Guofei Gu

Guofei's Publications

Journal

Chao Yang, Robert Harkreader, Guofei Gu. "Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers. " To appear in IEEE Transactions on Information Forensics and Security, 2013.
Chao Yang, Yimin Song, Guofei Gu. "Active User-side Evil Twin Access Point Detection Using Statistical Techniques." In IEEE Transactions on Information Forensics and Security, vol. 7, no. 5, pp. 1638-1651, 2012. [pdf] [bib]
Scott Hand, Zhiqiang Lin, Guofei Gu, Bhavani Thuraisingham. "Bin-Carver: Automatic recovery of binary executable files." In Elsevier Digital Investigation, vol. 9, Supplement (Special issue for DFRWS’12), August 2012, pp. S108-S117
Weiqin Ma, Pu Duan, Sanmin Liu, Guofei Gu, Jyh-Charn Liu. "Shadow Attacks: Automatically Evading System-Call-Behavior based Malware Detection." In Springer Journal in Computer Virology, vol. 8, no.1-2, pp. 1-13, 2012. [pdf] [bib]
Seungwon Shin, Guofei Gu, Narasimha Reddy, Christopher Lee. “A Large-Scale Empirical Study of Conficker.” To appear in IEEE Transactions on Information Forensics and Security, vol. 7, no. 2, pp. 676-690, April 2012. [pdf] [bib]
Tielei Wang, Tao Wei, Guofei Gu, Wei Zou. "Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution." ACM Transactions on Information and System Security (TISSEC), vol. 14, no. 2, pp. 15:1-15:28, September 2011. [pdf] [bib]

Book Chapter

Chao Yang, Guofei Gu. “Security in Wireless Local Area Networks,” to appear in L. Chen & J. Ji (Eds), Wireless Network Security: Theories and Applications, Springer, 2013
Guofei Gu. "Botnet Detection In Enterprise Networks, " to appear in Henk C.A. van Tilborg & Sushil Jajodia (Eds.), Encyclopedia of Cryptography and Security (2nd Edition), Springer, 2011.
David Dagon, Guofei Gu, and Chris Lee. "A Taxonomy of Botnet Structures." Invited book chapter for "Botnet Detection: Countering the Largest Security Threat," Springer-Verlag, 2007. (This is from our ACSAC'07 conference version)

Conference Publication

Zhaoyan Xu, Jialong Zhang, Guofei Gu, Zhiqiang Lin. "AUTOVAC: Towards Automatically Extracting System Resource Constraints and Generating Vaccines for Malware Immunization." In Proc. of the 33rd International Conference on Distributed Computing Systems (ICDCS'13), Philadelphia, July 2013. (Acceptance ratio: 13%=61/464) [pdf] [bib]
Sooel Son, Seungwon Shin, Vinod Yegneswaran, Phillip Porras, Guofei Gu. "Model Checking Invariant Security Properties in OpenFlow." In Proc. of 2013 IEEE International Conference on Communications (ICC'13), Budapest, Hungary, June 2013. [pdf] [bib]
Seungwon Shin, Phil Porras, Vinod Yegneswaran, Martin Fong, Guofei Gu, and Mabry Tyson. "FRESCO: Modular Composable Security Services for Software-Defined Networks." To appear in Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS'13), San Diego, CA, USA. February 2013. (Acceptance ratio 18.8%=47/250) [pdf] [bib]
Jialong Zhang and Guofei Gu. "NeighborWatcher: A Content-Agnostic Comment Spam Inference System." To appear in Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS'13), San Diego, CA, USA. February 2013. (Acceptance ratio 18.8%=47/250) [pdf] [bib]
Amit Amaleswarm, A. L. Narasimha Reddy, Sandep Yadav, Guofei Gu and Chao Yang. "CATS: Characterizing Automation of Twitter Spammers. " In Proc. of the 5th International Conference on COMmunication Systems and NETworkS (COMSNETS’13), Bangalore, India, Jan. 2013. (Acceptance ratio 26.4%=38/144)[ pdf] [bib]
Seungwon Shin, Guofei Gu. “CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to Provide Security Monitoring as a Service in Clouds?)” To appear in Proceedings of the 7th Workshop on Secure Network Protocols (NPSec’12), co-located with IEEE ICNP’12, Austin, TX, USA, October 2012 (invited paper) [pdf] [bib]
Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong and Wei Zou. "SmartDroid: An Automatic System for Revealing UI-based Trigger Conditions in Android Applications." To appear in Proceedings of the 2nd ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM’12), Raleigh, NC, USA, October 2012. (Acceptance ratio 36.7%=11/30) [pdf] [bib]
Zhaoyan Xu, Lingfeng Chen, Guofei Gu and Christopher Kruegel. "PeerPress: Utilizing Enemies' P2P Strength against Them." To appear in Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS'12), Raleigh, NC, USA, October 2012. (Acceptance ratio 18.9%=80/423) [pdf] [bib]
Jialong Zhang, Chao Yang, Zhaoyan Xu, Guofei Gu. "PoisonAmplifier: A Guided Approach of Discovering Compromised Websites through Reversing Search Poisoning Attacks." To appear in Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'12), Amsterdam, The Netherlands. September 2012. (Acceptance ratio 21%=18/84) [pdf] [bib]
Phillip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, and Guofei Gu. "A Security Enforcement Kernel for OpenFlow Networks." To appear in Proc. of ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN'12), Helsinki, Finland. August 2012. (Acceptance ratio 30%=22/71) [pdf] [bib]
Scott Hand, Zhiqiang Lin, Guofei Gu, and Bhavani Thuraisingham. "Bin-Carver: Automatic Recovery of Binary Executable Files." To appear in Proceedings of the 12th Annual Digital Forensics Research Conference (DFRWS'12), Washington DC, August 2012. (Acceptance ratio 29.8%=14/47) [pdf] [bib]
Chao Yang, Robert Harkreader, Jialong Zhang, Suengwon Shin, and Guofei Gu. "Analyzing Spammers' Social Networks For Fun and Profit -- A Case Study of Cyber Criminal Ecosystem on Twitter." To appear in Proceedings of the 21st International World Wide Web Conference (WWW'12), Lyon, France, April 2012.
Seungwon Shin, Zhaoyan Xu, Guofei Gu. "EFFORT: Efficient and Effective Bot Malware Detection." To appear in Proceedings of the 31th Annual IEEE Conference on Computer Communications (INFOCOM'12) Mini-Conference, Orlando, Florida, March 2012. [pdf] [bib]
Shardul Vikram, Yinan Fan, Guofei Gu. "SEMAGE: A New Image-based Two-Factor CAPTCHA." To appear in Proceedings of 2011 Annual Computer Security Applications Conference (ACSAC'11), Orlando, Florida, December 2011. (Acceptance ratio 20%=39/195) [pdf] [bib]
Chao Yang, Robert Harkreader, Guofei Gu. "Die Free or Live Hard? Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers." To appear in Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011), Menlo Park, California, September 2011. (Acceptance ratio 23%=20/87) [pdf] [Tech Report (extended version)] [bib]
Seungwon Shin, Raymond Lin, Guofei Gu. "Cross-Analysis of Botnet Victims: New Insights and Implications." To appear in Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011), Menlo Park, California, September 2011. (Acceptance ratio 23%=20/87) [pdf] [bib]
Kevin Zhijie Chen, Guofei Gu, Jose Nazario, Xinhui Han and Jianwei Zhuge. "WebPatrol: Automated Collection and Replay of Web-based Malware Scenarios." To appear in Proceedings of 2011 ACM Symposium on Information, Computer and Communications Security (ASIACCS'11), Hong Kong, March 2011. (Acceptance ratio 16%=35/217) [pdf] [bib] [slides]
Junjie Zhang, Xiapu Luo, Roberto Perdisci, Guofei Gu, Wenke Lee and Nick Feamster. "Boosting the Scalability of Botnet Detection Using Adaptive Traffic Sampling." To appear in Proceedings of 2011 ACM Symposium on Information, Computer and Communications Security (ASIACCS'11), Hong Kong, March 2011. (Acceptance ratio 16%=35/217) [pdf] [bib] [slides]
Seungwon Shin and Guofei Gu. "Conficker and Beyond: A Large-Scale Empirical Study." To appear in Proceedings of 2010 Annual Computer Security Applications Conference (ACSAC'10), Austin, Texasi, December 2010. (Acceptance ratio 17%=39/227) [pdf] [bib] [slides]
Yimin Song, Chao Yang, Guofei Gu. "Who Is Peeping at Your Passwords at Starbucks? -- To Catch an Evil Twin Access Point." In Proceedings of the 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN-DCCS 2010), Chicago, IL, June 2010. (Acceptance ratio ) [pdf] [bib] [slides]
Tielei Wang, Tao Wei, Guofei Gu, Wei Zou. "TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection." In Proceedings of the 31st IEEE Symposium on Security & Privacy (Oakland'10), Oakland, CA, May 2010. (Acceptance ratio 11.6%=31/267) [pdf[ [bib] [slides]
Guofei Gu, Vinod Yegneswaran, Phillip Porras, Jennifer Stoll, and Wenke Lee. "Active Botnet Probing to Identify Obscure Command and Control Channels." In Proceedings of 2009 Annual Computer Security Applications Conference (ACSAC'09), Honolulu, Hawaii, December 2009. (Acceptance ratio 19.6%=44/224) [pdf] [bib] [slides]
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. "BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection." In Proceedings of the 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008. (Acceptance ratio 15.9%=27/170) [pdf] [bib]
Guofei Gu, Alvaro A. Cardenas, and Wenke Lee. "Principled Reasoning and Practical Applications of Alert Fusion in Intrusion Detection Systems." In Proceedings of ACM Symposium on InformAction, Computer and Communications Security (ASIACCS'08), Tokyo, Japan, March 2008. (Acceptance ratio 17.6%=32/182) [pdf] [bib] [slides]
Guofei Gu, Junjie Zhang, and Wenke Lee. "BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic." In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008. (Acceptance ratio 17.8%=21/118) [pdf] [bib] [slides]
David Dagon, Guofei Gu, Chris Lee, and Wenke Lee. "A Taxonomy of Botnet Structures." In Proceedings of the 23 Annual Computer Security Applications Conference (ACSAC'07), Miami Beach, FL, December 2007. (Acceptance ratio 22%=42/191) [pdf] [bib]
Roberto Perdisci, Guofei Gu, and Wenke Lee. "Combining Multiple One-Class Classifiers for Hardening Payload-based Anomaly Detection Systems (extended abstract)." NIPS 2007 Workshop on Machine Learning in Adversarial Environments for Computer Security, Vancouver, B.C., Canada, December 2007.
Guofei Gu, Zesheng Chen, Phillip Porras, and Wenke Lee. "Misleading and Defeating Importance-Scanning Malware Propagation." In Proceedings of the 3rd International Conference on Security and Privacy in Communication Networks (SecureComm'07), Nice, France, September 2007. (Acceptance ratio 26%=31/119) [pdf] [bib] [slides]
Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee. "BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation." In Proceedings of the 16th USENIX Security Symposium (Security'07), Boston, MA, August 2007. (Acceptance ratio 12.3%=23/187) [pdf] [bib] [slides] [system]
BotHunter free Internet release now available!
Roberto Perdisci, Guofei Gu, and Wenke Lee. "Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems." In Proceedings of the IEEE International Conference on Data Mining (ICDM'06) (regular paper), Hong Kong, December 2006. (Acceptance ratio 9.4%=73(regular)/776) [pdf] [bib] [slides]
Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems." In Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS'06), Hamburg, Germany, September 2006. (Acceptance ratio 20%=32/160) [pdf] [bib] [slides]
Guofei Gu, Prahlad Fogla, Wenke Lee, and Douglas Blough. "DSO: Dependable Signing Overlay." In Proceedings of International Conference on Applied Cryptography and Network Security (ACNS'06 ), Singapore, June 2006.(Acceptance ratio 15%=33/218) [pdf] [bib] [slides]
Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "Measuring Intrusion Detection Capability: An Information-Theoretic Approach." In Proceedings of ACM Symposium on InformAction, Computer and Communications Security (ASIACCS'06), Taipei, Taiwan, March 2006. (Acceptance ratio 17.7%=33/186) [pdf] [bib] [slides]
Weidong Shi, Joshua B. Fryman, Guofei Gu, Hsien-Hsin S. Lee, Youtao Zhang, and Jun Yang. "InfoShield: A Security Architecture for Protecting Information Usage in Memory." In Proceedings of the 12th International Symposium on High-Performance Computer Architecture (HPCA'06), Austin, TX, February, 2006. (Acceptance ratio 14%=25/175) [pdf] [bib] [slides]
Weidong Shi, Hsien-Hsin Lee, Guofei Gu, Laura Falk, Trevor Mudge, and Mrinmoy Ghosh. "Intrusion Tolerant and Self-Recoverable Network Service System Using Security Enhanced Chip-Multiprocessor." In Proceedings of the 2nd IEEE International Conference on Autonomic Computing (ICAC'05), Seattle, Washington, June 13-16, 2005. (Acceptance ratio 16.7%=25/150) [pdf] [bib] [slides]
Guofei Gu, Monirul Sharif, Xinzhou Qin, David Dagon, Wenke Lee, and George Riley. "Worm Detection, Early Warning and Response Based on Local Victim Information." In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), Tucson, Arizona, December 6-10, 2004. (Acceptance ratio 26%=35/134) [pdf] [bib] [slides]
David Dagon, Xinzhou Qin, Guofei Gu,Wenke Lee, Julian Grizzard, John Levine, and Henry Owen. "HoneyStat: Local Worm Detection Using Honeypots." In Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID'04) , French Riviera, France. September 15-17, 2004. (Acceptance ratio 13.5%=16/118) [pdf] [bib]
Guofei Gu, Bin Zhu, Shipeng Li, and Shiyong Zhang. "PLI: A New Framework to Protect Digital Content for P2P Networks." In Proceedings of International Conference on Applied Cryptography and Network Security (ACNS'03 ), Springer - LNCS 2846, October 16-19, 2003 (Acceptance ratio 16.8%=32/191) [pdf] [bib]

Technical Report

Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "An Information-Theoretic Measure of Intrusion Detection Capability." Technical Report GIT-CC-05-10, College of Computing, Georgia Tech, 2005. [pdf]
Xinzhou Qin, David Dagon, Guofei Gu, Wenke Lee, Mike Warfield, and Pete Allor. "Worm Detection Using Local Networks." Technical Report GIT-CC-04-04, College of Computing, Georgia Tech, Feb 2004. [pdf]