Guofei Gu Eppright Professor in Engineering Presidential Impact Fellow Department of Computer Science & Engineering Texas A&M University Office: HRBB 417A Phone: (979) 845-2475 Email: guofei [AT] cse.tamu.edu
I am a professor and holder of the Eppright Professorship in Engineering in the Department of Computer Science & Engineering at Texas A&M University. Before joining Texas A&M, I received my Ph.D. degree in Computer Science from the College of Computing, Georgia Tech, in 2008. I am an IEEE Fellow and an ACM Distinguished Member. I'm currently directing the SUCCESS (Secure Communication and Computer Systems) Lab at TAMU. A short bio is available here. What's [Mar. 2020] SVHunter (from our S&P’20 paper) code released! [Feb. 2020] Mr. Jonathan Grimes has successfully defended his MS thesis titled “JANUS: Alternating Strength to Detect MAC Spoof”! He is going to join Sandia National Laboratories soon. Congratulations, Jonathan! [Jan. 2020] Our papers on programmable data plane security (Poseidon), new Buffered Packets Hijacking attack in SDN, and blockchain security (SODA) are to appear in NDSS’20. Congratulations, Menghao, Jiahao &Qi, Ting & Xiapu! [Dec. 2019] I'm honored to be named an IEEE Fellow (class of 2020), "for contributions to malware detection and security of next generation networks". [Oct. 2019] I'm honored to be named an ACM Distinguished Member for outstanding scientific contributions to computing. more...

Research Overview

• I'm interested in all aspects of network and system security. To solve practical security problems, I use networking and system techniques, as well as program analysis, applied cryptography, machine learning, artificial intelligence, probability/statistics, information theory, etc. My current specific research interests include: (see details in relevant publications by topic)
  • Internet malware detection, defense, and analysis
  • SPS: Software-defined Programmable Security (SDN, NFV, Cloud, Edge, 5G ...)
    
  • Check out the final report from our 2018 NSF Workshop on Programmable System Security in a Software Defined World.
  • Check our S2OS project website. S2OS is an ongoing large multi-institute project funded by NSF/VMware, in which we aim to build a new Security OS with Software Defined Infrastructure
  • Other projects: FRESCO, OpenFlowSec.org
  • Mobile and IoT security
  • AI security; Web and social networking security
  • Intrusion detection, anomaly detection
• SUCCESS lab page
• Lab members
• Research projects
  
• Research data/tool release
• I am maintaining a list of computer security conference ranking and statistic
• Some useful resources, links
  

Major Awards/Honors

• IEEE Fellow, class of 2020
• William O. and Montine P. Head Memorial Award for contributions to engineering, TAMU, 2020
• Lynn '84 and Bill Crane '83 Faculty Fellow, 2019
• Texas A&M Presidential Impact Fellow, 2019
• ACM Distinguished Member for outstanding scientific contributions to computing, 2019
• TEES Faculty Fellow Award, 2019
• TEES Research Impact Award, 2018
• Texas A&M Dean of Engineering Excellence Award, 2018
• Charles H. Barclay Jr. '45 Faculty Fellow Award, 2017
• ICDCS'15 Best Paper Award, 2015
• Google Faculty Research Award, 2014
• AFOSR Young Investigator Award, 2013
• IEEE S&P'10 Best Student Paper Award, 2010
• NSF CAREER Award, 2010

Selected Publications (full list here, or see  my google scholar page: citations 13,000+ as of May 2020)

• Feng Xiao, Jinquan Zhang, Jianwei Huang, Guofei Gu, Dinghao Wu, Peng Liu. "Unexpected Data Dependency Creation and Chaining: A New Attack to SDN." In Proc. of the 41st IEEE Symposium on Security and Privacy (S&P’20), San Francisco, CA, May 2020. [pdf] [bib] (Release info)
• Ting Chen, Rong Cao, Ting Li, Xiapu Luo, Guofei Gu, Yufei Zhang, Zhou Liao, Hang Zhu, Gang Chen, Zheyuan He, Yuxing Tang, Xiaodong Lin, Xiaosong Zhang. "SODA: A Generic Online Detection Framework for Smart Contracts." In Proc. of the Network and Distributed System Security Symposium (NDSS'20), San Diego, California, Feb. 2020. [pdf] [bib]
• Menghao Zhang, Guanyu Li, Shicheng Wang, Chang Liu, Ang Chen, Hongxin Hu, Guofei Gu, Qi Li, Mingwei Xu, and Jianping Wu. "Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches." In Proc. of the Network and Distributed System Security Symposium (NDSS'20), San Diego, California, Feb. 2020. [pdf] [bib]
• Jiahao Cao, Renjie Xie, Kun Sun, Qi Li, Guofei Gu, Mingwei Xu. "When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN." In Proc. of the Network and Distributed System Security Symposium (NDSS'20), San Diego, California, Feb. 2020. [pdf] [bib]
• Guanyu Li, Menghao Zhang, Chang Liu, Xiao Kong, Ang Chen, Guofei Gu, Haixin Duan, Mingwei Xu. "NetHCF: Enabling Line-rate and Adaptive Spoofed IP Traffic Filtering." In Proc. of the 27th IEEE International Conference on Network Protocols (ICNP’19), Chicago, Illinois, USA, October 7-10, 2019 (Acceptance rate 19.5%=41/210) [pdf] [bib]
• Guangliang Yang, Jeff Huang, Guofei Gu. "Iframes/Popups Are Dangerous in Mobile WebView: Studying and Mitigating Differential Context Vulnerabilities." In Proc. of the 28th USENIX Security Symposium (Security'19), Santa Clara, CA, August 2019. [pdf] [bib]
• Jiahao Cao, Qi Li, Renjie Xie, Kun Sun, Guofei Gu, Mingwei Xu, and Yuan Yang. "The CrossPath Attack: Disrupting the SDN Control Channel via Shared Links". In Proc. of the 28th USENIX Security Symposium (Security'19), Santa Clara, CA, August 2019. [pdf] [bib]
• Yangyong Zhang, Lei Xu, Abner Mendoza, Guangliang Yang, Phakpoom Chinprutthiwong, Guofei Gu. "Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications." In Proc. of the Network and Distributed System Security Symposium (NDSS'19), San Diego, California, Feb. 2019. (Acceptance rate: 17%=89/521 ) [pdf] [bib] (Project website with code release)
• Haopei Wang, Guangliang Yang, Phakpoom Chinprutthiwong, Lei Xu, Yangyong Zhang, Guofei Gu. "Towards Fine-grained Network Security Forensics and Diagnosis in the SDN Era." In Proc. of the 25th ACM Conference on Computer and Communications Security (CCS'18), Toronto, Canada, October 2018. (Acceptance rate: 16.6%=134/809) [pdf] [bib] (Release info)
• Hongda Li, Hongxin Hu, Guofei Gu, Gail-Joon Ahn, Fuqiang Zhang. "vNIDS: Towards Elastic Security with Safe and Efficient Virtualization of Network Intrusion Detection Systems." In Proc. of the 25th ACM Conference on Computer and Communications Security (CCS'18), Toronto, Canada, October 2018. (Acceptance rate: 16.6%=134/809) [pdf] [bib]
  
• Menghao Zhang, Guanyu Li, Lei Xu, Jun Bi, Guofei Gu, Jiasong Bai. "Control Plane Reflection Attacks in SDNs: New Attacks and Countermeasures." In Proc. of the 21st International Symposium on Research in Attacks, Intrusions and Defenses (RAID'18), Heraklion, Greece, September 2018. (Acceptance rate: 22.8%=33/145) [pdf] [bib] (Release info)
• Jialong Zhang, Jiyong Jang, Guofei Gu, Marc Ph. Stoecklin, Xin Hu. "Error-Sensor: Mining Information from HTTP Error Traffic for Malware Intelligence. " In Proc. of the 21st International Symposium on Research in Attacks, Intrusions and Defenses (RAID'18), Heraklion, Greece, September 2018. (Acceptance rate: 22.8%=33/145) [pdf] [bib]
• Richard Skowyra, Lei Xu, Guofei Gu, Thomas Hobson, Veer Dedhia, James Landry, Hamed Okhravi. "Effective Topology Tampering Attacks and Defenses in Software-Defined Networks. " In Proc. of the 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'18), Luxembourg, June 2018. (Acceptance rate: 28%=62/221) [pdf] [bib]
  
• Abner Mendoza, Guofei Gu. "Mobile Application Web API Reconnaissance: Web-to-Mobile Inconsistencies & Vulnerabilities. " In Proc. of the 39th IEEE Symposium on Security and Privacy (S&P'18), San Francisco, CA, May 2018. (Acceptance rate: 11.5%=63/549)  [pdf] [bib]
• Guangliang Yang, Jeff Huang, Guofei Gu, Abner Mendoza. "Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Applications." In Proc. of the 39th IEEE Symposium on Security and Privacy (S&P'18), San Francisco, CA, May 2018. (Acceptance rate: 11.5%=63/549) [pdf] [bib] (Project website with code release)
  
• Jing Zheng, Qi Li, Guofei Gu, Jiahao Cao, David K.Y. Yau, and Jianping Wu. "Realtime DDoS Defense Using COTS SDN Switches via Adaptive Correlation Analysis. " In IEEE Transactions on Information Forensics and Security (TIFS), 2018. [pdf] [bib]
• Abner Mendoza, Phakpoom Chinprutthiwong and Guofei Gu. "Uncovering HTTP Header Inconsistencies and the Impact on Desktop/Mobile Websites." In Proc. of the Web Conference (WWW'18), Lyon, France, April 2018. (Acceptance rate 14.8%=171/1155) [pdf] [bib]
  
• Guangliang Yang, Jeff Huang, Guofei Gu. "Automated Generation of Event-Oriented Exploits in Android Hybrid Apps." In Proc. of the Network and Distributed System Security Symposium (NDSS'18), San Diego, California, Feb. 2018. (Acceptance rate: 21.5% = 71/331) [pdf] [bib]
  
• Guofei Gu, Hongxin Hu, Eric Keller, Zhiqiang Lin, Donald Porter. "Building a Security OS with Software Defined Infrastructure." In Proc. of the Eighth ACM SIGOPS Asia-Pacific Workshop on Systems (APSys'17), India, September 2017. [pdf] [bib] (S2OS Project Website)
• Changhoon Yoon, Seungsoo Lee, Heedo Kang, Taejune Park, Seungwon Shin, Vinod Yegneswaran, Phillip Porras, Guofei Gu. "Flow Wars: Systemizing the Attack Surface and Defenses in Software-Defined Networks." In IEEE/ACM Transactions on Networking (ToN), 2017.  [pdf][ bib]
• Guangliang Yang, Abner Mendoza, Jialong Zhang, Guofei Gu. "Precisely and Scalably Vetting JavaScript Bridge In Android Hybrid Apps." In Proc. of the 20th International Symposium on Research on Attacks, Intrusions and Defenses (RAID'17), Atlanta, GA, September 2017. (Acceptance rate 20%=21/105) [pdf] [bib] (We updated some numbers in Sec. 5.1)
  
• Lei Xu, Jeff Huang, Sungmin Hong, Jialong Zhang, Guofei Gu. "Attacking the Brain: Races in the SDN Control Plane." In Proc. of the 26th USENIX Security Symposium (Security'17), Vancouver, BC, Canada, August 2017. (Acceptance rate 16%=85/522) [pdf] [bib]
• Lei Xue, Yajin Zhou, Ting Chen, Xiapu Luo, Guofei Gu. "Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART." In Proc. of the 26th USENIX Security Symposium (Security'17), Vancouver, BC, Canada, August 2017. (Acceptance rate 16%=85/522) [pdf] [bib]
• Chao Yang, Jialong Zhang and Guofei Gu. "Understanding the Market-level and Network-level Behaviors of the Android Malware Ecosystem." In Proc. of the 37th International Conference on Distributed Computing Systems (ICDCS'17), Atlanta, GA, June 2017. (short paper) [pdf] [bib]
  
• Haopei Wang, Abhinav Srivastava, Lei Xu, Sungmin Hong, Guofei Gu. "Bring Your Own Controller: Enabling Tenant-defined SDN Apps in IaaS Clouds." In Proc. of 2017 IEEE International Conference on Computer Communications (INFOCOM'17), Atlanta, GA, May 2017. (Acceptance rate 20.9%=292/1395) [pdf] [bib]
• Jialong Zhang, Xin Hu, Jiyong Jang, Ting Wang, Guofei Gu, Marc Stoecklin. "Hunting for Invisibility: Characterizing and Detecting Malicious Web Infrastructures through Server Visibility Analysis." In Proc. of 2016 IEEE International Conference on Computer Communications(INFOCOM'16), San Francisco, California, April 2016. (Acceptance rate 18.25%=300/1644) [pdf] [bib]
• Sungmin Hong, Robert Baykov, Lei Xu, Srinath Nadimpalli, Guofei Gu. "Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security." In Proc. of the Network and Distributed System Security Symposium (NDSS'16), San Diego, California, Feb. 2016. (Acceptance rate 15.4%=60/389) [pdf] [bib] (Finalist for CSAW Best Applied Security Paper Award 2016)
• Seungwon Shin, Haopei Wang, Guofei Gu. "A First Step Towards Network Security Virtualization: From Concept To Prototype." In IEEE Transactions on Information Forensics and Security (TIFS),  (2015. [pdf] [bib]
• Chenxiong Qian, Xiapu Luo,Le Yu, Guofei Gu. "VulHunter: Towards Discovering Vulnerabilities in Android Applications." In IEEE Micro, Vol. 35, No. 1, 2015. [pdf] [bib]
• Yuhong Nan, Min Yang, Zhemin Yang, Shunfan Zhou, Guofei Gu, Xiaofeng Wang. "UIPicker: User-Input Privacy Identification in Mobile Applications." In Proc. of the 24th USENIX Security Symposium (Security'15), Washington DC, August 2015. (Acceptance rate 15.7%=67/426) [pdf] [bib]
  
• Jialong Zhang, Sabyasachi Saha, Guofei Gu, Sung-Ju Lee, and Marco Mellia. "Systematic Mining of Associated Server Herds for Malware Campaign Discovery." In Proc. of the 35th International Conference on Distributed Computing Systems (ICDCS'15), Columbus, OH, June 2015. (Acceptance rate 12.9%=70/543) [pdf] [bib] (Best Paper Award!)
• Haopei Wang, Lei Xu, Guofei Gu. "FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks." In  Proc. of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'15), Rio de Janeiro, Brazil, June 2015. (Acceptance rate 21.8%=50/229) [pdf] [bib]
• Abner Mendoza, Kapil Singh, Guofei Gu. "What is Wrecking Your Data Plan? A Measurement Study of Mobile Web Overhead." In Proc. of 2015 Annual IEEE Conference on Computer Communications (INFOCOM'15), Hong Kong, April 2015. (Acceptance rate 19%=316/1640) [pdf] [bib]
• Sungmin Hong*, Lei Xu*, Haopei Wang, Guofei Gu. "Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures." In Proc. of 22nd Annual Network & Distributed System Security Symposium (NDSS'15), San Diego, CA, USA. February 2015. (*co-first author) Acceptance rate 16.9%=51/302 [pdf] [bib] (TopoGuard source code now available!)
• Chao Yang, Jialong Zhang, Guofei Gu. "A Taste of Tweets: Reverse Engineering Twitter Spammers." In Proc. of 2014 Annual Computer Security Applications Conference (ACSAC'14), New Orleans, Louisiana, USA, December 2014. (Acceptance rate 19.9%=47/236) [pdf] [bib]
• Zhaoyan Xu, Antonio Nappa, Robert Baykov, Guangliang Yang, Juan Caballero, and Guofei Gu. "AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis." In Proc. of the 21st ACM Conference on Computer and Communications Security (CCS'14), Scottsdale, AZ, November 2014 (Acceptance rate 19.5%=114/585) [pdf] [bib] (Finalist for CSAW Best Applied Security Paper Award 2015)
• Chao Yang, Zhaoyan Xu, Guofei Gu, Vinod Yegneswaran and Phillip Porras. "DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications." To appear in Proceedings of the 19th European Symposium on Research in Computer Security (ESORICS'14), Wroclaw, Poland, September 2014. (Acceptance rate %) [pdf] [bib]
• Yong Wang, Zhaoyan Xu, Jialong Zhang, Lei Xu, Haopei Wang and Guofei Gu. "SRID: State Relation based Intrusion Detection for False Data Injection Attacks in SCADA." To appear in Proceedings of the 19th European Symposium on Research in Computer Security (ESORICS'14), Wroclaw, Poland, September 2014. (Acceptance rate %) [pdf] [bib]
• Zhaoyan Xu, Jialong Zhang, Guofei Gu, Zhiqiang Lin. "GoldenEye: Efficiently and Effectively Unveiling Malware’s Targeted Environment." To appear in Proceedings of the 17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'14), Gothenburg, Sweden. September 2014. (Acceptance rate 19.5%=22/113) [pdf] [bib]
  
• Antonio Nappa, Zhaoyan Xu, M. Zubair Rafique, Juan Caballero and Guofei Gu. "CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers." In Proceedings of the 21st Annual Network & Distributed System Security Symposium (NDSS'14), San Diego, CA, USA, February 2014. (Acceptance rate 18.6%=55/295) [pdf] [bib]
• Seungwon Shin, Vinod Yegneswaran, Phil Porras, and Guofei Gu. "AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks." In Proc. of the 20th ACM Conference on Computer and Communications Security (CCS'13), Berlin, Germany, November 2013. (Acceptance rate: 19.8%=105/530) [pdf] [bib]
  
• Zhemin Yang, Min Yang, Yuan Zhang, Guofei Gu, Peng Ning and X. Sean Wang. "AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection." In Proc. of the 20th ACM Conference on Computer and Communications Security (CCS'13), Berlin, Germany, November 2013. (Acceptance rate: 19.8%=105/530) [pdf] [bib]
• Yuan Zhang, Min Yang, Bingquan Xu, Zhemin Yang, Guofei Gu, Peng Ning, X. Sean Wang and Binyu Zang. "Vetting Undesirable Behaviors in Android Apps with Permission Use Analysis." In Proc. of the 20th ACM Conference on Computer and Communications Security (CCS'13), Berlin, Germany, November 2013. (Acceptance rate: 19.8%=105/530) [pdf] [bib]
• Seungwon Shin and Guofei Gu. "Attacking Software-Defined Networks: A First Feasibility Study" (short paper). In Proc. of ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN'13), Hong Kong, August 2013. [pdf] [6-page version] [bib]
• Zhaoyan Xu, Jialong Zhang, Guofei Gu, Zhiqiang Lin. "AUTOVAC: Towards Automatically Extracting System Resource Constraints and Generating Vaccines for Malware Immunization." In Proc. of the 33rd International Conference on Distributed Computing Systems (ICDCS'13), Philadelphia, July 2013. (Acceptance rate: 13%=61/464) [pdf] [bib]
  
• Seungwon Shin, Phillip Porras, Vinod Yegneswaran, Martin Fong, Guofei Gu, and Mabry Tyson. "FRESCO: Modular Composable Security Services for Software-Defined Networks." In Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS'13), San Diego, CA, USA, February 2013. (Acceptance rate 18.8%=47/250) [pdf] [bib] (Finalist for CSAW Best Applied Security Paper Award 2013) (FRESCO Project Website)
• Jialong Zhang and Guofei Gu. "NeighborWatcher: A Content-Agnostic Comment Spam Inference System." In Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS'13), San Diego, CA, USA. February 2013.  (Acceptance ratio 18.8%=47/250) [pdf] [bib]
• Zhaoyan Xu, Lingfeng Chen, Guofei Gu and Christopher Kruegel. "PeerPress: Utilizing Enemies' P2P Strength against Them." In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS'12), Raleigh, NC, USA, October 2012. (Acceptance rate 18.9%=80/423) [pdf] [bib] [slides]
• Jialong Zhang, Chao Yang, Zhaoyan Xu, Guofei Gu. "PoisonAmplifier: A Guided Approach of Discovering Compromised Websites through Reversing Search Poisoning Attacks." In Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'12), Amsterdam, The Netherlands. September 2012. (Acceptance rate 21%=18/84) [pdf] [bib]
• Phillip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, and Guofei Gu. "A Security Enforcement Kernel for OpenFlow Networks." In Proc. of ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN'12), Helsinki, Finland. August 2012. (Acceptance rate 30%=22/71) [pdf] [bib]
• Chao Yang, Robert Harkreader, Jialong Zhang, Suengwon Shin, and Guofei Gu. "Analyzing Spammers' Social Networks For Fun and Profit -- A Case Study of Cyber Criminal Ecosystem on Twitter." In Proceedings of the 21st International World Wide Web Conference (WWW'12), Lyon, France, April 2012. (Acceptance rate 12%=108/885) [pdf] [bib]  (Dataset release)
• Seungwon Shin, Zhaoyan Xu, Guofei Gu. "EFFORT: Efficient and Effective Bot Malware Detection." In Proceedings of the 31th Annual IEEE Conference on Computer Communications (INFOCOM'12) Mini-Conference, Orlando, Florida, March 2012. (Acceptance rate 24.4%=378/1547)  [pdf] [Journal Version]] [bib] 
• Shardul Vikram, Yinan Fan, Guofei Gu. "SEMAGE: A New Image-based Two-Factor CAPTCHA." In Proceedings of 2011 Annual Computer Security Applications Conference (ACSAC'11), Orlando, Florida, December 2011. (Acceptance rate 20%=39/195) [pdf] [bib] [slides]
• Chao Yang, Robert Harkreader, Guofei Gu. "Die Free or Live Hard? Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers." In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011), Menlo Park, California, September 2011. (Acceptance rate 23%=20/87) [pdf] [Tech Report] [Journal Version] [bib] [slides] (Dataset release)
• Seungwon Shin, Raymond Lin, Guofei Gu. "Cross-Analysis of Botnet Victims: New Insights and Implications." In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011), Menlo Park, California, September 2011. (Acceptance rate 23%=20/87) [pdf] [bib] [slides]
• Seungwon Shin and Guofei Gu. "Conficker and Beyond: A Large-Scale Empirical Study." In Proceedings of 2010 Annual Computer Security Applications Conference (ACSAC'10), Austin, Texasi, December 2010. (Acceptance rate 17%=39/227) [pdf] [Journal Version] [bib] [slides]
• Yimin Song, Chao Yang, Guofei Gu. "Who Is Peeping at Your Passwords at Starbucks? -- To Catch an Evil Twin Access Point." In Proceedings of the 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'10), Chicago, IL, June 2010. (Acceptance rate 23.2%=39/168) [pdf] [Journal Version] [bib] [slides]
• Tielei Wang, Tao Wei, Guofei Gu, Wei Zou. "TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection." In Proceedings of the 31st IEEE Symposium on Security & Privacy (S&P'10/Oakland'10), Oakland, CA, May 2010. (Acceptance rate 11.6%=31/267) [pdf] [Journal Version] [bib] [slides] (Best Student Paper Award)
• Guofei Gu, Vinod Yegneswaran, Phillip Porras, Jennifer Stoll, and Wenke Lee. "Active Botnet Probing to Identify Obscure Command and Control Channels." In Proceedings of 2009 Annual Computer Security Applications Conference (ACSAC'09), Honolulu, Hawaii, December 2009. (Acceptance rate 19.6%=44/224)  [pdf] [bib] [slides]
• Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. "BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection." In Proceedings of the 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008. (Acceptance rate 15.9%=27/170) [pdf] [bib] [slides]
• Guofei Gu, Junjie Zhang, and Wenke Lee. "BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic." In Proceedings of the 15th  Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008. (Acceptance rate 17.8%=21/118) [pdf] [bib] [slides]
• David Dagon, Guofei Gu, Chris Lee, and Wenke Lee. "A Taxonomy of Botnet Structures." In Proceedings of the 23 Annual Computer Security Applications Conference (ACSAC'07), Miami Beach, FL, December 2007. (Acceptance rate 22%=42/191) [pdf] [bib]
• Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee. "BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation." In Proceedings of the 16th USENIX Security Symposium (Security'07), Boston, MA, August 2007. (Acceptance rate 12.3%=23/187) [pdf] [bib] [slides] [system]
  BotHunter free Internet release now available!

Teaching

• CSCE 313 Introduction to Computer Systems: Spring 2009, Spring 2010, Spring 2012, Fall 2012, Spring 2014, Spring 2015, Spring 2017
  
• CSCE 465 Computer & Network Security: Spring 2011, Spring 2012, Spring 2013, Spring 2014, Spring 2015, Spring 2018, Fall 2019, Fall 2020
  
• CSCE 665 Advanced Networking and Security: Fall 2009, Fall 2010, Fall 2011, Fall 2013, Fall 2014, Fall 2016, Spring 2018, Spring 2019, Spring 2020
• CPSC 689 Special Topics in Computer and Network Security: Fall 2008

Professional Services

• Editorial Service
  
• Associate Editor, IEEE Transactions on Information Forensics and Security, 2015 - present
  
• Associate Editor, Elsevier Computers & Security, 2016 - 2018
  
• Associate Editor, International Journal of Security and Networks (IJSN), 2011 - 2015
• Guest Editor, IEEE Transactions on Dependable and Secure Computing (TDSC), special issue on Security in Emerging Networking Technologies, 2017
• Guest Editor, Computer Network (Elsevier), special issue on Security and Performance of SDN and Functions Virtualization, 2017
  
• Guest Editor, China Communications, special issue on "Software-Defined Networking", 2013
• Guest Editor, Computer Networks (Elsevier), special issue on "Botnet Activity: Analysis, Detection and Shutdown", 2012-2013
• Conference/Workshop Organization
• Steering Committee co-chair, International Conference on Security and Privacy in Communication Networks (SecureComm), 2014 - present
• Steering Committee, ACSAC, 2019 - present
• Program co-chair, ASIACCS 2020
  
• Program co-chair, ACSAC 2018, 2019
• Area TPC chair, ACM CCS 2018, 2019
• Area TPC chair, IEEE CNS 2017, 2018
• Program co-chair, ICNP CoolSDN workshop, 2014, 2015, 2016
• Program co-chair, IEEE INFOCOM MobiSec workshop, 2017, 2018
• General co-chair, ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (SDN-NFV Security), 2016, 2017, 2018
  
• Tutorials co-chair, ACM CCS 2017
• Panel co-chair, IEEE CNS 2017
• Publicity co-chair, ACM Conference on Computer and Communications Security (CCS'11)
• Publicity chair, International Symposium on Recent Advances in Intrusion Detection (RAID'11)
  
• Program co-chair, The First IEEE International Workshop on Network Security and Privacy (NSP'08, in conjunction with IEEE IPCCC 2008)
• Program committee member (selected)
  
• IEEE Symposium on Security and Privacy (Oakland), 2009, 2011, 2012, 2013, 2019, 2020, 2021
  
• ACM Conference on Computer and Communications Security (CCS), 2011, 2012, 2018, 2019, 2020
• USENIX Security Symposium (Security), 2015, 2016, 2017, 2018, 2021
• ISOC Annual Network & Distributed System Security Symposium (NDSS), 2014, 2015, 2016, 2017, 2018, 2020, 2021
• International Conference on Distributed Computing Systems (ICDCS), 2010, 2014, 2015, 2016, 2017, 2018, 2019
  
• Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2016, 2017
  
• International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2009, 2010, 2011, 2012, 2013, 2017, 2018, 2019
  
• Annual Computer Security Applications Conference (ACSAC), 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020
  
• European Symposium on Research in Computer Security (ESORICS), 2009, 2018, 2019, 2020
  
• ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2016, 2017, 2018
• Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2010, 2012, 2013
  
• International Conference on Applied Cryptography and Network Security (ACNS), 2012, 2013
  
• ACM Symposium on Information, Computer & Communication Security (ASIACCS), 2010, 2011, 2014, 2015, 2016, 2017, 2018
  
• International Conference on Security and Privacy in Communication Networks (SecureComm), 2009, 2013, 2014, 2015
  
• IEEE International Conference on Big Data (BigData), 2013, 2014, 2016
  
• IEEE GLOBECOM, Communication and Information System Security Symposium, 2010, 2011, 2012, 2013, 2014, 2015, 2016
  
• IEEE ICC, Communication and Information Systems Security Symposium, 2013, 2014, 2015
  
• ACM Workshop on Artificial Intelligence and Security (AISec), 2011, 2012, 2013, 2014
  

• Fellow of IEEE, Distinguished Member of ACM, Member of USENIX