] [bib]  (Dataset release)
• Seungwon Shin, Zhaoyan Xu, Guofei Gu. "EFFORT: Efficient and Effective Bot Malware Detection." In Proceedings of the 31th Annual IEEE Conference on Computer Communications (INFOCOM'12) Mini-Conference, Orlando, Florida, March 2012. (Acceptance ratio 24.4%=378/1547)  [pdf] [Tech Report (extended version)] [bib] 
• Weiqin Ma, Pu Duan, Sanmin Liu, Guofei Gu, Jyh-Charn Liu. "Shadow Attacks: Automatically Evading System-Call-Behavior based Malware Detection." To appear in Springer Journal in Computer Virology, 2012. [pdf] [bib]
• Seungwon Shin, Guofei Gu, Narasimha Reddy, Christopher Lee. “A Large-Scale Empirical Study of Conficker.” In IEEE Transactions on Information Forensics and Security, 2012. [pdf] [bib] 
• Shardul Vikram, Yinan Fan, Guofei Gu. "SEMAGE: A New Image-based Two-Factor CAPTCHA." In Proceedings of 2011 Annual Computer Security Applications Conference (ACSAC'11), Orlando, Florida, December 2011. (Acceptance ratio 20%=39/195) [pdf] [bib] [slides]
• Chao Yang, Robert Harkreader, Guofei Gu. "Die Free or Live Hard? Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers." In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011), Menlo Park, California, September 2011. (Acceptance ratio 23%=20/87) [pdf] [Tech Report (extended version)] [bib] [slides] (Dataset release)
• Seungwon Shin, Raymond Lin, Guofei Gu. "Cross-Analysis of Botnet Victims: New Insights and Implications." In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011), Menlo Park, California, September 2011. (Acceptance ratio 23%=20/87) [pdf] [bib] [slides]
• Tielei Wang, Tao Wei, Guofei Gu, Wei Zou. "Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution." ACM Transactions on Information and System Security (TISSEC), vol. 14, no. 2, September 2011. [pdf] [bib]
• Kevin Zhijie Chen, Guofei Gu, Jose Nazario, Xinhui Han and Jianwei Zhuge. "WebPatrol: Automated Collection and Replay of Web-based Malware Scenarios." In Proceedings of 2011 ACM Symposium on Information, Computer and Communications Security (ASIACCS'11), Hong Kong, March 2011. (Acceptance ratio 16%=35/217) [pdf] [bib] [slides]
• Junjie Zhang, Xiapu Luo, Roberto Perdisci, Guofei Gu, Wenke Lee and Nick Feamster. "Boosting the Scalability of Botnet Detection Using Adaptive Traffic Sampling." In Proceedings of 2011 ACM Symposium on Information, Computer and Communications Security (ASIACCS'11), Hong Kong, March 2011. (Acceptance ratio 16%=35/217) [pdf] [bib] [slides]
• Seungwon Shin and Guofei Gu. "Conficker and Beyond: A Large-Scale Empirical Study." In Proceedings of 2010 Annual Computer Security Applications Conference (ACSAC'10), Austin, Texasi, December 2010. (Acceptance ratio 17%=39/227) [pdf] [bib] [slides]
• Yimin Song, Chao Yang, Guofei Gu. "Who Is Peeping at Your Passwords at Starbucks? -- To Catch an Evil Twin Access Point." In Proceedings of the 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'10), Chicago, IL, June 2010. (Acceptance ratio 23.2%=39/168) [pdf] [bib] [slides]
• Tielei Wang, Tao Wei, Guofei Gu, Wei Zou. "TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection." In Proceedings of the 31st IEEE Symposium on Security & Privacy (Oakland'10), Oakland, CA, May 2010. (Acceptance ratio 11.6%=31/267) [pdf[ [bib] [slides] (Best Student Paper Award)
• Guofei Gu, Vinod Yegneswaran, Phillip Porras, Jennifer Stoll, and Wenke Lee. "Active Botnet Probing to Identify Obscure Command and Control Channels." In Proceedings of 2009 Annual Computer Security Applications Conference (ACSAC'09), Honolulu, Hawaii, December 2009. (Acceptance ratio 19.6%=44/224)  [pdf] [bib] [slides]
• Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. "BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection." In Proceedings of the 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008. (Acceptance ratio 15.9%=27/170) [pdf] [bib] [slides]
• Guofei Gu, Junjie Zhang, and Wenke Lee. "BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic." In Proceedings of the 15th  Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008. (Acceptance ratio 17.8%=21/118) [pdf] [bib] [slides]
• David Dagon, Guofei Gu, Chris Lee, and Wenke Lee. "A Taxonomy of Botnet Structures." In Proceedings of the 23 Annual Computer Security Applications Conference (ACSAC'07), Miami Beach, FL, December 2007. (Acceptance ratio 22%=42/191) [pdf] [bib]
• Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee. "BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation." In Proceedings of the 16th USENIX Security Symposium (Security'07), Boston, MA, August 2007. (Acceptance ratio 12.3%=23/187) [pdf] [bib] [slides] [system]
  BotHunter free Internet release now available!
• Roberto Perdisci, Guofei Gu, and Wenke Lee. "Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems." In Proceedings of the IEEE International Conference on Data Mining (ICDM'06) (regular paper), Hong Kong, December 2006. (Acceptance ratio 9.4%=73(regular)/776) [pdf] [bib] [slides]
• Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems." In Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS'06), Hamburg, Germany, September 2006. (Acceptance ratio 20%=32/160) [pdf] [bib] [slides]

Conferences in Focus

• 	Deadline	Notification
  DIMVA'13	Feb. 10	Mar. 27	718-19, Berlin, Germany
  USENIX Security'13	Feb. 21	Apr. 30	8/14-16, Washington, D.C.
  LEET'13			8/14-16, Washington, D.C.
  RAID'13	Apr. 8	May 24	10/23-25, St. Lucia (Eastern Caribbean Sea!)
  ESORICS'13	Apr. 10	June 10	9/10-12, Egham, U.K.
  SecureComm'13	May 10	June 30	9/25-27, Sydney, Australia
  ACM CCS'13	May 8	June 24/July 19	11/4-8, Berlin, Germany
  IMC'13	May  1/8	July 15	10/23-25, Barcelona, Spain
  ACSAC 2013	June 1	Aug. 15	12/9-13, New Orleans
  NDSS'13	Aug. 1/6	Oct. 22	2/24-27, San Diego, CA
  NSDI'13	Sep. 12/19	Dec. 10	4/3-5, Lombard, IL
  ICDCS'13	Nov. 12	Feb. 25	7/8-11, Philadelphia
  IEEE S&P 2013	Nov. 14	Jan. 28	5/19-22, SFO, CA
  WWW'13	Nov. 19/26	Feb. 8	5/13-17, Rio de Janeiro, Brazil
  DSN'13	Nov. 28, Dec 5	Feb. 25	6/24-27, Budapest, Hungary
  More...

• Other security conferences: ASIACCS , ACNS , CSF/CSFW, NSPW ,  WiSec ,  Crypto, Eurocrypt, Asiacrypt Conferences
• Networking: ACM SIGCOMM, CoNEXT,  HotNets , IEEE INFOCOM ,  ICNP ,  SIGMETRICS , ICDCS , IMC, ACM MOBICOM ,  MOBIHOC  , MOBISYS , SenSys
• System: SOSP , OSDI , ATC,  NSDI
• I am maintaining a list of computer security conference ranking and statistic.

 Success Lab Students

• PhD 
• Seungwon Shin
• Chao Yang
• Zhaoyan Xu
• Jialong Zhang
• Haopei Wang
• MS
• Lingfeng Chen
• Rajarshi Bhattacharyya
• Undergrad
• Jayant Notani
• Alumni
• Vijayasenthil VC (MS, first employment: Amazon), 2012
• Louis Lang (BS, first employment: NSA), 2011
• Shardul Vikram (MS, first employment: Microsoft), 2011
• Robert Harkreader (MS, first employment: Cisco), 2011
• Yimin Song (MS, first employment: Juniper Networks), 2010

Teaching

• CSCE 313 Introduction to Computer Systems: Spring 2009, Spring 2010, Spring 2012, Fall 2012 
• CSCE 465 Computer & Network Security: Spring 2011, Spring 2012, Spring 2013
• CSCE 665 Advanced Networking and Security: Fall 2009, Fall 2010, Fall 2011, Fall 2013
  
• CPSC 689 Special Topics in Computer and Network Security: Fall 2008

Professional Services

• Editorial Service
  
• Guest Editor, Computer Networks (Elsevier), special issue on "Botnet Activity: Analysis, Detection and Shutdown", 2012
• Editorial Board, International Journal of Security and Networks (IJSN), 2011 -
• Conference/Workshop Organization
• Publicity co-chair, ACM Conference on Computer and Communications Security (CCS’11)
• Publicity chair, International Symposium on Recent Advances in Intrusion Detection (RAID'11)
  
• Program co-chair, The First IEEE International Workshop on Network Security and Privacy (NSP'08, in conjunction with IEEE IPCCC 2008)
• Program committee member
• IEEE Symposium on Security and Privacy (Oakland), 2009, 2011, 2012, 2013
• ACM Conference on Computer and Communications Security (CCS), 2011, 2012
  
• International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2009, 2010, 2011, 2012, 2013
• Annual Computer Security Applications Conference (ACSAC), 2011, 2012, 2013
  
• European Symposium on Research in Computer Security (ESORICS), 2009
• International Conference on Distributed Computing Systems (ICDCS), 2010, 2014
  
• Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2010, 2012, 2013
  
• International Conference on Applied Cryptography and Network Security (ACNS), 2012, 2013
  
• Information Security Conference (ISC), 2011
  
• ACM Symposium on Information, Computer & Communication Security (ASIACCS), 2010, 2011
  
• International Conference on Security and Privacy in Communication Networks (SecureComm), 2009, 2013
  
• International Symposium on Stabilization, Safety, and Security of Distributed Systems  (SSS), Cloud Computing Track, 2012
• IEEE GLOBECOM, Communication and Information System Security Symposium, 2010, 2011, 2012, 2013
• IEEE ICC, Communication and Information Systems Security Symposium, 2013
  
• ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2012
  
• ACM Workshop on Artificial Intelligence and Security (AISec), 2011, 2012
• USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET), 2011

Misc

• Some useful links

visits since Feb 23, 2004. Last Modified Apr. 2013