Profile at Google Scholar

Publications

  1. A11y Attacks: Exploiting Accessibility in Operating Systems.
    Yeongjin Jang, Chengyu Song, Simon P. Chung, Tielei Wang, and Wenke Lee.
    In Proceedings of The 21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014. (to appear)

  2. Your Online Interests - Pwned! A Pollution Attack Against Targeted Advertising.
    Wei Meng, Xinyu Xing, Anmol Sheth, Udi Weinsberg, and Wenke Lee.
    In Proceedings of The 21st ACM Conference on Computer and Communications Security (CCS), Scottsdale, Arizona, November 2014. (to appear)

  3. Mimesis Aegis: A Mimicry Privacy Shield - A System's Approach to Data Privacy on Public Cloud.
    Billy Lau, Pak Ho Chung, Chengyu Song, Yeongjin Jang, Wenke Lee, and Alexandra Boldyreva.
    In Proceedings of The 23rd USENIX Security Symposium. San Diego, CA. August 2014.

  4. On the Feasibility of Large-Scale Infections of iOS Devices.
    Tielei Wang, Yeongjin Jang, Yizheng Chen, Pak Ho Chung, Billy Lau, and Wenke Lee.
    In Proceedings of The 23rd USENIX Security Symposium. San Diego, CA. August 2014.

  5. Diagnosis and Emergency Patch Generation for Integer Overflow Exploits.
    Tielei Wang, Chengyu Song, and Wenke Lee.
    In Proceedings of The 11th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2014), Egham, UK, July 2014.

  6. DNS Noise: Measuring the Pervasiveness of Disposable Domains in Modern DNS Traffic.
    Yizheng Chen, Manos Antonakakis, Roberto Perdisci, Yacin Nadji, David Dagon, and Wenke Lee.
    In Proceedings of The 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2014), Atlanta, GA, June 2014.

  7. From Zygote to Morula: Fortifying Weakened ASLR on Android.
    Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, and Wenke Lee.
    In Proceedings of The 2014 IEEE Symposium on Security and Privacy, San Jose, CA, May 2014.

  8. Exposing Inconsistent Web Search Results with Bobble.
    Xinyu Xing, Wei Meng, Dan Doozan, Nick Feamster, Wenke Lee, and Alex C. Snoeren.
    In Proceedings of The 2014 Passive and Active Measurement (PAM) Conference, Los Angeles, CA, March 2014.

  9. Gyrus: A Framework for User-Intent Monitoring of Text-Based Networked Applications.
    Yeongjin Jang, Simon P. Chung, Bryan D. Payne, and Wenke Lee.
    In Proceedings of The 21st Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.

  10. Building a Scalable System for Stealthy P2P-Botnet Detection.
    Junjie Zhang, Roberto Perdisci, Wenke Lee, Unum Sarfraz, and Xiapu Luo.
    IEEE Transactions on Information Forensics and Security, 9(1), January 2014.

  11. Beheading Hydras: Performing Effective Botnet Takedowns.
    Yacin Nadji, Manos Antonakakis, Roberto Perdisci, and Wenke Lee.
    In Proceedings of The 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013.

  12. Tappan Zee (North) Bridge: Mining Memory Accesses for Introspection.
    Brendan Dolan-Gavitt, Tim Leek, Josh Hodosh, and Wenke Lee.
    In Proceedings of The 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013.

  13. Connected Colors: Unveiling the Structure of Criminal Networks.
    Yacin Nadji, Manos Antonakakis, Roberto Perdisci, and Wenke Lee.
    In Proceedings of The 16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), St. Lucia, October 2013.

  14. Take This Personally: Pollution Attacks on Personalized Services.
    Xinyu Xing, Wei Meng, Dan Doozan, Alex Snoeren, Nick Feamster, and Wenke Lee.
    In Proceedings of The 22nd USENIX Security Symposium. Washington DC. August 2013.

  15. Jekyll on iOS: When Benign Apps Become Evil.
    Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee.
    In Proceedings of The 22nd USENIX Security Symposium. Washington DC. August 2013.

  16. Intention and Origination: An Inside Look at Large-Scale Bot Queries.
    Junjie Zhang, Yinglian Xie, Fang Yu, David Soukal, and Wenke Lee.
    In Proceedings of The 20th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2013.

  17. The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers.
    Charles Lever, Manos Antonakakis, Bradley Reaves, Patrick Traynor and Wenke Lee.
    In Proceedings of The 20th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2013.

  18. CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities.
    Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, and Guofei Jiang.
    In Proceedings of The 19th ACM Conference on Computer and Communications Security (CCS), Raleigh, NC. October 2012.

  19. Secure and Robust Monitoring of Virtual Machines through Guest-Assisted Introspection.
    Martim Carbone, Matthew Conover, Bruce Montague, and Wenke Lee.
    In Proceedings of The 15th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID). Amsterdam, The Netherlands. September, 2012.

  20. From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware.
    Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou, Saeed Abu-Nimeh, Wenke Lee, and David Dagon.
    In Proceedings of The 21st USENIX Security Symposium. Bellevue, WA. August 2012.

  21. Practical End-to-End Web Content Integrity.
    Kapil Singh, Helen Wang, Alexander Moshchuk, Collin Jackson, and Wenke Lee.
    In Proceedings of The 21st International World Wide Web Conference (WWW), Lyon, France, April 2012.

  22. Exposing Invisible Timing-Based Traffic Watermarks with BACKLIT.
    Xiapu Luo, Peng Zhou, Junjie Zhang, Roberto Perdisci, Wenke Lee, and Rocky K.C. Chang.
    In Proceedings of The 27th Annual Computer Security Applications Conference (ACSAC 2011), Orlando, FL, December 2011.

  23. Understanding the Prevalence and Use of Alternative Plans in Malware with Network Games.
    Yacin Nadji, Manos Antonakakis, Roberto Perdisci, and Wenke Lee.
    In Proceedings of The 27th Annual Computer Security Applications Conference (ACSAC 2011), Orlando, FL, December 2011.

  24. SURF: Detecting and Measuring Search Poisoning.
    Long Lu, Roberto Perdisci, and Wenke Lee.
    In Proceedings of The 18th ACM Conference on Computer and Communications Security (CCS). Chicago, IL, October 2011.

  25. Detecting Malware Domains at the Upper DNS Hierarchy.
    Manos Antonakakis, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou II, and David Dagon.
    In Proceedings of The 20th USENIX Security Symposium. San Francisco, August 2011.

  26. A Combinatorial Approach to Network Covert Communications with Applications in Web Leaks.
    Xiapu Luo, Peng Zhou, Edmond W. W. Chan, Rocky K. C. Chang, and Wenke Lee.
    In Proceedings of The 41st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). Hong Kong, China, June 2011.

  27. Detecting Stealthy P2P Botnets Using Statistical Traffic Fingerprints.
    Junjie Zhang, Roberto Perdisci, Wenke Lee, Unum Sarfraz, and Xiapu Luo.
    In Proceedings of The 41st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). Hong Kong, China, June 2011.

  28. Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection.
    Brendan Dolan-Gavitt, Tim Leek, Michael Zhivich, Jonathon Giffin, and Wenke Lee.
    In Proceedings of The 2011 IEEE Symposium on Security and Privacy. Oakland, CA, May 2011.

  29. ARROW: Generating Signatures to Detect Drive-By Downloads.
    Junjie Zhang, Jay Stokes, Christian Seifert, and Wenke Lee.
    In Proceedings of The 20th International World Wide Web Conference (WWW), Hyderabad, India, March 2011.

  30. Boosting the Scalability of Botnet Detection Using Adaptive Traffic Sampling.
    Junjie Zhang, Xiapu Luo, Roberto Perdisci, Guofei Gu, Wenke Lee, and Nick Feamster.
    In Proceedings of The 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Hong Kong, March 2011.

  31. HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows.
    Xiapu Luo, Peng Zhou, Edmond W.W. Chan, Wenke Lee, Rocky K. C. Chang, and Roberto Perdisci.
    In Proceedings of The 18th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2011.

  32. Control of Low-Rate Denial-of-Service Attacks on Web Servers and TCP Flows.
    Qing Hui, Xiapu Luo, and Wenke Lee.
    In Proceedings of The 49th IEEE Conference on Decision and Control (CDC), Atlanta, GA, December 2010.

  33. On the Secrecy of Spread-Spectrum Flow Watermarks.
    Xiapu Luo, Junjie Zhang, Roberto Perdisci, and Wenke Lee.
    In Proceedings of The 15th European Symposium on Research in Computer Security (ESORICS), Athens, Greece, September 2010.

  34. A Centralized Monitoring Infrastructure for Improving DNS Security.
    Manos Antonakakis, David Dagon, Xiapu Luo, Roberto Perdisci, and Wenke Lee.
    In Proceedings of The 13th International Symposium on Recent Advances in Intrusion Detection (RAID), Ottawa, Ontario, Canada, September 2010.

  35. BLADE: An Attack-Agnostic Approach for Preventing Drive-By Malware Infections.
    Long Lu, Vinod Yegneswaran, Phil Porras, and Wenke Lee.
    In Proceedings of The 17th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2010.

  36. Building a Dynamic Reputation System for DNS.
    Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee, and Nick Feamster.
    In Proceedings of The 19th USENIX Security Symposium, Washington, DC, August 2010.

  37. Evaluating Bluetooth as a Medium for Botnet Command and Control.
    Kapil Singh, Samrit Sangal, Nehil Jain, Patrick Traynor, and Wenke Lee.
    In Proceedings of The 7th Conference on Detection of Intrusions and Malware Vulnerability Assessment (DIMVA), Bonn, Germany, July 2010.

  38. On the Incoherencies in Web Browser Access Control Policies.
    Kapil Singh, Alexander Moshchuk, Helen J. Wang, and Wenke Lee.
    In Proceedings of The 2010 IEEE Symposium on Security and Privacy, Oakland, CA, May 2010.

  39. Behavioral Clustering of HTTP-based Malware and Signature Generation using Malicious Network Traces.
    Roberto Perdisci, Wenke Lee, and Nick Feamster.
    In Proceedings of The 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI), San Jose, CA, April 2010.

  40. Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces.
    Roberto Perdisci, Igino Corona, David Dagon, and Wenke Lee.
    In Proceedings of The 25th Annual Computer Security Applications Conference (ACSAC 2009), Honolulu, HI, December 2009.

  41. Active Botnet Probing to Identify Obscure Command and Control Channels.
    Guofei Gu, Vinod Yegneswaran, Phillip Porras, Jennifer Stoll, and Wenke Lee.
    In Proceedings of The 25th Annual Computer Security Applications Conference (ACSAC 2009), Honolulu, HI, December 2009.

  42. Secure In-VM Monitoring Using Hardware Virtualization.
    Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi.
    In Proceedings of The 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, November, 2009.

  43. Mapping Kernel Objects to Enable Systematic Integrity Checking.
    Martim Carbone, Weidong Cui, Long Lu, Wenke Lee, Marcus Peinado, and Xuxian Jiang.
    In Proceedings of The 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, November, 2009.

  44. xBook: Redesigning Privacy Control in Social Networking Platforms.
    Kapil Singh, Sumeer Bhola, and Wenke Lee.
    In Proceedings of The 18th USENIX Security Symposium, Montreal, Canada, August, 2009.

  45. WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks.
    Roberto Perdisci, Manos Antonakakis, Xiapu Luo, and Wenke Lee.
    In Proceedings of The 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2009), Lisbon, Portugal, June 2009.

  46. Automatic Reverse Engineering of Malware Emulators.
    Monirul Sharif, Andrea Lanzi, Jon Giffin, and Wenke Lee.
    In Proceedings of The 2009 IEEE Symposium on Security and Privacy, Oakland, CA, May 2009. (Best Student Paper Award)

  47. McPAD: A Multiple Classifier System for Accurate Payload-Based Anomaly Detection.
    Roberto Perdisci, Davide Ariu, Prahlad Fogla, Giorgio Giacinto, and Wenke Lee.
    In Computer Networks, 53(6), 2009.

  48. Dynamic Trust Management.
    Matt Blaze, Sampath Kannan, Insup Lee, Oleg Sokolsky, Jonathan Smith, Angelos Keromytis, and Wenke Lee.
    In IEEE Computer, February 2009.

  49. K-Tracer: A System for Extracting Kernel Malware Behavior.
    Andrea Lanzi, Monirul Sharif, and Wenke Lee.
    In Proceedings of The 16th Annual Network and Distributed System Security Symposium (NDSS 2009), San Diego, CA, February 2009.

  50. Recursive DNS Architectures and Vulnerability Implications.
    David Dagon, Manos Antonakakis, Kevin Day, Xiapu Luo, Christopher P. Lee, and Wenke Lee.
    In Proceedings of The 16th Annual Network and Distributed System Security Symposium (NDSS 2009), San Diego, CA, February 2009.

  51. McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables.
    Roberto Perdisci, Andrea Lanzi, and Wenke Lee.
    In Proceedings of The 24th Annual Computer Security Applications Conference (ACSAC 2008), Anaheim, CA, December 2008.

  52. Classification of Packed Executables for Accurate Computer Virus Detection.
    Roberto Perdisci, Andrea Lanzi, and Wenke Lee.
    In Pattern Recognition Letters, 29(14), October 2008.

  53. Ether: Malware Analysis via Hardware Virtualization Extensions.
    Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee.
    In Proceedings of The 15th ACM Conference on Computer and Communications Security (CCS 2008), Alexandria, VA, October 2008.

  54. Increased DNS Forgery Resistance Through 0x20-Bit Encoding.
    David Dagon, Manos Antonakakis, Paul Vixie, Tatuya Jinmei, and Wenke Lee.
    In Proceedings of The 15th ACM Conference on Computer and Communications Security (CCS 2008), Alexandria, VA, October 2008.

  55. Eureka: A Framework for Enabling Static Malware Analysis.
    Monirul Sharif, Vinod Yegneswaran, Hassen Saidi, Phillip Porras, and Wenke Lee.
    In Proceedings of The 13th European Symposium on Research in Computer Security (ESORICS), Malaga, Spain, October 2008.

  56. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection.
    Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee.
    In Proceedings of The 17th USENIX Security Symposium (Security'08), San Jose, CA, July 2008.

  57. Evaluating Email's Feasibility for Botnet Command and Control.
    Kapil Singh, Abhinav Srivastava, Jon Giffin, and Wenke Lee.
    In Proceedings of The 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2008), Anchorage, Alaska, June 2008.

  58. Lares: An Architecture for Secure Active Monitoring Using Virtualization.
    Bryan D. Payne, Martim Carbone, Monirul Sharif, and Wenke Lee.
    In Proceedings of The 2008 IEEE Symposium on Security and Privacy, Oakland, CA, May 2008.

  59. Principled Reasoning and Practical Applications of Alert Fusion in Intrusion Detection Systems.
    Guofei Gu, Alvaro A. Cardenas, and Wenke Lee.
    In Proceedings of The ACM Symposium on InformAction, Computer and Communications Security (ASIACCS'08), Tokyo, Japan, March 2008.

  60. Taming Virtualization.
    Martim Carbone, Diego Zamboni, and Wenke Lee.
    In IEEE Security & Privacy, 6(1), January/February 2008.

  61. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority.
    David Dagon, Niels Provos, Chris Lee, and Wenke Lee.
    In Proceedings of The 15th Annual Network and Distributed System Security Symposium (NDSS 2008), San Diego, CA, February 2008.

  62. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic.
    Guofei Gu, Junjie Zhang, and Wenke Lee.
    In Proceedings of The 15th Annual Network and Distributed System Security Symposium (NDSS 2008), San Diego, CA, February 2008.

  63. Impeding Malware Analysis using Conditional Code Obfuscation.
    Monirul Sharif, Andrea Lanzi, Jonathon Giffin, and Wenke Lee.
    In Proceedings of The 15th Annual Network and Distributed System Security Symposium (NDSS 2008), San Diego, CA, February 2008.

  64. Secure and Flexible Monitoring of Virtual Machines.
    Bryan D. Payne and Martim Carbone and Wenke Lee.
    In Proceedings of The 23rd Annual Computer Security Applications Conference (ACSAC 2007), Miami Beach, FL, December 2007.
  65. A Taxonomy of Botnet Structures.
    David Dagon, Guofei Gu, Chris Lee and Wenke Lee.
    In Proceedings of The 23rd Annual Computer Security Applications Conference (ACSAC 2007), Miami Beach, FL, December 2007.
  66. Misleading and Defeating Importance-Scanning Malware Propagation.
    Guofei Gu, Zesheng Chen, Phillip Porras and Wenke Lee.
    In Proceedings of The 3rd International Conference on Security and Privacy in Communication Networks (SecureComm'07), Nice, France, September 2007.
  67. An Assessment of VoIP Covert Channel Threats.
    Takehiro Takahashi and Wenke Lee.
    In Proceedings of The 3rd International Conference on Security and Privacy in Communication Networks (SecureComm'07), Nice, France, September 2007.
  68. Understanding Precision in Host Based Intrusion Detection: Formal Analysis and Practical Models.
    Monirul Sharif, Kapil Singh, Jonathon Giffin and Wenke Lee.
    In Proceedings of The 10th International Symposium on Recent Advances in Intrusion Detection (RAID), Surfers Paradise, Australia, September 2007.
  69. BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation.
    Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, Wenke Lee.
    In Proceedings of The 16th USENIX Security Symposium (Security'07), Boston, MA, August 2007.
  70. A Layered Approach to Simplified Access Control in Virtualized Systems.
    Bryan D. Payne, Reiner Sailer, Ramon Caceres, Ronald Perez, and Wenke Lee
    In ACM SIGOPS Operating Systems Review, 4(2), July 2007.
  71. Intrusion-Resilient Key Exchange in the Bounded Retrieval Model.
    David Cash, Yan Zong Ding, Yevgeniy Dodis, Wenke Lee, Richard Lipton, and Shabsi Walfish.
    In Proceedings of The Fourth IACR Theory of Cryptography Conference (TCC 2007), Amsterdam, The Netherlands, February 2007.
  72. Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems.
    Roberto Perdisci, Guofei Gu, and Wenke Lee.
    In Proceedings of The 2006 IEEE International Conference on Data Mining (ICDM '06) , Hong Kong, China, December 2006.
  73. PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware.
    Paul Royal, Mitch Halpin, David Dagon, Robert Edmonds, and Wenke Lee.
    In Proceedings of The 22nd Annual Computer Security Applications Conference (ACSAC 2006), Miami Beach, FL, December 2006.
  74. Evading Network Anomaly Detection Systems: Formal Reasoning and Practical Techniques.
    Prahlad Fogla and Wenke Lee.
    In Proceedings of The 13th ACM Conference on Computer and Communications Security (CCS 2006) , Alexandria, VA, October 2006.
  75. Towards an Information-Theoretic Framework for Analyzing Intrusion Detection Systems.
    Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric.
    In Proceedings of The 11th European Symposium Research Computer Security (ESORICS 2006) , Hamburg, Germany, September 2006.
  76. Polymorphic Blending Attacks.
    Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov, and Wenke Lee.
    In Proceedings of The 15th USENIX Security Symposium (SECURITY '06) , Vancouver, B.C., Canada, August 2006.
  77. Using Labeling to Prevent Cross-Service Attacks Against Smart Phones.
    Collin Mulliner, Giovanni Vigna, David Dagon, and Wenke Lee.
    In Proceedings of The 3rd Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA 2006), Berlin, Germany, July 2006.
  78. Agent-Based Cooperative Anomaly Detection for Wireless Ad Hoc Networks.
    Hongmei Deng, Roger Xu, Jason H. Li, Frank Zhang, Renato Levy, and Wenke Lee.
    In Proceedings of The 12th International Conference on Parallel and Distributed Systems (ICPADS 2006), Minneapolis, Minnesota, July 2006.
  79. DSO: Dependable Signing Overlay.
    Guofei Gu, Prahlad Fogla, Wenke Lee, and Douglas Blough.
    In Proceedings of The 4th International Conference on Applied Cryptography and Network Security (ACNS '06), Singapore, June 2006.
  80. Misleading Worm Signature Generators Using Deliberate Noise Injection (full paper).
    Roberto Perdisci, David Dagon, Wenke Lee, Prahlad Fogla, and Monirul Sharif.
    In Proceedings of The 2006 IEEE Symposium on Security and Privacy, Oakland, CA, May 2006.
  81. q-Gram Matching Using Tree Models
    Prahlad Fogla and Wenke Lee
    IEEE Transactions on Knowledge and Data Engineering, 18(4), April 2006.
  82. Measuring Intrusion Detection Capability: An Information-Theoretic Approach.
    Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, and Boris Skoric.
    In Proceedings of ACM Symposium on InformAction, Computer and Communications Security (ASIACCS '06), Taipei, Taiwan, March 2006.
  83. Modeling Botnet Propagation Using Time Zones.
    David Dagon, Cliff Zou, and Wenke Lee.
    In Proceedings of The 13th Annual Network and Distributed System Security Symposium (NDSS 2006), San Diego, CA, February 2006.
  84. Anomalous Path Detection with Hardware Support.
    Tao Zhang, Xiaotong Zhuang, Santosh Pande, and Wenke Lee.
    In Proceedings of The 2005 International Conference on Compilers, Architecture, and Synthesis for Embedded Systems (CASES 2005), San Francisco, CA, September 2005.
  85. An Extensible Environment for Evaluating Secure MANET.
    Yongguang Zhang, Yi-an Huang, and Wenke Lee.
    In Proceedings of The 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm 2005), Athens, Greece, September 2005.
  86. Hotspot-Based Traceback for Mobile Ad Hoc Networks.
    Yi-an Huang and Wenke Lee.
    In Proceedings of The ACM Workshop on Wireless Security (WiSe 2005), Cologne, Germany, September 2005.
  87. Environment-Sensitive Intrusion Detection.
    Jonathon T. Giffin, David Dagon, Somesh Jha, Wenke Lee, and Barton P. Miller.
    In Proceedings of The 8th International Symposium on Recent Advances in Intrusion Detection (RAID 2005), Seattle, WA, September 2005.
  88. Comparative Study between Analytical Models and Packet-Level Worm Simulations.
    Monirul Sharif, George Riley, and Wenke Lee.
    In Proceedings of The 19th Workshop on Parallel and Distributed Simulation (PADS 2005), Monterey, CA, June 2005.
  89. Protecting Secret Data from Insider Attacks.
    David Dagon, Wenke Lee, and Richard Lipton.
    In Proceedings of Ninth International Conference on Financial Cryptography and Data Security, Roseau, Dominica, Feb. 2005.
  90. Worm Detection, Early Warning, and Response Based on Local Victim Information.
    Guofei Gu, David Dagon, Xinzhou Qin, Monirul I. Sharif, Wenke Lee, and George F. Riley.
    In Proceedings of The 20th Annual Computer Security Applications Conference (ACSAC 2004), Tucson, Arizona, December 2004.

  91. Attack Plan Recognition and Prediction Using Causal Networks.
    Xinzhou Qin and Wenke Lee.
    In Proceedings of The 20th Annual Computer Security Applications Conference (ACSAC 2004), Tucson, Arizona, December 2004.

  92. On the Statistical Distribution of Processing Times in Network Intrusion Detection.
    Joao B.D. Cabrera, Jaykumar Gosar, Wenke Lee, and Raman K. Mehra.
    In Proceedings of The 43rd IEEE Conference on Decision and Control (CDC 2004), Bahamas, December 2004.

  93. Simulating Internet Worms.
    George F. Riley, Monirul I. Sharif, and Wenke Lee.
    In Proceedings of The 12th Annual Meeting of the IEEE/ACM International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS), Volendam, The Netherlands, October 2004

  94. Attack Analysis and Detection for Ad Hoc Routing Protocols.
    Yian Huang and Wenke Lee.
    In Proceedings of The 7th International Symposium on Recent Advances in Intrusion Detection (RAID 2004), Sophia Antipolis, France, September 2004.
  95. Security in Mobile Ad-Hoc Networks
    Yongguang Zhang and Wenke Lee
    Ad Hoc Networks: Technologies and Protocols. P. Mohapatra and S. Krishnamurthy (eds), Springer, 2004.
  96. HoneyStat: Local Worm Detection Using Honeypots.
    David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, Julian Grizzard, John Levin, and Henry Owen.
    In Proceedings of The 7th International Symposium on Recent Advances in Intrusion Detection (RAID 2004), Sophia Antipolis, France, September 2004.
  97. Using Artificial Anomalies to Detect Unknown and Known Network Intrusions
    Wei Fan, Matt Miller, Sal Stolfo, Wenke Lee, and Phil Chan
    Knowledge and Information Systems, Springer, 6(5), September 2004.
  98. Discovering Novel Attack Strategies from INFOSEC Alerts.
    Xinzhou Qin and Wenke Lee.
    In Proceedings of The 9th European Symposium on Research in Computer Security (ESORICS 2004) , Sophia Antipolis, France, September 2004.
  99. Formalizing Sensitivity in Static Analysis for Intrusion Detection.
    Henry H. Feng, Jonathon T. Giffin, Yong Huang, Somesh Jha, Wenke Lee, and Barton P. Miller
    In Proceedings of The 2004 IEEE Symposium on Security and Privacy, Oakland, CA, May 2004.
  100. A Hardware Platform for Network Intrusion Detection and Prevention.
    Chris Clark, Wenke Lee, David Schimmel, Didier Contis, Mohamed Kone, and Ashley Thomas
    In Proceedings of The 3rd Workshop on Network Processors and Applications (NP3), Madrid, Spain, February 2004.
  101. A Cooperative Intrusion Detection System for Ad Hoc Networks.
    Yian Huang and Wenke Lee
    In Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '03), Fairfax VA, October 2003.
  102. Intrusion Detection Techniques for Mobile Wireless Networks
    Yongguang Zhang, Wenke Lee, and Yian Huang
    ACM/Kluwer Wireless Networks Journal (ACM WINET), 9(5), September 2003.
  103. Statistical Causality Analysis of INFOSEC Alert Data.
    Xinzhou Qin and Wenke Lee
    In Proceedings of The 6th International Symposium on Recent Advances in Intrusion Detection (RAID 2003), Pittsburgh, PA, September 2003.
  104. Anomaly Detection Using Call Stack Information.
    Henry H. Feng, Oleg Kolesnikov, Prahlad Fogla, Wenke Lee, and Weibo Gong
    In Proceedings of The 2003 IEEE Symposium on Security and Privacy, Oakland, CA, May 2003.
  105. Cross-Feature Analysis for Detecting Ad-Hoc Routing Anomalies.
    Yi-an Huang, Wei Fan, Wenke Lee, and Philip S. Yu
    In Proceedings of The 23rd International Conference on Distributed Computing Systems (ICDCS), Providence, RI, May 2003.
  106. Applying Data Mining to Intrusion Detection: The Quest for Automation, Efficiency, and Credibility.
    Wenke Lee
    In SIGKDD Explorations, 4(2), December 2002.
  107. Performance Adaptation in Real-Time Intrusion Detection Systems.
    Wenke Lee, Joao B. D. Cabrera, Ashley Thomas, Niranjan Balwalli, Sunmeet Saluja, and Yi Zhang
    In Proceedings of The 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), Zurich, Switzerland, October 2002.
  108. Proactive Intrusion Detection and Distributed Denial of Service Attacks - A Case Study in Security Management
    Joao B. D. Cabrera, Lundy Lewis, Xinzhou Qin, Wenke Lee, and Raman K. Mehra
    Journal of Network and Systems Management, 10(2), June 2002.
  109. Algorithms for Mining System Audit Data
    Wenke Lee, Sal Stolfo, and Kui Mok
    Data Mining, Rough Sets, and Granular Computing, T. Y. Lin, Y. Y. Yao, and L. A. Zadeh (eds), Physica-Verlag, 2002
  110. Proactive Intrusion Detection - A Study on Temporal Data Mining
    Joao B.D. Cabrera, Lundy Lewis, Xinzhou Qin, Wenke Lee, Raman K. Mehra
    Applications of Data Mining in Computer Security. D. Barbara and S. Jajodia (eds), Kluwer Academic Publishers, May 2002
  111. Using MIB II Variables for Network Intrusion Detection
    Xinzhou Qin, Wenke Lee, Lundy Lewis, Joao B. Cabrera
    Applications of Data Mining in Computer Security. D. Barbara and S. Jajodia (eds), Kluwer Academic Publishers, May 2002.
  112. Integrating Intrusion Detection and Network Management.
    Xinzhou Qin, Wenke Lee, Lundy Lewis, and Joao B. D. Cabrera
    In Proceedings of The IEEE/IFIP Network Operations and Management Symposium (NOMS 2002), Florence, Italy, May 2002.
  113. Toward Cost-Sensitive Modeling for Intrusion Detection and Response
    Wenke Lee, Wei Fan, Matt Miller, Sal Stolfo, and Erez Zadok
    Journal of Computer Security, 10(1,2), 2002.
  114. Mining System Audit Data: Opportunities and Challenges.
    Wenke Lee and Wei Fan
    In SIGMOD Record, 30(4), December 2001.
  115. Using Artificial Anomalies to Detect Unknown and Known Network Intrusions.
    Wei Fan, Matt Miller, Sal Stolfo, Wenke Lee, and Phil Chan
    In Proceedings of The First IEEE International Conference on Data Mining, San Jose, CA, November 2001.
  116. Using MIB II Variables for Network Anomaly Detection - A Feasibility Study.
    Xinzhou Qin, Wenke Lee, Lundy Lewis, and Joao B. D. Cabrera.
    ACM Workshop on Data Mining for Security Applications, Philadelphia, PA, November 2001.
  117. Heterogeneous Networking: A New Survivability Paradigm.
    Yongguang Zhang, Harrick Vin, Lorenzo Alvisi, Wenke Lee, and Son K. Dao
    In Proceedings of The 2001 New Security Paradigms Workshop (NSPW), Cloudcroft, New Mexico, September 2001.
  118. Real Time Data Mining-based Intrusion Detection.
    Wenke Lee, Sal Stolfo, Phil Chan, Eleazar Eskin, Wei Fan, Matt Miller, Shlomo Hershkop, and Junxin Zhang
    In Proceedings of The 2001 DARPA Information Survivability Conference and Exposition (DISCEX II) (selected for presentation), Anaheim, CA, June 2001.
  119. Information-Theoretic Measures for Anomaly Detection
    Wenke Lee and Dong Xiang
    In Proceedings of The 2001 IEEE Symposium on Security and Privacy, Oakland, CA, May 2001.
  120. Proactive Detection of Distributed Denial of Service Attacks Using MIB Traffic Variables - A Feasibility Study
    J. B. D. Cabrera, L. Lewis, X. Qin, Wenke Lee, Ravi Prasanth, B. Ravichandran, and Raman Mehra
    In Proceedings of The Seventh IFIP/IEEE International Symposium on Integrated Network Management (IM 2001), Seattle, WA, May 2001.
  121. Adaptive Intrusion Detection: a Data Mining Approach
    Wenke Lee, Sal Stolfo, and Kui Mok
    Artificial Intelligence Review, Kluwer Academic Publishers, 14(6):533-567 (December 2000).
  122. A Framework for Constructing Features and Models for Intrusion Detection Systems
    Wenke Lee and Sal Stolfo
    ACM Transactions on Information and System Security, 3(4), November 2000.
  123. Toward Cost-Sensitive Modeling for Intrusion Detection and Response
    Wenke Lee, Wei Fan, Matt Miller, Sal Stolfo, and Erez Zadok
    ACM Workshop on Intrusion Detection Systems , Athens, Greece, November 2000
  124. A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions
    Wenke Lee, Rahul Nimbalkar, Kam Yee, Sunil Patil, Pragnesh Desai, Thuan Tran, and Sal Stolfo
    In Proceedings of The Third International Workshop on Recent Advances in Intrusion Detection (RAID 2000), Lecture Notes in Computer Science No. 1907, Toulouse, France, October 2000
  125. Intrusion Detection in Wireless Ad-Hoc Networks
    Yongguang Zhang and Wenke Lee
    In Proceedings of The Sixth International Conference on Mobile Computing and Networking (MobiCom 2000), Boston, MA, August 2000
  126. A Multiple Model Cost-Sensitive Approach for Intrusion Detection
    Wei Fan, Wenke Lee, Sal Stolfo, and Matt Miller
    In Proceedings of The Eleventh European Conference on Machine Learning (ECML 2000), Lecture Notes in Artificial Intelligence No. 1810, Barcelona, Spain, May 2000
  127. Cost-based Modeling for Fraud and Intrusion Detection: Results from the JAM Project
    Sal Stolfo, Wei Fan, Wenke Lee, Andreas Prodromidis, and Phil Chan
    In Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX '00) (selected for presentation), Hilton Head, SC, January 2000
  128. Interfacing Oz with the PCTE OMS: A Case Study of Integrating a Legacy System with a Standard Object Management System
    Wenke Lee and Gail Kaiser
    Journal of Systems Integration, 9(4):329-358, Kluwer Academic Publishers, 1999.
  129. Jadve: An Extensible Data Visualization Environment
    Wenke Lee and Naser Barghouti
    in Object-Oriented Applications Frameworks , M. Fayad, D. Schmidt, and R. Johnson (eds), John Wiley & Sons, 1999
  130. Mining in a Data-flow Environment: Experience in Network Intrusion Detection
    (Best Paper Award in Applied Research Category)
    Wenke Lee, Sal Stolfo, and Kui Mok
    In Proceedings of the 5th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD '99), San Diego, CA, August 1999
  131. A Data Mining Framework for Building Intrusion Detection Models
    Wenke Lee, Sal Stolfo, and Kui Mok
    In Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, CA, May 1999
  132. Towards Automatic Intrusion Detection using NFR
    Wenke Lee, Chris Park, and Sal Stolfo
    In Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, April 1999
  133. Mining Audit Data to Build Intrusion Detection Models
    (Honorable mention (runner-up) for Best Paper Award in Applied Research Category)
    Wenke Lee, Sal Stolfo, and Kui Mok
    In Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining (KDD '98), New York, NY, August 1998
  134. Data Mining Approaches for Intrusion Detection (Postscript)
    Wenke Lee and Sal Stolfo
    In Proceedings of the Seventh USENIX Security Symposium (SECURITY '98), San Antonio, TX, January 1998
  135. JAM: Java Agents for Meta-learning over Distributed Databases
    Sal Stolfo, Andreas Prodromidis, Shelley Tselepis, Wenke Lee, Dave Fan, and Phil Chan
    (Honorable mention (runner-up) for Best Paper Award in Applied Research Category)
    In Proceedings of the Third International Conference on Knowledge Discovery and Data Mining (KDD '97), Newport Beach, CA, August 1997
  136. Grappa: A GRAPh PAckage in Java
    Naser S. Barghouti, John Mocenigo, and Wenke Lee
    Fifth Annual Symposium on Graph Drawing (Graph Drawing '97), Rome, Italy, September 1997
  137. Learning Patterns from Unix Process Execution Traces for Intrusion Detection
    Wenke Lee, Sal Stolfo, and Phil Chan
    AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, July 1997
  138. Credit Card Fraud Detection Using Meta-Learning: Issues and Initial Results
    Sal Stolfo, Dave Fan, Wenke Lee, Andreas Prodromidis, and Phil Chan
    AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, July 1997
  139. OzCare: A Workflow Automation System for Care Plans
    Wenke Lee, Gail Kaiser, Paul Clayton, and Eric Sherman
    In Proceedings of the American Medical Informatics Association Annual Fall Symposium, Washington DC, October 1996
  140. Pay No Attention to the Man Behind the Curtain
    Gail Kaiser and Wenke Lee
    NSF Workshop on Workflow and Process Automation, May 1996
  141. Data Modeling and Management for Large Spatial Databases
    Wenke Lee
    In Proceedings of the Third International Workshop in GIS, Beijing, China, August 1993
  142. Ph.D. Thesis

    A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems, Computer Science Department, Columbia University, New York, NY. June 1999.