Bibtex of Guofei's Publications


 
@Article{FlowWars_ToN17,
author = {Changhoon Yoon and Seungsoo Lee and Heedo Kang and Taejune Park and Seungwon Shin and Vinod Yegneswaran and Phillip Porras and Guofei Gu},
title = {Flow Wars: Systemizing the Attack Surface and Defenses in Software-Defined Networks},
journal = {EEE/ACM Transactions on Networking (ToN)},
year = {2017},
volume = {},
number = {},
month = {},
pages = {},
}


@Article{UIPrivacy_TIFS17,
author = {Yuhong Nan and Zhemin Yang and Min Yang and Shunfan Zhou and Yuan Zhang and Guofei Gu and Xiaofeng Wang and Limin Sun},
title = {Identify User-Input Privacy in Mobile Applications at Large Scale},
journal = {IEEE Transactions on Information Forensics and Security (TIFS)},
year = {2017},
volume = {},
number = {},
month = {},
pages = {},
}

@inproceedings{BridgeScope_RAID17,
title = {Precisely and Scalably Vetting JavaScript Bridge In Android Hybrid Apps},
author = {Guangliang Yang and Abner Mendoza and Jialong Zhang and Guofei Gu},
year = {2017},
month = {September},
booktitle = {Proceedings of The 20th International Symposium on Research on Attacks, Intrusions and Defenses (RAID'17)}
}



@inproceedings{ConGuard_Security17,
title = {Attacking the Brain: Races in the SDN Control Plane},
author = {Lei Xu and Jeff Huang and Sungmin Hong and Jialong Zhang and Guofei Gu},
year = {2017},
month = {August},
booktitle = {Proceedings of The 26th USENIX Security Symposium (Security'17)}
}

@inproceedings{Malton_Security17,
title = {Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART},
author = {Lei Xue and Yajin Zhou and Ting Chen and Xiapu Luo and Guofei Gu},
year = {2017},
month = {August},
booktitle = {Proceedings of The 26th USENIX Security Symposium (Security'17)}
}

@inproceedings{MarketNet_ICDCS17,
title = {Understanding the Market-level and Network-level Behaviors of the Android Malware Ecosystem},
author = {Chao Yang and Jialong Zhang and Guofei Gu},
year = {2017},
month = {June},
booktitle = {Proceedings of The 37th International Conference on Distributed Computing Systems (ICDCS'17)}
}

@inproceedings{BYOCVisor_INFOCOM17,
title = {Bring Your Own Controller: Enabling Tenant-defined SDN Apps in IaaS Clouds},
author = {Haopei Wang and Abhinav Srivastava and Lei Xu and Sungmin Hong and Guofei Gu},
year = {2017},
month = {May},
booktitle = {Proceedings of The 2017 IEEE International Conference on Computer Communications (INFOCOM'17)}
}

@Article{PRIDE_COSE16,
author = {Amin Hassanzadeh and Zhaoyan Xu and Radu Stoleru and Guofei Gu and Michalis Polychronakis},
title = {PRIDE: A Practical Intrusion Detection System for Resource Constrained Wireless Mesh Networks},
journal = {Elsevier Computers \& Security},
year = {2016},
volume = {},
number = {},
month = {},
pages = {},
}

@inproceedings{SDNsok_ICCCN16,
title = {Enhancing Network Security through Software Defined Networking (SDN)},
author = {Seungwon Shin and Lei Xu and Sungmin Hong and Guofei Gu},
year = {2016},
month = {August},
booktitle = {Proceedings of The 25th International Conference on Computer Communication and Networks (ICCCN'16)}
}

@Article{Permission_TIFS16,
author = {Yuan Zhang and Min Yang and Guofei Gu and Hao Chen},
title = {Rethinking Permission Enforcement Mechanism on Mobile Systems},
journal = {IEEE Transactions on Information Forensics and Security},
year = {2016},
volume = {},
number = {},
month = {},
pages = {},
}

@Article{Password_TDSC16,
author = {Weili Han and Zhigong Li and Minyue Ni and Guofei Gu and Wenyuan Xu},
title = {Shadow Attacks based on Password Reuses: A Quantitative Empirical View},
journal = {IEEE Transactions on Dependable and Secure Computing (TDSC)},
year = {2016},
volume = {},
number = {},
month = {},
pages = {},
}

@inproceedings{VisHunter_INFOCOM16,
title = {Hunting for Invisibility: Characterizing and Detecting Malicious Web Infrastructures through Server Visibility Analysis},
author = {Jialong Zhang and Xin Hu and Jiyong Jang and Ting Wang and Guofei Gu and Marc Stoecklin},
year = {2016},
month = {April},
booktitle = {Proceedings of the 2016 IEEE International Conference on Computer Communications (INFOCOM'16)}
}

@inproceedings{PBS_NDSS16,
title = {Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security},
author = {Sungmin Hong and Robert Baykov and Lei Xu and Srinath Nadimpalli and Guofei Gu},
year = {2016},
month = {February},
booktitle = {Proceedings of the 2016 Network and Distributed System Security Symposium (NDSS'16)}
}

@Article{NSV_TIFS15,
author = {Seungwon Shin and Haopei Wang and Guofei Gu},
title = {A First Step Towards Network Security Virtualization: From Concept To Prototype},
journal = {IEEE Transactions on Information Forensics and Security},
year = {2015},
volume = {10},
number = {10},
month = {},
pages = {},
}

@Article{VulHunter_Micro15,
author = {Chenxiong Qian and Xiapu Luo and Le Yu and Guofei Gu},
title = {VulHunter: Towards Discovering Vulnerabilities in Android Applications},
journal = {IEEE Micro},
year = {2015},
volume = {35},
number = {1},
month = {},
pages = {},
}

@Article{MalSize_TKDE15,
author = {Shui Yu and Guofei Gu and Ahmed Barnawi and Song Guo and Ivan Stojmenovic},
title = {Malware Propagation in Large-Scale Networks},
journal = {IEEE Transactions on Knowledge and Data Engineering},
year = {2015},
volume = {27},
number = {1},
month = {},
pages = {},
}

@inproceedings{Dagger_Securecomm15,
title = {Using Provenance Patterns to Vet Sensitive Behaviors in Android Apps},
author = {Chao Yang and Guangliang Yang and Ashish Gehani and Vinod Yegneswaran and Dawood Tariq and Guofei Gu},
year = {2015},
month = {October},
booktitle = {Proceedings of the 11th International Conference on Security and Privacy in Communication Networks (SecureComm'15)}
}

@inproceedings{FineDroid_Securecomm15,
title = {FineDroid: Enforcing Permissions with System-wide Application Execution Context},
author = {Yuan Zhang and Min Yang and Guofei Gu and Hao Chen},
year = {2015},
month = {October},
booktitle = {Proceedings of the 11th International Conference on Security and Privacy in Communication Networks (SecureComm'15)}
}

@inproceedings{UIPicker_Security15,
title = {UIPicker: User-Input Privacy Identification in Mobile Applications},
author = {Yuhong Nan and Min Yang and Zhemin Yang and Shunfan Zhou and Guofei Gu and Xiaofeng Wang},
year = {2015},
month = {August},
booktitle = {Proceedings of the 24th USENIX Security Symposium (Security'15)}
}

@inproceedings{SMASH_ICDCS15,
title = {Systematic Mining of Associated Server Herds for Malware Campaign Discovery},
author = {Jialong Zhang and Sabyasachi Saha and Guofei Gu and Sung-Ju Lee and Marco Mellia},
year = {2015},
month = {June},
booktitle = {Proceedings of the 35th International Conference on Distributed Computing Systems (ICDCS'15)}
}

@inproceedings{FloodGuard_DSN15,
title = {FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks},
author = {Haopei Wang and Lei Xu and Guofei Gu},
year = {2015},
month = {June},
booktitle = {Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'15)}
}


@inproceedings{MobiWeb_Infocom15,
title = {What is Wrecking Your Data Plan? A Measurement Study of Mobile Web Overhead},
author = {Abner Mendoza and Kapil Singh and Guofei Gu},
year = {2015},
month = {April},
booktitle = {Proceedings of 2015 Annual IEEE Conference on Computer Communications (INFOCOM'15)}
}


@inproceedings{PoisoningSDN_NDSS15,
title = {Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures},
author = {Sungmin Hong and Lei Xu and Haopei Wang and Guofei Gu},
year = {2015},
month = {February},
booktitle = {Proceedings of 2015 Annual Network and Distributed System Security Symposium (NDSS'15)}
}

@Article{VetDroid_TIFS14,
author = {Yuan Zhang and Min Yang and Zhemin Yang and Guofei Gu and Peng Ning and Binyu Zang},
title = {Permission Use Analysis for Vetting Undesirable Behaviors in Android Apps},
journal = {IEEE Transactions on Information Forensics and Security},
year = {2014},
volume = {9},
number = {11},
month = {},
pages = {},
}

@inproceedings{RETwitter_ACSAC14,
title = {A Taste of Tweets: Reverse Engineering Twitter Spammers},
author = {Chao Yang and Jialong Zhang and Guofei Gu},
year = {2014},
month = {December},
booktitle = {Proceedings of 2014 Annual Computer Security Applications Conference (ACSAC'14)}
}

@inproceedings{AutoProbe_CCS14,
title = {AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis},
author = {Zhaoyan Xu and Antonio Nappa and Robert Baykov and Guangliang Yang and Juan Caballero and Guofei Gu},
year = {2014},
month = {November},
booktitle = {Proceedings of the 21st ACM Conference on Computer and Communications Security(CCS’14)}
}


@inproceedings{DroidMiner_ESORICS14,
title = {DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications},
author = {Chao Yang and Zhaoyan Xu and Guofei Gu and Vinod Yegneswaran and Phillip Porras},
year = {2014},
month = {September},
booktitle = {Proceedings of the 19th European Symposium on Research in Computer Security (ESORICS'14)}
}

@inproceedings{SRID_ESORICS14,
title = {SRID: State Relation based Intrusion Detection for False Data Injection Attacks in SCADA},
author = {Yong Wang and Zhaoyan Xu and Jialong Zhang and Lei Xu and Haopei Wang and Guofei Gu},
year = {2014},
month = {September},
booktitle = {Proceedings of the 19th European Symposium on Research in Computer Security (ESORICS'14)}
}


@inproceedings{GoldenEye_RAID14,
title = {GoldenEye: Efficiently and Effectively Unveiling Malware’s Targeted Environment},
author = {Zhaoyan Xu and Jialong Zhang and Guofei Gu and Zhiqiang Lin},
year = {2014},
month = {September},
booktitle = {Proceedings of the 17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'14)}
}

@inproceedings{GoogleHacking_Securecomm14,
title = {Characterizing Google Hacking: A First Large-Scale Quantitative Study},
author = {Jialong Zhang and Jayant Notani and Guofei Gu},
year = {2014},
month = {September},
booktitle = {Proceedings of the 10th International Conference on Security and Privacy in Communication Networks (SecureComm'14)}
}

@inproceedings{AddonXSS_Securecomm14,
title = {Abusing Browser Address Bar for Fun and Profit - An Empirical Investigation of Add-on Cross Site Scripting Attacks},
author = {Yinzhi Cao and Chao Yang and Vaibhav Rastogi and Yan Chen and Guofei Gu},
year = {2014},
month = {September},
booktitle = {Proceedings of the 10th International Conference on Security and Privacy in Communication Networks (SecureComm'14)}
}


@inproceedings{CyberProbe_NDSS14,
title = {CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers},
author = {Antonio Nappa and Zhaoyan Xu and M. Zubair Rafique and Juan Caballero and Guofei Gu},
year = {2014},
month = {February},
booktitle = {Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS'14)}
}

@inproceedings{AvantGuard_CCS13,
title = {AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks},
author = {Seungwon Shin and Vinod Yegneswaran and Phil Porras and Guofei Gu},
year = {2013},
month = {November},
booktitle = {Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS’13)}
}


@inproceedings{AppIntent_CCS13,
title = {AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection},
author = {Zhemin Yang and Min Yang and Yuan Zhang and Guofei Gu and Peng Ning and X. Sean Wang},
year = {2013},
month = {November},
booktitle = {Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS’13)}
}


@inproceedings{VetDroid_CCS13,
title = {Vetting Undesirable Behaviors in Android Apps with Permission Use Analysis},
author = {Yuan Zhang and Min Yang and Bingquan Xu and Zhemin Yang and Guofei Gu and Peng Ning and X. Sean Wang and Binyu Zang},
year = {2013},
month = {November},
booktitle = {Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS’13)}
}

@inproceedings{PRIDE_ICICS13,
title = {{PRIDE}: Practical Intrusion Detection in Resource Constrained Wireless Mesh Networks},
author = {Amin Hassanzadeh and Zhaoyan Xu and Radu Stoleru and Guofei Gu and Michalis Polychronakis},
year = {2013},
month = {November},
booktitle = {Proceedings of 2013 International Conference on Information and Communications Security (ICICS’13)}
}

@inproceedings{NOMAD_CNS13,
title = {{NOMAD}: Towards Non-Intrusive Moving-Target Defense against Web Bots},
author = {Shardul Vikram and Chao Yang and Guofei Gu},
year = {2013},
month = {October},
booktitle = {Proceedings of IEEE Conference on Communications and Network Security (CNS’13)}
}

@inproceedings{SDNScanner_HotSDN13,
title = {Attacking Software-Defined Networks: A First Feasibility Study (short paper)},
author = {Seungwon Shin and Guofei Gu},
year = {2013},
month = {August},
booktitle = {Proceedings of ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN'13)}
}


@Article{EFFORT_ComNet13,
author = {Seungwon Shin and Zhaoyan Xu and Guofei Gu},
title = {{EFFORT}: A New Host-Network Cooperated Framework for Efficient and Effective Bot Malware Detection},
journal = {Computer Networks (Elsevier)},
year = {2013},
volume = {},
number = {},
month = {},
pages = {},
}

@Article{Twitter_TIFS13,
author = {Chao Yang and Robert Harkreader and Guofei Gu},
title = {Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers},
journal = {IEEE Transactions on Information Forensics and Security},
year = {2013},
volume = {8},
number = {8},
month = {},
pages = {},
}

@inproceedings{AUTOVAC_ICDCS13,
title = {{AUTOVAC}: Towards Automatically Extracting System Resource Constraints and Generating Vaccines for Malware Immunization},
author = {Zhaoyan Xu and Jialong Zhang and Guofei Gu and Zhiqiang Lin},
year = {2013},
month = {July},
booktitle = {Proc. of the 33rd International Conference on Distributed Computing Systems (ICDCS'13)}
}

@inproceedings{FLOVER_ICC13,
title = {Model Checking Invariant Security Properties in OpenFlowProc},
author = {Sooel Son and Seungwon Shin and Vinod Yegneswaran and Phillip Porras and Guofei Gu},
year = {2013},
month = {June},
booktitle = {Proceedings of 2013 IEEE International Conference on Communications (ICC'13)}
}

@inproceedings{FRESCO_NDSS13,
title = {FRESCO: Modular Composable Security Services for Software-Defined Networks},
author = {Seungwon Shin and Phil Porras and Vinod Yegneswaran and Martin Fong and Guofei Gu and Mabry Tyson},
year = {2013},
month = {February},
booktitle = {Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS'13)}
}

@inproceedings{NeighborWatcher_NDSS13,
title = {NeighborWatcher: A Content-Agnostic Comment Spam Inference System},
author = {Jialong Zhang and Guofei Gu},
year = {2013},
month = {February},
booktitle = {Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS'13)}
}

@inproceedings{CATS_COMSNETS13,
title = {CATS: Characterizing Automation of Twitter Spammers},
author = {Amit Amaleswarm and A. L. Narasimha Reddy and Sandep Yadav and Guofei Gu and Chao Yang},
year = {2013},
month = {Jan.},
booktitle = {Proceedings of the 5th International Conference on COMmunication Systems and NETworkS (COMSNETS’13)}
}


@inproceedings{CloudWatcher_NPSec12,
title = {CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to Provide Security Monitoring as a Service in Clouds?)},
author = {Seungwon Shin and Guofei Gu},
year = {2012},
month = {October},
booktitle = {Proceedings of the 7th Workshop on Secure Network Protocols (NPSec’12), co-located with IEEE ICNP’12}
}

@inproceedings{SmartDroid_SPSM12,
title = {SmartDroid: An Automatic System for Revealing UI-based Trigger Conditions in Android Applications},
author = {Cong Zheng and Shixiong Zhu and Shuaifu Dai and Guofei Gu and Xiaorui Gong and Wei Zou},
year = {2012},
month = {October},
booktitle = {Proceedings of the 2nd ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM’12)}
}

@inproceedings{PeerPress_CCS12,
title = {{PeerPress}: Utilizing Enemies' P2P Strength against Them},
author = {Zhaoyan Xu and Lingfeng Chen and Guofei Gu and Christopher Kruegel},
year = {2012},
month = {October},
booktitle = {Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS'12)}
}

@Article{ETSniffer_TIFS12,
author = {Chao Yang and Yimin Song and Guofei Gu},
title = {Active User-side Evil Twin Access Point Detection Using Statistical Techniques},
journal = {IEEE Transactions on Information Forensics and Security},
year = {2012},
volume = {7},
number = {5},
month = {},
pages = {1638-1651},
}


@inproceedings{PoisonAmplifier_RAID12,
title = {{PoisonAmplifier}: A Guided Approach of Discovering Compromised Websites through Reversing Search Poisoning Attacks},
author = {Jialong Zhang and Chao Yang and Zhaoyan Xu and Guofei Gu},
year = {2012},
month = {September},
booktitle = {Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'12)}
}

@inproceedings{FortNOX_HotSDN12,
title = {A Security Enforcement Kernel for OpenFlow Networks},
author = {Phillip Porras and Seungwon Shin and Vinod Yegneswaran and Martin Fong and Mabry Tyson and Guofei Gu},
year = {2012},
month = {August},
booktitle = {Proceedings of ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN'12)}
}

@inproceedings{BinCarver_DFRWS12,
title = {{Bin-Carver}: Automatic Recovery of Binary Executable Files},
author = {Scott Hand and Zhiqiang Lin and Guofei Gu and Bhavani Thuraisingham},
year = {2012},
month = {August},
booktitle = {Proceedings of the 12th Annual Digital Forensics Research Conference (DFRWS'12)}
}

@inproceedings{Yang_WWW12_Ecosystem,
title = {Analyzing Spammers' Social Networks For Fun and Profit -- A Case Study of Cyber Criminal Ecosystem on Twitter},
author = {Chao Yang and Robert Harkreader and Jialong Zhang and Suengwon Shin and Guofei Gu},
year = {2012},
month = {April},
booktitle = {Proceedings of the 21st International World Wide Web Conference (WWW'12)}
}

@Article{Shin_TIFS12_Conficker,
author = {Seungwon Shin and Guofei Gu and Narasimha Reddy and Christopher Lee},
title = {A Large-Scale Empirical Study of Conficker},
journal = {IEEE Transactions on Information Forensics and Security},
year = {2012},
volume = {7},
number = {2},
month = {April},
pages = {676-690},
}


@Article{ShadowAttack_JiCV2012,
author = {Weiqin Ma and Pu Duan and Sanmin Liu and Guofei Gu and Jyh-Charn Liu},
title = {Shadow Attacks: Automatically Evading System-Call-Behavior based Malware Detection},
journal = {Springer Journal in Computer Virology},
year = {2012},
volume = {8},
number = {1-2},
month = {},
pages = {1-13},
}

@Article{Wang_TISSEC12_TaintScope,
author = {Tielei Wang and Tao Wei and Guofei Gu and Wei Zou},
title = {Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution},
journal = {ACM Transactions on Information and System Security (TISSEC)},
year = {2011},
volume = {14},
number = {2},
month = {September},
pages = {15:1-15:28},
}

@inproceedings{Shin_Infocom12_EFFORT,
title = {{EFFORT: Efficient and Effective Bot Malware Detection}},
author = {Seungwon Shin and Zhaoyan Xu and Guofei Gu},
year = {2012},
month = {March},
booktitle = {Proceedings of the 31th Annual IEEE Conference on Computer Communications (INFOCOM'12) Mini-Conference}
}

@inproceedings{Vikram_ACSAC11_SEMAGE,
title = {{SEMAGE: A New Image-based Two-Factor CAPTCHA}},
author = {Shardul Vikram and Yinan Fan and Guofei Gu},
year = {2011},
month = {December},
booktitle = {Proceedings of 2011 Annual Computer Security Applications Conference (ACSAC'11)}
}

@inproceedings{Yang_RAID11_TwitterML,
title = {Die Free or Live Hard? Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers},
author = {Chao Yang and Robert Harkreader and Guofei Gu},
year = {2011},
month = {September},
booktitle = {Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection ({RAID}'11))}
}

@inproceedings{Shin_RAID11_CrossAnalysis,
title = {Cross-Analysis of Botnet Victims: New Insights and Implications},
author = {Seungwon Shin and Raymond Lin and Guofei Gu},
year = {2011},
month = {September},
booktitle = {Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection ({RAID}'11))}
}

@inproceedings{Chen_ASIACCS11_WebPatrol,
title = {{WebPatrol}: Automated Collection and Replay of Web-based Malware Scenarios},
author = {Kevin Zhijie Chen and Guofei Gu and Jose Nazario and Xinhui Han and Jianwei Zhuge},
year = {2011},
month = {March},
booktitle = {Proceedings of the 2011 {ACM} Symposium on Information, Computer, and Communication Security ({ASIACCS}'11)}
}

@inproceedings{Zhang_ASIACCS11_Boosting,
title = {Boosting the Scalability of Botnet Detection Using Adaptive Traffic Sampling},
author = {Junjie Zhang and Xiapu Luo and Roberto Perdisci and Guofei Gu and Wenke Lee and Nick Feamster},
year = {2011},
month = {March},
booktitle = {Proceedings of the 2011 {ACM} Symposium on Information, Computer, and Communication Security ({ASIACCS}'11)}
}

@inproceedings{Shin_ACSAC10_Conficker,
title = {Conficker and Beyond: A Large-Scale Empirical Study},
author = {Seungwon Shin and Guofei Gu},
year = {2010},
month = {December},
booktitle = {Proceedings of 2010 Annual Computer Security Applications Conference (ACSAC'10)}
}

@inproceedings{Song_DSN10_ETSniffer,
title = {Who Is Peeping at Your Passwords at Starbucks? -- To Catch an Evil Twin Access Point},
author = {Yimin Song and Chao Yang and Guofei Gu},
year = {2010},
month = {June},
booktitle = {Proceedings of the 40th Annual IEEE/IFIP International Conference on Dependable Systems
and Networks (DSN'10)}
}

@inproceedings{Wang_Oakland10_TaintScope,
title = {TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection},
author = {Tielei Wang and Tao Wei and Guofei Gu and Wei Zou},
year = {2010},
month = {May},
booktitle = {Proceedings of the 31st IEEE Symposium on Security and Privacy (Oakland'10)}
}

@inproceedings{Gu_ACSAC09_botProber,
title = {Active Botnet Probing to Identify Obscure Command and Control Channels},
author = {Guofei Gu and Vinod Yegneswaran and Phillip Porras and Jennifer Stoll and Wenke Lee},
year = {2009},
month = {December},
booktitle = {Proceedings of 2009 Annual Computer Security Applications Conference (ACSAC'09)}
}

@inproceedings{Gu_Scurity08_BotMiner,
title = {{BotMiner}: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection},
author = {Guofei Gu and Roberto Perdisci and Junjie Zhang and Wenke Lee},
year = {2008},
booktitle = {Proceedings of the 17th USENIX Security Symposium (Security'08)}
}
@inproceedings{Gu_ASIACCS08_idsfusion,
title = {Principled Reasoning and Practical Applications of Alert Fusion in Intrusion Detection Systems},
author = {Guofei Gu and Alvaro A. Cardenas and Wenke Lee},
year = {2008},
month = {March},
booktitle = {Proceedings of the 2006 {ACM} Symposium on Information, Computer, and Communication Security ({ASIACCS}'08)}
}
@inproceedings{Gu_NDSS08_botsniffer,
title = {{BotSniffer}: Detecting Botnet Command and Control Channels in Network Traffic},
author = {Guofei Gu and Junjie Zhang and Wenke Lee},
year = {2008},
month = {February},
booktitle = {Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08)}
}
@inproceedings{Dagon_ACSAC07_botax,
title = {A Taxonomy of Botnet Structures},
author = {David Dagon and Guofei Gu and Chris Lee and Wenke Lee},
year = {2007},
month = {December},
booktitle = {Proceedings of the 23 Annual Computer Security Applications Conference (ACSAC'07)}
}
@inproceedings{Gu_Securecomm07_whitehole,
title = {Misleading and Defeating Importance-Scanning Malware Propagation},
author = {Guofei Gu and Zesheng Chen and Phillip Porras and Wenke Lee},
year = {2007},
month = {September},
booktitle = {Proceedings of the 3rd International Conference on Security and Privacy in Communication Networks (SecureComm'07)}
}
@inproceedings{Gu_Scurity07_BotHunter,
title = {{BotHunter}: Detecting Malware Infection Through IDS-Driven Dialog Correlation},
author = {Guofei Gu and Phillip Porras and Vinod Yegneswaran and Martin Fong and Wenke Lee},
year = {2007},
month = {August},
booktitle = {Proceedings of the 16th USENIX Security Symposium (Security'07)}
}
@inproceedings{Perdisci_ICDM06_HardenPAYL,
title = {Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems},
author = {Roberto Perdisci and Guofei Gu and Wenke Lee},
year = {2006},
month = {December},
booktitle = {Proceedings of the IEEE International Conference on Data Mining ({ICDM'06})}
}
@inproceedings{Gu_ESORICS06_Framework,
title = {Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems},
author = {Guofei Gu and Prahlad Fogla and David Dagon and Wenke Lee and Boris Skoric},
year = {2006},
month = {September},
booktitle = {Proceedings of the 11th European Symposium on Research in Computer Security ({ESORICS}'06)}
}
@inproceedings{Gu_ACNS06_DSO,
title = {{DSO: Dependable Signing Overlay}},
author = {Guofei Gu and Prahlad Fogla and Wenke Lee and Douglas Blough},
year = {2006},
month = {June},
booktitle = {Proceedings of the 2006 International Conference on Applied Cryptography and Network Security ({ACNS}'06)}
}
@inproceedings{Gu_ASIACCS06_CID,
title = {Measuring Intrusion Detection Capability: An Information-Theoretic Approach},
author = {Guofei Gu and Prahlad Fogla and David Dagon and Wenke Lee and Boris Skoric},
year = {2006},
month = {March},
booktitle = {Proceedings of the 2006 {ACM} Symposium on Information, Computer, and Communication Security ({ASIACCS}'06)}
}
@inproceedings{Shi_HPCA06_Infoshield,
title = {{InfoShield}: A Security Architecture for Protecting Information Usage in Memory},
author = {Weidong Shi and Hsien-Hsin Lee and Guofei Gu and Laura Falk and Trevor Mudge and Mrinmoy Ghosh},
year = {2006},
month = {March},
booktitle = {Proceedings of the 12th International Symposium on High-Performance Computer Architecture ({HPCA}'06)}
}
@inproceedings{Shi_ICAC05_Multiprocessor,
author = {Weidong Shi and Hsien-Hsin Lee and Guofei Gu and Laura Falk and Trevor Mudge and Mrinmoy
Ghosh},
title = {An Intrusion-Tolerant and Self-Recoverable Network Service System Using A Security Enhanced Chip Multiprocessor},
booktitle = {Proceedings of the Second International Conference on Automatic Computing ({ICAC}'05: )},
year = {2005},
isbn = {0-7965-2276-9},
pages = {263--273},
doi = {http://dx.doi.org/10.1109/ICAC.2005.8},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
}
@inproceedings{Gu_ACSAC04_worm,
author = {Guofei Gu and Monirul Sharif and Xinzhou Qin and David Dagon and Wenke Lee and George Riley},
title = {Worm Detection, Early Warning and Response Based on Local Victim Information},
booktitle = {Proceedings of the 20th Annual Computer Security Applications Conference ({ACSAC}'04)},
year = {2004},
isbn = {0-7695-2252-1},
pages = {136--145},
doi = {http://dx.doi.org/10.1109/CSAC.2004.51},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
}
@inproceedings{Dagon_RAID04_Honeystat,
title = {{HoneyStat}: Local Worm Detection Using Honeypots},
author = {David Dagon and Xinzhou Qin and Guofei Gu and Wenke Lee and Julian Grizzard and John Levine and Henry Owen},
year = {2004},
month = {September},
booktitle = {Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection ({RAID}'04)}
}
@inproceedings{Gu_ACNS03_PLI,
title = {{PLI: A New Framework to Protect Digital Content for P2P Networks}},
author = {Guofei Gu and Bin Zhu and Shipeng Li and Shiyong Zhang},
year = {2003},
month = {October},
booktitle = {Proceedings of the 2003 International Conference on Applied Cryptography and Network Security ({ACNS}'03)}
}