Louena L. Manluctao

East Early College High School

Houston Independent School District

Dr. Guofei Gu Assistant Professor Department of

Computer Science & Engineering

Director, SUCCESS LAB

TEXAS A & M University

EDUCATION

•Ph. D in Computer Science•Georgia Institute of Technology

•M.S. in Computer Science•Fudan University

•Network and system security such as Internet malware detection, defense, and analysis

• Intrusion detection, anomaly detection

• Network security

• Web and social networking security

Success Lab StudentsPhD 

Seungwon Shin Chao Yang Zhaoyan Xu Jialong Zhang

MS Robert Harkreader Shardul Vikram Vijayasenthil VC Lingfeng Chen

Alumni Yimin Song (MS, first employment: Juniper Networks)

Network & Web Security Botnet Analysis: Conficker Seungwon Shin and Guofei Gu.

"Conficker and Beyond: A Large-Scale Empirical Study." To appear in Proceedings of 2010 Annual Computer Security Applications Conference (ACSAC'10), Austin, Texasi, December 2010.

Network & Web Security Botnet Analysis: Conficker Seungwon Shin, Raymond Lin, Guofei Gu.

"Cross-Analysis of Botnet Victims: New Insights and Implications." To appear in Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011), Menlo Park, California, September 2011.

Wireless Security Rogue Access Point Detection Yimin Song, Chao Yang, Guofei Gu. "Who

Is Peeping at Your Passwords at Starbucks? -- To Catch an Evil Twin Access Point." In Proceedings of the 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'10), Chicago, IL, June 2010

Social Networking Website Security Twitter Spammer Accounts Detection Chao Yang, Robert Harkreader, Guofei Gu.

"Die Free or Live Hard? Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers." To appear in Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011), Menlo Park, California, September 2011.

Malware Analysis Analysis of binary code and source

code Dynamic Analysis Static Analysis

Reverse Engineering Protocol Semanticis

Intrusion and Detection System Enterprise Network Security Assist Us with computer terms

The art of secret writing Converts data into unintelligible

(random looking) form Must be reversible (recover original

datawithout loss or modification)

Plaintext: a message in its original form Ciphertext: a message in the transformed,

unrecognized form Encryption: the process that transforms a

plaintext into a ciphertext Decryption: the process that transforms a

ciphertext to the corresponding plaintext Key: the value used to control

encryption/decryption.

Command Prompt.lnk

To Solve Practical Security Problems Internet malware detection, defense, and

analysis Intrusion detection, anomaly detections Network security Web and social networking security

To help society and country from threat of national security

Help researchers identify the type of responses that are most effective against botnets

Design Goals assist the defenders in identifying possible types of botnets

describe key properties of botnet classes

•Estimate of overall utility. Measure the largest number of bots that can receive instructions and participate in an attack.

•Average amount of bandwidth that a bot can contribute, denoted by B.

•Network diameter is one means of expressing this efficiency.

•This is the average geodesic length of a network.

•Clustering coefficient measures the average degree of local transitivity.

•The transitivity measure index generally captures the robustness of a botnet

•Random graphs are created to avoid creating predictable flows.•In a random graph, each node is connected with equal probability to the other N-1 nodes. •The chance that a bot has a degree of k is the binomial distribution:

Acknowledgements

Texas A&M UniversityDr. Guofie Gu

Nuclear Power Institute

Texas Workforce Commission

National Science Foundation

Chevron

Wilber Rivas, Math Teacher, Del Rio High School

Chao Yang, Phd Student

Jialong Zhang, Phd Student