Guofei's Publications

Book Chapter

• David Dagon, Guofei Gu, and Chris Lee. "A Taxonomy of Botnet Structures." Invited book chapter for "Botnet Detection: Countering the Largest Security Threat," Springer-Verlag, 2007. (This is from our ACSAC'07 conference version)

Refereed Conference Publication

• Guofei Gu, Vinod Yegneswaran, Phillip Porras, Jennifer Stoll, and Wenke Lee. "Active Botnet Probing to Identify Obscure Command and Control Channels." To appear in Proceedings of 2009 Annual Computer Security Applications Conference (ACSAC'09), Honolulu, Hawaii, December 2009. [bib]
• Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. "BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection." To appear in Proceedings of the 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008. (Acceptance ratio 15.9%=27/170) [pdf] [bib]
• Guofei Gu, Alvaro A. Cardenas, and Wenke Lee. "Principled Reasoning and Practical Applications of Alert Fusion in Intrusion Detection Systems." In Proceedings of ACM Symposium on InformAction, Computer and Communications Security (ASIACCS'08), Tokyo, Japan, March 2008. (Acceptance ratio 17.6%=32/182) [pdf] [bib] [slides]
• Guofei Gu, Junjie Zhang, and Wenke Lee. "BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic." In Proceedings of the 15th  Annual Network and Distributed System Security Symposium (NDSS'08), San Diego, CA, February 2008. (Acceptance ratio 17.8%=21/118) [pdf] [bib] [slides]
• David Dagon, Guofei Gu, Chris Lee, and Wenke Lee. "A Taxonomy of Botnet Structures." In Proceedings of the 23 Annual Computer Security Applications Conference (ACSAC'07), Miami Beach, FL, December 2007. (Acceptance ratio 22%=42/191) [pdf] [bib]
• Guofei Gu, Zesheng Chen, Phillip Porras, and Wenke Lee. "Misleading and Defeating Importance-Scanning Malware Propagation." In Proceedings of the 3rd International Conference on Security and Privacy in Communication Networks (SecureComm'07), Nice, France, September 2007. (Acceptance ratio 26%=31/119) [pdf] [bib] [slides]
• Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee. "BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation." In Proceedings of the 16th USENIX Security Symposium (Security'07), Boston, MA, August 2007. (Acceptance ratio 12.3%=23/187) [pdf] [bib] [slides] [system]
  BotHunter free Internet release now available!
• Roberto Perdisci, Guofei Gu, and Wenke Lee. "Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems." In Proceedings of the IEEE International Conference on Data Mining (ICDM'06) (regular paper), Hong Kong, December 2006. (Acceptance ratio 9.4%=73(regular)/776) [pdf] [bib] [slides]
• Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems." In Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS'06), Hamburg, Germany, September 2006. (Acceptance ratio 20%=32/160) [pdf] [bib] [slides]
• Guofei Gu, Prahlad Fogla, Wenke Lee, and Douglas Blough. "DSO: Dependable Signing Overlay." In Proceedings of International Conference on Applied Cryptography and Network Security (ACNS'06 ), Singapore, June 2006.(Acceptance ratio 15%=33/218) [pdf] [bib] [slides]
• Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "Measuring Intrusion Detection Capability: An Information-Theoretic Approach." In Proceedings of ACM Symposium on InformAction, Computer and Communications Security (ASIACCS'06), Taipei, Taiwan, March 2006. (Acceptance ratio 17.7%=33/186) [pdf] [bib] [slides]
• Weidong Shi, Joshua B. Fryman, Guofei Gu, Hsien-Hsin S. Lee, Youtao Zhang, and Jun Yang. "InfoShield: A Security Architecture for Protecting Information Usage in Memory." In Proceedings of the 12th International Symposium on High-Performance Computer Architecture (HPCA'06), Austin, TX, February, 2006. (Acceptance ratio 14%=25/175) [pdf] [bib] [slides]
• Weidong Shi, Hsien-Hsin Lee, Guofei Gu, Laura Falk, Trevor Mudge, and Mrinmoy Ghosh. "Intrusion Tolerant and Self-Recoverable Network Service System Using Security Enhanced Chip-Multiprocessor." In Proceedings of the 2nd IEEE International Conference on Autonomic Computing (ICAC'05),  Seattle, Washington, June 13-16, 2005. (Acceptance ratio 16.7%=25/150) [pdf] [bib] [slides]
• Guofei Gu, Monirul Sharif, Xinzhou Qin, David Dagon, Wenke Lee, and George Riley. "Worm Detection, Early Warning and Response Based on Local Victim Information." In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), Tucson, Arizona, December 6-10, 2004. (Acceptance ratio 26%=35/134) [pdf] [bib] [slides]
• David Dagon, Xinzhou Qin, Guofei Gu,Wenke Lee, Julian Grizzard, John Levine, and Henry Owen. "HoneyStat: Local Worm Detection Using Honeypots." In Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID'04) , French Riviera, France. September 15-17, 2004. (Acceptance ratio 13.5%=16/118) [pdf] [bib]
• Guofei Gu, Bin Zhu, Shipeng Li, and Shiyong Zhang. "PLI: A New Framework to Protect Digital Content for P2P Networks." In Proceedings of International Conference on Applied Cryptography and Network Security (ACNS'03 ), Springer - LNCS 2846, October 16-19, 2003 (Acceptance ratio 16.8%=32/191) [pdf] [bib]

Workshop Publication

• Roberto Perdisci, Guofei Gu, and Wenke Lee. "Combining Multiple One-Class Classifiers for Hardening Payload-based Anomaly Detection Systems (extended abstract)." NIPS 2007 Workshop on Machine Learning in Adversarial Environments for Computer Security, Vancouver, B.C., Canada, December 2007.

 Technical Report

• Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric. "An Information-Theoretic Measure of Intrusion Detection Capability." Technical Report GIT-CC-05-10, College of Computing, Georgia Tech, 2005. [pdf]
• Xinzhou Qin, David Dagon, Guofei Gu, Wenke Lee, Mike Warfield, and Pete Allor. "Worm Detection Using Local Networks." Technical Report GIT-CC-04-04, College of Computing, Georgia Tech, Feb 2004. [pdf]