Releases

SUCCESS LAB RESEARCH TOOL/DATA RELEASE:

(Disclaimer: Use the prototype and data for academic purposes only and at your own risk.)

• Cerberus: an efficient and effective in-network security monitoring system built on top of programmable switches. Cerberus is able to support running multiple concurrent in-network monitoring tasks on a single P4 switch. The source code is available here.
  Citation:
  • Huancheng Zhou and Guofei Gu. “Cerberus: Enabling Efficient and Effective In-Network Monitoring on Programmable Switches.” In Proc. of the 45^th IEEE Symposium on Security and Privacy (S&P’24), May 2024.
• WIRE: Inspired by the FICO score system in traditional finance, we introduce WIRE (Web3 Integrated Reputation Engine), a new reputation engine designed to evaluate the trustworthiness of deployed DApps in the Web3 (blockchain/cryptocurrency) world. The source code is available here.
  Citation:
  • Suraj Shamsundar Jain, Huancheng Zhou and Guofei Gu. “WIRE: Web3 Integrated Reputation Engine.” In Proc. of the 44th International Conference on Distributed Computing Systems (ICDCS’24), Jersey City, New Jersey, USA, July 2024.
• SysFlow: The first programmable zero trust (ZT) framework for system security! SysFlow presents a novel system security development framework for programmable ZT security control of host system activities at runtime. It offers unprecedented and unified programmability for users to achieve their dynamic security needs. The source code is available here.
  Citation:
  • Sungmin Hong, Lei Xu, Jianwei Huang, Hongda Li, Hongxin Hu, Guofei Gu. “SysFlow: Towards a Programmable Zero Trust Framework for System Security.” In IEEE Transactions on Information Forensics and Security (TIFS), 2023. [pdf] [bib]

• Mew: A new P4-based memory-efficient and runtime adaptable link-flooding defense system! The source code is available here.
  Citation:
  • Huancheng Zhou, Sungmin Hong, Yangyang Liu, Xiapu Luo, Weichao Li, Guofei Gu. “Mew: Enabling Large-Scale and Dynamic Link-Flooding Defenses on Programmable Switches.” In Proc. of the 44^th IEEE Symposium on Security and Privacy (S&P’23), May 2023. [pdf] [bib]

• SWAPP: A new programmable platform (based on service worker) for web application security development. The source code is available here.
  Citation:
  • Phakpoom Chinprutthiwong, Jianwei Huang, Guofei Gu. “SWAPP: A New Programmable Playground for Web Application Security.” In Proc. of the 31st USENIX Security Symposium (Security’22), Boston, USA, August 2022.  [pdf] [bib]

• Lynx: A vulnerability analysis tool to detect Hidden Property Abusing (HPA) vulnerability (as described in our Security’21 paper) in the Node.js ecosystem. The source code is available here.
  Citation:
  • Feng Xiao, Jianwei Huang, Yichang Xiong, Guangliang, Hong Hu, Guofei Gu, Wenke Lee. “Abusing Hidden Properties to Attack the Node.js Ecosystem. ” In Proc. of the 30th USENIX Security Symposium (Security’21), Vancouver, Canada, August 11-13, 2021. [pdf] [bib]

• SW-Scanner: A novel tool to analyze websites for a new type of vulnerability, Service Worker based Cross-Site Scripting (SW-XSS). The source code is available here and more artifacts (code, VM) are available here.
  Citation:
  • Phakpoom Chinprutthiwong, Raj Vardhan, GuangLiang Yang, Guofei Gu. “Security Study of Service Worker Cross-Site Scripting. ” In Proc. of 2020 Annual Computer Security Applications Conference (ACSAC’20), USA, December 2020. (Acceptance rate 23%=70/302) [pdf] [bib] (Release info)

• SODA: SODA is a novel generic online detection framework for smart contracts on blockchains that support Ethereum virtual machine (EVM). We released the 8 detection apps and the source code of the framework here.
  Citation:
  • Ting Chen, Rong Cao, Ting Li, Xiapu Luo, Guofei Gu, Yufei Zhang, Zhou Liao, Hang Zhu, Gang Chen, Zheyuan He, Yuxing Tang, Xiaodong Lin, Xiaosong Zhang. “SODA: A Generic Online Detection Framework for Smart Contracts.” In Proc. of the Network and Distributed System Security Symposium (NDSS’20), San Diego, California, Feb. 2020. [pdf] [bib]

• SVHunter: A novel tool to pinpoints a wide range of sensitive methods in SDN controllers and create data dependencies to attack these methods. The source code is available here.
  Citation:
  • Feng Xiao, Jinquan Zhang, Jianwei Huang, Guofei Gu, Dinghao Wu, Peng Liu. “Unexpected Data Dependency Creation and Chaining: A New Attack to SDN.” In Proc. of the 41st IEEE Symposium on Security and Privacy (S&P’20), San Francisco, CA, May 2020. [pdf] [bib]

• LipFuzzer: A new linguistic knowledge assisted fuzzing approach to assess the security of emerging vApps (e.g., Amazon Alexa, Google Assistant). The source code is now available. Please check out the project page here.
  Citation:
  • Yangyong Zhang, Lei Xu, Abner Mendoza, Guangliang Yang, Phakpoom Chinprutthiwong, Guofei Gu. “Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications.” In Proc. of the Network and Distributed System Security Symposium (NDSS’19), San Diego, California, Feb. 2019.  [pdf] [bib]

• ForenGuard: A new forensics tool for fine-grained SDN network security forensics and diagnosis. A demo release is available now. Please check out the virtual machine image (5GB!) link1, link2, and a guide for demo here.
  Citations:
  • Haopei Wang, Guangliang Yang, Phakpoom Chinprutthiwong, Lei Xu, Yangyong Zhang, Guofei Gu. “Towards Fine-grained Network Security Forensics and Diagnosis in the SDN Era.” In Proc. of the 25th ACM Conference on Computer and Communications Security (CCS’18), Toronto, Canada, October 2018. [pdf] [bib]

• TopoGuard+: An extension to the original TopoGuard to prevent several new attacks mentioned in our DSN’18 paper. The source code is available here (or here).
• Citations:
  • Richard Skowyra, Lei Xu, Guofei Gu, Thomas Hobson, Veer Dedhia, James Landry, Hamed Okhravi. “Effective Topology Tampering Attacks and Defenses in Software-Defined Networks. ” In Proc. of the 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’18), Luxembourg, June 2018. (Acceptance rate: 28%=62/221) [pdf] [bib]

• SWGuard: A defense solution to effectively reduce the latency for legitimate hosts and applications under Control Plane Reflection Attacks. The source code is available here.
  Citation:
  • Menghao Zhang, Guanyu Li, Lei Xu, Jun Bi, Guofei Gu, Jiasong Bai. “Control Plane Reflection Attacks in SDNs: New Attacks and Countermeasures.” In Proc. of the 21st International Symposium on Research in Attacks, Intrusions and Defenses (RAID’18), Heraklion, Greece, September 2018. (Acceptance rate: 22.8%=33/145) [pdf] [bib]

• OSV-Free: We find a new type of security issues caused by hybrid postMessage in mobile hybrid apps, i.e., “Origin Stripping Vulnerability” (OSV). To mitigate OSV from the root, we design and implement three new postMessage APIs, called OSV-Free. Please check out the project page here.
  • Guangliang Yang, Jeff Huang, Guofei Gu, Abner Mendoza. “Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Applications.” In Proc. of the 39th IEEE Symposium on Security and Privacy (S&P’18), San Francisco, CA, May 2018. [pdf] [bib]

• FRESCO: An SDN application development framework for rapid network security service implementation. The source code and module/app store are available now. Please check out the project page here.
  Citations:
  • Seungwon Shin, Phil Porras, Vinod Yegneswaran, Martin Fong, Guofei Gu, and Mabry Tyson. “FRESCO: Modular Composable Security Services for Software-Defined Networks.” To appear in Proceedings of the 20th Annual Network & Distributed System Security Symposium (NDSS’13), San Diego, CA, USA. February 2013. [pdf] [bib]

• TopoGuard: A new security extension to SDN controllers (Floodlight as in our prototype implementation), which provides automatic and real-time detection of Network Topology Poisoning Attacks. The source code is available here (or here)
  Citations:
  • Sungmin Hong*, Lei Xu*, Haopei Wang, Guofei Gu. “Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures.” In Proc. of 22nd Annual Network & Distributed System Security Symposium (NDSS’15), San Diego, CA, USA. February 2015. (*co-first author) [pdf] [bib]

• FortNOX: Our improved and extended version of FortNOX (in HotSDN’12) for Floodlight OpenFlow Controller is now released (with the new name SE-Floodlight)! Together with SE-Floodlight, we also have two add-on security tools: SDN Security Actuator and OF-BotHunter. They are cool and try them out! This is a joint effort with SRI International. Please check out more information here!
  Citations:
  • Phillip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, and Guofei Gu. “A Security Enforcement Kernel for OpenFlow Networks.” To appear in Proc. of ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN’12), Helsinki, Finland. August 2012.[ pdf] [bib]

• Twitter spam dataset: A sample dataset of 1K malicious spammers and 10K normal users on Twitter (as described in our RAID’11 and WWW’12 paper). Due to several constraints (privacy/protection), we are not posting the dataset directly here. Please contact me to obtain the data for your research.
  Citations:
  • Chao Yang, Robert Harkreader, Jialong Zhang, Suengwon Shin, and Guofei Gu. “Analyzing Spammers’ Social Networks For Fun and Profit — A Case Study of Cyber Criminal Ecosystem on Twitter.” In Proceedings of the 21st International World Wide Web Conference (WWW’12), Lyon, France, April 2012. [pdf] [bib]
  • Chao Yang, Robert Harkreader, Guofei Gu. “Die Free or Live Hard? Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers.” In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID 2011), Menlo Park, California, September 2011. [pdf] [bib]

• Malicious social network graph structure: It contains the inner social relationships among 2,060 identified malicious spammer accounts (as described in our WWW’12 paper). It is available for downloading here. The description of the data format is in ReadMe.txt.
  Citation:
  • Chao Yang, Robert Harkreader, Jialong Zhang, Suengwon Shin, and Guofei Gu. “Analyzing Spammers’ Social Networks For Fun and Profit — A Case Study of Cyber Criminal Ecosystem on Twitter.” In Proceedings of the 21st International World Wide Web Conference (WWW’12), Lyon, France, April 2012. [pdf] [bib]

• BotHunter: New release of BotHunter! Now support Linux/Mac/Windows XP! A live-CD distribution also available!
  Citation:
  • Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee. “BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation.” In Proceedings of the 16th USENIX Security Symposium (Security’07), Boston, MA, August 2007. [pdf] [bib]

---

Prototype Academic License

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to a non-exclusive, nontransferable, perpetual license to the copy, modify and perform the Software for non-profit academic research purposes. Use of the Software is restricted to non-commercial research purposes.

The Software may be additionally covered by one or more domestic and international patents or pending patent applications. If you wish to use the Software for any other purpose, you are responsible to determine if a patent license is needed and obtain such a license.

The above copyright notice and this permission notice shall be included in all copies, modifications or substantial portions of the Software.

If utilization of the Software (or data) results in outcomes which will be published, you agree to cite the developers in the publication.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.