Guofei's
Publications
(This page is no longer updated. Please visit here for more recent update.)
Journal
- Lei Xue, Xiaobo Ma, Xiapu Luo, Edmond W.W. Chan, Tony T.N.
Miu, Guofei Gu. "LinkScope: Towards Detecting Target Link Flooding
Attacks." In IEEE Transactions on Information Forensics and Security (TIFS), 2018. [pdf] [bib]
- Jing
Zheng, Qi Li, Guofei Gu, Jiahao Cao, David K.Y. Yau, and Jianping Wu.
"Realtime DDoS Defense Using COTS SDN Switches via Adaptive Correlation
Analysis. " In IEEE Transactions on Information Forensics and Security (TIFS), 2018. [pdf] [bib]
- Changhoon Yoon, Seungsoo Lee, Heedo Kang, Taejune Park, Seungwon Shin, Vinod Yegneswaran, Phillip Porras, Guofei Gu. "Flow
Wars: Systemizing the Attack Surface and Defenses in Software-Defined
Networks." In IEEE/ACM Transactions on Networking (ToN), 2017.
[pdf][ bib]
- Yuhong Nan, Zhemin Yang, Min Yang, Shunfan Zhou, Yuan
Zhang, Guofei Gu, Xiaofeng Wang, Limin Sun. "Identify User-Input
Privacy in Mobile Applications at Large Scale." In IEEE Transactions on
Information Forensics and Security (TIFS), 2017. [pdf] [bib]
- Amin Hassanzadeh, Zhaoyan Xu, Radu Stoleru, Guofei
Gu, Michalis Polychronakis. "PRIDE: A Practical Intrusion Detection
System for Resource Constrained Wireless Mesh Networks." In Elsevier
Computers & Security, 2016. [pdf] [bib]
- Yuan Zhang, Min Yang, Guofei Gu and Hao Chen. "Rethinking
Permission Enforcement Mechanism on Mobile Systems." In IEEE
Transactions on Information Forensics and Security (TIFS), 2016.[pdf] [ bib]
- Weili Han, Zhigong Li, Minyue Ni, Guofei Gu, Wenyuan Xu. "Shadow
Attacks based on Password Reuses: A Quantitative Empirical View." In
IEEE Transactions on Dependable and Secure Computing (TDSC), 2016.[pdf] [ bib]
- Seungwon Shin, Haopei Wang, Guofei Gu. "A First Step
Towards Network Security Virtualization: From Concept To Prototype." In IEEE Transactions on Information Forensics and Security,
vol. 10, no. 10, 2015. [pdf] [bib]
- Chenxiong Qian, Xiapu Luo,Le Yu, Guofei Gu.
"VulHunter: Towards Discovering Vulnerabilities in Android
Applications." In IEEE Micro, Vol. 35, No. 1, 2015. [pdf] [bib]
- Shui Yu, Guofei Gu, Ahmed Barnawi, Song Guo, and Ivan
Stojmenovic, "Malware Propagation in Large-Scale Networks," In IEEE Transactions on Knowledge and Data Engineering, vol.27, no. 1, pp. 170-179, 2015 [pdf] [bib]
- Yuan Zhang, Min Yang, Zhemin Yang, Guofei Gu, Peng Ning, and
Binyu Zang. "Permission Use Analysis for Vetting Undesirable Behaviors
in Android Apps." In IEEE Transactions on Information Forensics and
Security, vol. 9, no. 11, 2014. [pdf] [bib]
- Seungwon
Shin, Zhaoyan Xu, Guofei Gu. "EFFORT: A New Host-Network Cooperated
Framework for Efficient and Effective Bot Malware Detection." In Computer Networks (Elsevier), 2013. [draft-pdf] [bib]
- Chao Yang, Robert Harkreader, Guofei Gu. "Empirical Evaluation
and New Design for Fighting Evolving Twitter Spammers. " In
IEEE Transactions on Information Forensics and Security, vol. 8, no. 8, 2013. [pdf]
[bib]
- Chao Yang, Yimin Song, Guofei Gu. "Active User-side Evil Twin
Access
Point Detection Using Statistical Techniques." In IEEE
Transactions on
Information Forensics and Security, vol. 7, no. 5, pp. 1638-1651, 2012.
[pdf] [bib]
- Scott Hand, Zhiqiang Lin, Guofei Gu, Bhavani Thuraisingham.
"Bin-Carver: Automatic recovery of binary executable files." In
Elsevier Digital Investigation, vol. 9, Supplement (Special issue for
DFRWS’12), pp. 108-117, August 2012.
- Weiqin Ma, Pu Duan, Sanmin Liu, Guofei Gu, Jyh-Charn Liu. "Shadow
Attacks: Automatically Evading System-Call-Behavior based Malware
Detection." In Springer Journal in Computer Virology, vol. 8, no.1-2,
pp. 1-13, 2012. [pdf]
[bib]
- Seungwon
Shin, Guofei Gu, Narasimha Reddy, Christopher Lee. “A Large-Scale
Empirical Study of Conficker.” In IEEE Transactions on
Information Forensics and Security, vol. 7, no. 2, pp. 676-690, April
2012. [pdf] [bib]
- Tielei Wang, Tao
Wei, Guofei Gu, Wei Zou. "Checksum-Aware Fuzzing Combined with Dynamic
Taint Analysis and Symbolic Execution." ACM Transactions on Information
and System Security (TISSEC), vol. 14, no. 2, pp. 15:1-15:28, September
2011. [pdf] [bib]
Book Chapter
- Chao Yang, Guofei Gu. “Security in Wireless Local Area Networks,”
to appear in L. Chen & J. Ji (Eds), Wireless Network Security:
Theories and Applications, Springer, 2013
- Guofei Gu. "Botnet Detection
In Enterprise Networks, " to appear in Henk C.A. van Tilborg &
Sushil Jajodia (Eds.), Encyclopedia of Cryptography and Security (2nd
Edition), Springer, 2011.
- David Dagon, Guofei
Gu, and Chris Lee. "A Taxonomy of Botnet Structures." Invited
book chapter for "Botnet Detection: Countering the Largest Security
Threat," Springer-Verlag, 2007. (This is from our ACSAC'07 conference
version)
Conference Publication By Year (publications by area)
2018
-
Abner Mendoza, Guofei Gu. "Mobile Application Web API Reconnaissance:
Web-to-Mobile Inconsistencies & Vulnerabilities. " In Proc. of the 39th IEEE Symposium on Security and Privacy (S&P'18), San Francisco, CA, May 2018. [pdf] [bib]
- Guangliang Yang, Jeff Huang, Guofei Gu, Abner Mendoza. "Study and
Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage
Enabled Mobile Applications." In Proc. of the 39th IEEE Symposium on Security and Privacy (S&P'18), San Francisco, CA, May 2018. [pdf] [bib]
- Abner Mendoza, Phakpoom Chinprutthiwong and Guofei Gu. "Uncovering HTTP
Header Inconsistencies and the Impact on Desktop/Mobile Websites." In Proc. of the Web Conference (WWW'18), Lyon, France, April 2018. (Acceptance ratio 14.8%=171/1155) [pdf] [bib]
- Guangliang Yang, Jeff Huang, Guofei Gu.
"Automated Generation of Event-Oriented Exploits in Android Hybrid Apps." In Proc. of the Network and Distributed System Security Symposium (NDSS'18), San Diego, California, Feb. 2018. [pdf] [bib]
2017
- Guofei Gu, Hongxin Hu, Eric Keller, Zhiqiang Lin, Donald Porter.
"Building a Security OS with Software Defined Infrastructure." In Proc.
of the Eighth ACM SIGOPS Asia-Pacific Workshop on Systems (APSys'17),
India, September 2017. [pdf] [bib]
- Guangliang Yang, Abner Mendoza, Jialong Zhang, Guofei Gu. "Precisely
and Scalably Vetting JavaScript Bridge In Android Hybrid Apps." In Proc. of the 20th International Symposium on Research on Attacks, Intrusions and Defenses (RAID'17), Atlanta, GA, September 2017. (Acceptance ratio 20%=21/105) [pdf] [bib]
- Lei Xu, Jeff Huang, Sungmin Hong, Jialong Zhang, Guofei Gu. "Attacking the Brain: Races in the SDN Control Plane." In Proc. of the 26th USENIX Security Symposium (Security'17), Vancouver, BC, Canada, August 2017. (Acceptance ratio 16%=85/522) [pdf] [bib]
- Lei Xue, Yajin Zhou, Ting Chen, Xiapu Luo, Guofei Gu. "Malton: Towards
On-Device Non-Invasive Mobile Malware Analysis for ART." In Proc. of the 26th USENIX Security Symposium (Security'17), Vancouver, BC, Canada, August 2017. (Acceptance ratio 16%=85/522) [pdf] [bib]
- Ala Altaweel, Radu Stoleru, Guofei Gu. "EvilDirect: A New Wi-Fi Direct Hijacking Attack and Countermeasures." In Proc. of the 26th International Conference on Computer Communication and Networks (ICCCN'17), Vancouver, Canada, August 2017. (Acceptance ratio 25%) [pdf] [bib]
- Chao Yang, Jialong Zhang and Guofei Gu. "Understanding the Market-level
and Network-level Behaviors of the Android Malware Ecosystem." In Proc. of the 37th International Conference on
Distributed Computing Systems (ICDCS'17), Atlanta, GA, June 2017. (short paper) [pdf] [bib]
- Haopei Wang, Abhinav Srivastava, Lei Xu, Sungmin Hong, Guofei Gu.
"Bring Your Own Controller: Enabling Tenant-defined SDN Apps in IaaS
Clouds." In Proc. of 2017 IEEE International Conference on Computer Communications (INFOCOM'17), Atlanta, GA, May 2017. (Acceptance ratio 20.9%=292/1395) [pdf] [bib]
2016
- Seungwon Shin, Lei Xu, Sungmin Hong, Guofei Gu. "Enhancing
Network Security through Software Defined Networking (SDN)." In Proc.
of The 25th International Conference on Computer Communication and
Networks (ICCCN’16), Hawaii, USA, August 2016. (Invited paper) [pdf] [bib]
- Jialong Zhang, Xin Hu, Jiyong Jang, Ting Wang, Guofei Gu, Marc
Stoecklin. "Hunting for Invisibility: Characterizing and Detecting
Malicious Web Infrastructures through Server Visibility Analysis." To
appear in Proc. of 2016 IEEE International Conference on Computer Communications (INFOCOM'16), San Francisco, California, April 2016. (Acceptance ratio 18.25%=300/1644) [pdf] [bib]
- Sungmin Hong, Robert Baykov, Lei Xu, Srinath Nadimpalli, Guofei
Gu. "Towards SDN-Defined Programmable BYOD (Bring Your Own Device)
Security." To appear in Proc. of the Network and Distributed System Security Symposium (NDSS'16), San Diego, California, Feb. 2016. (Acceptance ratio 15.4%=60/389) [pdf] [bib]
2015
- Chao Yang, Guangliang Yang, Ashish Gehani, Vinod
Yegneswaran, Dawood Tariq and Guofei Gu. “Using Provenance Patterns to
Vet Sensitive Behaviors in Android Apps.” In Proc. of 11th International Conference on Security and Privacy in Communication Networks (SecureComm'15), Dallas, US, October 2015 (Acceptance ratio 27.8%=30/108) [pdf] [bib]
- Yuan Zhang, Min Yang, Guofei Gu and Hao Chen. “FineDroid:
Enforcing Permissions with System-wide Application Execution Context.”
In Proc. of 11th International Conference on Security and Privacy in Communication Networks (SecureComm'15), Dallas, US, October 2015 (Acceptance ratio 27.8%=30/108) [pdf] [bib]
- Yuhong Nan, Min Yang, Zhemin Yang, Shunfan Zhou, Guofei Gu, Xiaofeng
Wang. "UIPicker: User-Input Privacy Identification in Mobile
Applications." In Proc. of the 24th USENIX Security Symposium (Security'15), Washington DC, August 2015. (Acceptance ratio 15.7%=67/426) [pdf] [bib]
- Jialong Zhang, Sabyasachi Saha, Guofei Gu, Sung-Ju Lee, and Marco
Mellia. "Systematic Mining of Associated Server Herds for Malware
Campaign Discovery." In Proc. of the 35th International Conference on
Distributed Computing Systems (ICDCS'15), Columbus, OH, June 2015.
(Acceptance ratio 12.9%=70/543) [pdf] [bib] (Best Paper Award)
- Haopei Wang, Lei Xu, Guofei Gu. "FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks." In Proc. of the 45th
Annual IEEE/IFIP International Conference on Dependable Systems and
Networks (DSN'15), Rio de Janeiro, Brazil, June 2015.
(Acceptance ratio 21.8%=50/229) [pdf] [bib]
- Abner Mendoza, Kapil Singh, Guofei Gu. "What is Wrecking Your Data Plan? A Measurement Study of Mobile Web Overhead." In Proc. of 2015 Annual IEEE Conference on Computer Communications (INFOCOM'15), Hong Kong, April 2015. (Acceptance ratio 19%=316/1640) [pdf] [bib]
- Sungmin Hong*,
Lei Xu*, Haopei Wang, Guofei Gu. "Poisoning Network Visibility in
Software-Defined Networks: New Attacks and Countermeasures." In Proc. of 22nd Annual
Network & Distributed System Security Symposium (NDSS'15),
San Diego, CA, USA. February 2015. (*co-first author) Acceptance ratio 16.9%=51/302 [pdf] [bib] (Source code now available!)
2014
- Chao Yang, Jialong Zhang, Guofei Gu. "A Taste of Tweets: Reverse Engineering Twitter Spammers." In Proc. of 2014
Annual Computer Security Applications Conference (ACSAC'14), New Orleans, Louisiana, USA, December 2014. (Acceptance ratio 19.9%=47/236) [pdf] [bib]
- Zhaoyan Xu, Antonio Nappa, Robert Baykov, Guangliang Yang, Juan
Caballero, and Guofei Gu. "AutoProbe: Towards Automatic Active
Malicious Server Probing Using Dynamic Binary Analysis." In Proc.
of the 21st ACM Conference on Computer and Communications Security
(CCS’14), Scottsdale, AZ, November 2014 (Acceptance ratio 19.5%=114/585) [pdf] [bib]
- Chao Yang, Zhaoyan Xu, Guofei Gu, Vinod Yegneswaran and Phillip Porras.
"DroidMiner: Automated Mining and Characterization of Fine-grained
Malicious Behaviors in Android Applications." To appear in Proceedings
of the 19th European Symposium on Research in Computer Security (ESORICS'14), Wroclaw, Poland, September 2014. (Acceptance ratio %) [pdf] [bib]
- Yong Wang, Zhaoyan Xu, Jialong Zhang, Lei Xu, Haopei Wang and Guofei
Gu. "SRID: State Relation based Intrusion Detection for False Data
Injection Attacks in SCADA." To appear in Proceedings
of the 19th European Symposium on Research in Computer Security (ESORICS'14), Wroclaw, Poland, September 2014. (Acceptance ratio %) [pdf] [bib]
- Zhaoyan Xu, Jialong Zhang, Guofei Gu, Zhiqiang Lin. "GoldenEye:
Efficiently and Effectively Unveiling Malware’s Targeted Environment."
To appear in Proceedings
of the 17th International Symposium on Research in Attacks,
Intrusions and Defenses (RAID'14), Gothenburg, Sweden. September 2014. (Acceptance ratio
19.5%=22/113) [pdf] [bib]
- Jialong Zhang, Jayant Notani, Guofei Gu. "Characterizing Google Hacking: A First Large-Scale Quantitative Study." In Proceedings of 10th International Conference on Security and Privacy in Communication Networks (SecureComm'14), Beijing, China, September 2014. [pdf] [bib]
- Yinzhi Cao, Chao Yang, Vaibhav Rastogi, Yan Chen and Guofei Gu.
"Abusing Browser Address Bar for Fun and Profit - An Empirical
Investigation of Add-on Cross Site Scripting Attacks."In Proceedings of 10th International Conference on Security and Privacy in Communication Networks (SecureComm'14), Beijing, China, September 2014. [pdf] [bib]
- Antonio Nappa, Zhaoyan Xu, M. Zubair Rafique, Juan Caballero and Guofei
Gu. "CyberProbe: Towards Internet-Scale Active Detection of Malicious
Servers." In Proceedings of the 21st Annual
Network & Distributed System Security Symposium (NDSS'14),
San Diego, CA, USA, February 2014. (Acceptance ratio
18.6%=55/295) [pdf] [bib]
2013
- Seungwon Shin, Vinod Yegneswaran, Phil Porras, and Guofei Gu.
"AVANT-GUARD: Scalable and Vigilant Switch Flow Management in
Software-Defined Networks." In Proc.
of the 20th ACM Conference on Computer and Communications Security
(CCS’13), Berlin, Germany, November 2013. (Acceptance ratio:
19.8%=105/530) [pdf] [bib]
- Zhemin Yang, Min Yang, Yuan Zhang, Guofei Gu, Peng Ning and X.
Sean
Wang. "AppIntent: Analyzing Sensitive Data Transmission in Android for
Privacy Leakage Detection." In Proc.
of the 20th ACM Conference on Computer and Communications Security
(CCS’13), Berlin, Germany, November 2013. (Acceptance ratio:
19.8%=105/530) [pdf] [bib]
- Yuan Zhang, Min Yang, Bingquan Xu, Zhemin Yang, Guofei Gu, Peng
Ning,
X. Sean Wang and Binyu Zang. "Vetting Undesirable Behaviors in Android
Apps with Permission Use Analysis." In Proc. of the 20th ACM Conference on
Computer and Communications Security (CCS’13), Berlin, Germany,
November 2013. (Acceptance ratio: 19.8%=105/530) [pdf] [bib]
- Amin Hassanzadeh, Zhaoyan Xu, Radu Stoleru, Guofei Gu and
Michalis
Polychronakis. "PRIDE: Practical Intrusion Detection in Resource
Constrained Wireless Mesh Networks. " In Proc. of 2013 International Conference on
Information and Communications Security (ICICS’13), Beijing,
China, November 2013. (Acceptance ratio: 25.7%=29/113) [pdf] [bib]
- Shardul
Vikram, Chao Yang, Guofei Gu. "NOMAD: Towards Non-Intrusive
Moving-Target Defense against Web Bots." To appear in Proc. of IEEE Conference on
Communications and Network Security (CNS’13), Washington, D.C.,
October
2013. (Acceptance ratio: 28%=40/141) [pdf]
[bib]
- Seungwon Shin and Guofei Gu. "Attacking Software-Defined
Networks: A First Feasibility Study" (poster paper). In Proc. of
ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking
(HotSDN'13), Hong Kong, August 2013. [pdf] [6-page version] [bib]
- Seungwon
Shin, Phillip Porras, Vinod Yegneswaran, Guofei Gu. "A Framework For
Integrating Security Services into Software-Defined Networks." In 2013 Open Networking Summit (ONS’13, Research Track poster paper), Santa
Clara, CA, April 2013. [pdf]
[bib]
- Zhaoyan Xu, Jialong Zhang, Guofei Gu, Zhiqiang Lin. "AUTOVAC:
Towards Automatically Extracting System Resource Constraints and
Generating
Vaccines for Malware Immunization." In Proc. of the 33rd International Conference
on Distributed Computing Systems (ICDCS'13), Philadelphia, July
2013. (Acceptance ratio: 13%=61/464) [pdf] [bib]
- Sooel Son, Seungwon Shin, Vinod Yegneswaran, Phillip Porras,
Guofei
Gu. "Model Checking Invariant Security Properties in OpenFlow." In Proc. of 2013 IEEE International
Conference on Communications (ICC'13), Budapest, Hungary,
June 2013. [pdf] [bib]
- Seungwon Shin, Phil Porras, Vinod Yegneswaran, Martin Fong,
Guofei
Gu, and Mabry Tyson. "FRESCO: Modular Composable Security Services for
Software-Defined Networks." To appear in Proceedings of the 20th Annual Network
& Distributed System Security Symposium (NDSS'13), San
Diego, CA, USA. February 2013. (Acceptance ratio 18.8%=47/250) [pdf] [bib]
- Jialong Zhang and
Guofei Gu. "NeighborWatcher: A Content-Agnostic Comment Spam Inference
System." To appear in Proceedings of the 20th Annual Network
& Distributed System Security Symposium (NDSS'13), San
Diego, CA, USA. February 2013. (Acceptance ratio 18.8%=47/250) [pdf] [bib]
- Amit Amaleswarm, A. L. Narasimha Reddy, Sandep Yadav, Guofei Gu
and Chao Yang. "CATS: Characterizing Automation of Twitter Spammers. "
In Proc. of the 5th International Conference on COMmunication Systems
and NETworkS (COMSNETS’13), Bangalore, India, Jan. 2013. (Acceptance
ratio 26.4%=38/144)[ pdf] [bib]
2012
- Seungwon
Shin, Guofei Gu. “CloudWatcher: Network Security Monitoring Using
OpenFlow in Dynamic Cloud Networks (or: How to Provide Security
Monitoring as a Service in Clouds?)” To appear in Proceedings of the 7th Workshop on Secure
Network Protocols (NPSec’12), co-located with IEEE ICNP’12, Austin, TX, USA,
October 2012 (invited paper) [pdf] [bib]
- Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong
and
Wei Zou. "SmartDroid: An Automatic System for Revealing UI-based
Trigger Conditions in Android Applications." To appear in Proceedings of the 2nd ACM CCS Workshop on
Security and Privacy in Smartphones and Mobile Devices (SPSM’12),
Raleigh, NC, USA, October 2012. (Acceptance ratio 36.7%=11/30) [pdf] [bib]
- Zhaoyan Xu, Lingfeng Chen, Guofei Gu and Christopher Kruegel.
"PeerPress: Utilizing Enemies' P2P Strength against Them." To appear
in Proceedings of the 19th ACM
Conference on Computer and Communications Security (CCS'12),
Raleigh, NC, USA, October 2012. (Acceptance ratio 18.9%=80/423) [pdf] [bib]
- Jialong Zhang, Chao Yang, Zhaoyan Xu, Guofei Gu.
"PoisonAmplifier: A
Guided Approach of Discovering Compromised Websites through Reversing
Search Poisoning Attacks." To appear in Proceedings of the 15th International
Symposium on Research in Attacks, Intrusions and Defenses (RAID'12),
Amsterdam, The Netherlands. September 2012. (Acceptance ratio
21%=18/84) [pdf] [bib]
- Phillip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong,
Mabry
Tyson, and Guofei Gu. "A Security Enforcement Kernel for OpenFlow
Networks." To appear in Proc. of ACM
SIGCOMM Workshop on Hot Topics in Software Defined Networking
(HotSDN'12), Helsinki, Finland. August 2012. (Acceptance ratio
30%=22/71) [pdf] [bib]
- Scott Hand, Zhiqiang Lin, Guofei Gu, and Bhavani Thuraisingham.
"Bin-Carver: Automatic Recovery of Binary Executable Files." To appear
in Proceedings of the 12th Annual
Digital Forensics Research Conference (DFRWS'12), Washington DC,
August 2012. (Acceptance ratio 29.8%=14/47) [pdf] [bib]
- Chao Yang, Robert Harkreader, Jialong Zhang, Suengwon Shin, and
Guofei
Gu. "Analyzing Spammers' Social Networks For Fun and Profit -- A Case
Study of Cyber Criminal Ecosystem on Twitter." To appear in Proceedings of the 21st International
World Wide Web Conference (WWW'12), Lyon, France, April 2012. [pdf] [bib] (Dataset release)
- Seungwon Shin, Zhaoyan Xu, Guofei Gu. "EFFORT: Efficient and
Effective Bot Malware Detection." To appear in Proceedings of the 31th Annual IEEE
Conference on Computer Communications (INFOCOM'12)
Mini-Conference, Orlando, Florida, March 2012. [pdf] [Tech Report (extended version)] [bib]
2011
- Shardul Vikram, Yinan Fan, Guofei Gu. "SEMAGE: A New Image-based
Two-Factor CAPTCHA." To appear in Proceedings
of 2011
Annual Computer Security Applications Conference (ACSAC'11), Orlando, Florida, December 2011. (Acceptance ratio 20%=39/195) [pdf] [bib]
- Chao Yang, Robert Harkreader, Guofei Gu. "Die Free or Live Hard?
Empirical Evaluation and New Design for Fighting Evolving Twitter
Spammers." To appear in Proceedings
of the 14th International Symposium on Recent Advances in Intrusion
Detection (RAID 2011), Menlo Park, California, September 2011.
(Acceptance ratio 23%=20/87) [pdf] [Tech Report (extended
version)] [bib]
- Seungwon Shin, Raymond Lin, Guofei Gu. "Cross-Analysis of Botnet
Victims: New Insights and Implications." To appear in Proceedings of the 14th International
Symposium on Recent Advances in Intrusion Detection (RAID 2011),
Menlo Park, California, September 2011. (Acceptance ratio
23%=20/87) [pdf]
[bib]
- Kevin Zhijie Chen, Guofei Gu, Jose Nazario, Xinhui Han and
Jianwei
Zhuge. "WebPatrol: Automated Collection and Replay of Web-based Malware
Scenarios." To appear in Proceedings
of 2011 ACM Symposium on Information, Computer and Communications
Security (ASIACCS'11), Hong Kong, March 2011. (Acceptance ratio
16%=35/217) [pdf] [bib] [slides]
- Junjie
Zhang, Xiapu Luo, Roberto Perdisci, Guofei Gu, Wenke Lee and Nick
Feamster. "Boosting the Scalability of Botnet Detection Using Adaptive
Traffic Sampling." To appear in Proceedings
of 2011 ACM Symposium on Information, Computer and Communications
Security (ASIACCS'11), Hong Kong, March 2011. (Acceptance ratio
16%=35/217) [pdf] [bib] [slides]
2010
- Seungwon Shin and Guofei Gu. "Conficker and Beyond: A Large-Scale
Empirical Study." To appear in Proceedings
of 2010 Annual Computer Security Applications Conference
(ACSAC'10), Austin, Texasi, December 2010. (Acceptance ratio
17%=39/227) [pdf] [bib] [slides]
- Yimin Song, Chao Yang, Guofei
Gu. "Who Is Peeping at Your Passwords at Starbucks? -- To
Catch an Evil Twin Access Point." In Proceedings of the 40th
Annual IEEE/IFIP International Conference on Dependable Systems and
Networks (DSN'10), Chicago, IL, June 2010.
(Acceptance ratio ) [pdf] [Journal Version]
[bib]
[slides]
- Tielei Wang, Tao
Wei, Guofei Gu,
Wei Zou. "TaintScope: A Checksum-Aware Directed Fuzzing Tool for
Automatic
Software Vulnerability Detection." In Proceedings
of the 31st IEEE
Symposium on Security & Privacy (Oakland'10),
Oakland, CA, May 2010. (Acceptance ratio 11.6%=31/267) [pdf[ [bib]
[slides] (Best
Student Paper Award)
2009
- Guofei Gu,
Vinod
Yegneswaran, Phillip Porras, Jennifer Stoll, and Wenke Lee. "Active
Botnet Probing to Identify Obscure Command and Control Channels." In Proceedings
of 2009 Annual Computer Security Applications Conference (ACSAC'09),
Honolulu, Hawaii, December 2009. (Acceptance ratio
19.6%=44/224) [pdf]
[bib]
[slides]
2008
- Guofei
Gu,
Roberto Perdisci, Junjie Zhang, and Wenke Lee. "BotMiner: Clustering
Analysis of Network Traffic for Protocol- and Structure-Independent
Botnet Detection." In Proceedings of the 17th
USENIX Security Symposium (Security'08), San Jose, CA, 2008.
(Acceptance ratio 15.9%=27/170) [pdf] [bib]
- Guofei
Gu,
Alvaro A. Cardenas, and Wenke Lee. "Principled Reasoning and Practical
Applications of Alert Fusion in Intrusion Detection Systems." In Proceedings
of ACM Symposium on InformAction, Computer and Communications Security
(ASIACCS'08), Tokyo, Japan, March 2008. (Acceptance ratio
17.6%=32/182) [pdf]
[bib] [slides]
- Guofei
Gu,
Junjie Zhang, and Wenke Lee. "BotSniffer: Detecting Botnet Command and
Control Channels in Network Traffic." In Proceedings of the
15th Annual Network and Distributed System Security Symposium
(NDSS'08), San Diego, CA, February 2008. (Acceptance ratio
17.8%=21/118) [pdf]
[bib] [slides]
2007 and before
- David
Dagon, Guofei
Gu, Chris Lee, and Wenke Lee. "A Taxonomy of Botnet
Structures." In Proceedings of the 23 Annual Computer
Security Applications Conference (ACSAC'07), Miami Beach, FL,
December 2007. (Acceptance ratio 22%=42/191) [pdf] [bib]
- Roberto
Perdisci,
Guofei Gu, and Wenke Lee. "Combining Multiple
One-Class Classifiers for Hardening Payload-based Anomaly Detection
Systems (extended abstract)." NIPS 2007 Workshop on Machine
Learning in Adversarial Environments for Computer Security,
Vancouver, B.C., Canada, December 2007.
- Guofei
Gu,
Zesheng Chen, Phillip Porras, and Wenke Lee. "Misleading and Defeating
Importance-Scanning Malware Propagation." In
Proceedings of the 3rd International Conference on Security and Privacy
in Communication Networks (SecureComm'07), Nice, France,
September 2007. (Acceptance ratio 26%=31/119) [pdf] [bib] [slides]
- Guofei
Gu,
Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee.
"BotHunter: Detecting Malware Infection Through IDS-Driven Dialog
Correlation." In Proceedings of the 16th USENIX Security
Symposium (Security'07), Boston, MA, August 2007. (Acceptance
ratio 12.3%=23/187) [pdf]
[bib] [slides]
[system]
BotHunter free Internet
release
now available!
- Roberto
Perdisci,
Guofei Gu, and Wenke Lee. "Using an Ensemble of
One-Class SVM Classifiers to Harden Payload-based Anomaly Detection
Systems." In Proceedings of the IEEE International Conference
on Data Mining (ICDM'06) (regular paper), Hong Kong, December
2006. (Acceptance ratio 9.4%=73(regular)/776) [pdf] [bib] [slides]
- Guofei
Gu,
Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "Towards an
Information-Theoretic Framework for Analyzing Intrusion Detection
Systems." In Proceedings of the 11th European Symposium on
Research in Computer Security (ESORICS'06), Hamburg, Germany,
September 2006. (Acceptance ratio 20%=32/160) [pdf] [bib] [slides]
- Guofei
Gu,
Prahlad Fogla, Wenke Lee, and Douglas Blough. "DSO: Dependable Signing
Overlay." In Proceedings of International Conference on
Applied Cryptography and Network Security (ACNS'06 ),
Singapore, June 2006.(Acceptance ratio 15%=33/218) [pdf] [bib] [slides]
- Guofei
Gu,
Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "Measuring
Intrusion Detection Capability: An Information-Theoretic Approach." In Proceedings
of ACM Symposium on InformAction, Computer and Communications Security
(ASIACCS'06), Taipei, Taiwan, March 2006. (Acceptance ratio
17.7%=33/186) [pdf]
[bib] [slides]
- Weidong
Shi,
Joshua B. Fryman, Guofei Gu, Hsien-Hsin S. Lee,
Youtao Zhang, and Jun Yang. "InfoShield: A Security Architecture for
Protecting Information Usage in Memory." In Proceedings of
the 12th International Symposium on High-Performance Computer
Architecture (HPCA'06), Austin, TX, February, 2006.
(Acceptance ratio 14%=25/175) [pdf]
[bib] [slides]
- Weidong
Shi,
Hsien-Hsin Lee, Guofei Gu, Laura Falk, Trevor
Mudge, and Mrinmoy Ghosh. "Intrusion Tolerant and Self-Recoverable
Network Service System Using Security Enhanced Chip-Multiprocessor." In
Proceedings of the 2nd IEEE
International Conference on Autonomic Computing (ICAC'05),
Seattle, Washington, June 13-16, 2005. (Acceptance ratio 16.7%=25/150) [pdf]
[bib] [slides]
- Guofei
Gu,
Monirul Sharif, Xinzhou Qin, David Dagon, Wenke Lee, and George Riley.
"Worm Detection, Early Warning and Response Based on Local Victim
Information." In Proceedings of the 20th Annual Computer
Security Applications Conference (ACSAC'04), Tucson, Arizona,
December 6-10, 2004. (Acceptance ratio 26%=35/134) [pdf] [bib] [slides]
- David
Dagon,
Xinzhou Qin, Guofei Gu,Wenke Lee, Julian Grizzard,
John Levine, and Henry Owen. "HoneyStat: Local Worm Detection Using
Honeypots." In Proceedings of the 7th
International Symposium on Recent Advances in Intrusion Detection
(RAID'04) , French Riviera, France. September 15-17, 2004.
(Acceptance ratio 13.5%=16/118) [pdf]
[bib]
- Guofei
Gu,
Bin Zhu, Shipeng Li, and Shiyong Zhang. "PLI: A New Framework to
Protect Digital Content for P2P Networks." In Proceedings of
International Conference on Applied Cryptography and
Network Security (ACNS'03 ), Springer - LNCS 2846, October
16-19, 2003 (Acceptance ratio 16.8%=32/191) [pdf] [bib]
Technical
Report
- Seungwon Shin, Zhaoyan Xu, Guofei Gu. "CloudRand:
Building Heterogeneous and Moving-target Port Interfaces for Networked
Systems." Technical Report, Department of Computer Science &
Engineering, Texas A&M University, 2011 [pdf]
- Guofei
Gu,
Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "An
Information-Theoretic Measure of Intrusion Detection Capability." Technical
Report GIT-CC-05-10, College of Computing, Georgia Tech,
2005. [pdf]
- Xinzhou
Qin,
David Dagon, Guofei Gu, Wenke Lee, Mike Warfield,
and Pete Allor. "Worm Detection Using Local Networks." Technical
Report GIT-CC-04-04, College of Computing, Georgia Tech, Feb
2004. [pdf]