Wenke
Lee

General Information

Email:
wl67@gatech.edu
Phone:
4043852879
Location - Building:
Coda
Location - Room:
S0937
Roles:
Professor (any rank)
Primary Unit:
School of Cybersecurity and Privacy
Website URL
https://wenke.gtisc.gatech.edu/

Details

Degrees with subject and Postdoc Experience:
Degree Type
Ph.D.
Subject
Computer Science
Year
1999
Institution
Columbia University
Location
New York
Statement of Research Interests:

My research interests include systems and network security, applied cryptography, and machine learning. Our current projects are on software debloating, malware analysis, systems security, privacy-preserving biometric based authentication and identification, and adversarial machine learning.

Statement of Teaching Interests:

CS 6264/OMS CS/Cybersecurity 6264: Information Security Labs: System and Network Defenses. This graduate-level course helps students develop both in-depth knowledge and hands-on skills in several important cybersecurity areas, including software security, malware, and threat analysis, endpoint security, network security, web security, mobile security, and machine learning-based security analytics. The lecture materials of each topic area are drawn from the latest research papers and prototypes, and a comprehensive project is designed to help students master each area. The lecture materials explain the design principles of cutting-edge security tools, and the projects are designed to let students extend these tools. Most of the tools are in the open-source, and therefore, students can continue to build on and use these tools beyond this course. Recorded videos for online offering as part of OMSCS as well as OMS Cybersecurity.

CS 6262/OMS CS/Cybersecurity 6262: Network Security. Graduate-level course in network security with topics including large-scale attacks and impacts, penetration testing and security assessments, security of Internet protocols (IP, TCP, DNS, and BGP), advanced web security, advanced malware analysis, advanced network monitoring, Internet-scale threat analysis, bitcoins and cryptocurrencies, big data and security, cloud security, and attack-tolerant systems. Completely revamped in 2016 with new course materials drawing from research papers and projects developed by my Ph.D. students. Recorded videos for online offering via Udacity as part of OMSCS as well as OMS Cybersecurity.

CS 6035/OMS CS/Cybersecurity 6035: Introduction to Information Security. Cross-listed undergraduate and graduate introductory course in information security. It teaches the basic concepts, principles, and fundamental approaches to securing computers and networks. Its main topics include: security basics, security management and risk assessment, software security, operating systems security, database security, cryptography algorithms and protocols, network authentication and secure network applications, malware, network threats and defenses, web security, mobile security, legal and ethical issues, and privacy. Completely revamped in 2015 with new materials covering the up- to-date threat models, attack methods, and new technologies and policy considerations. Recorded videos for online offering via Udacity as part of OMS CS as well as OMS Cybersecurity.

Selection of recent research, scholarly, and creative activities:
  1. Jasmine: Scale up JavaScript Static Security Analysis with Computation-based Semantic Explanation.
    Feng Xiao, Zhongfu Su, Guangliang Yang, and Wenke Lee
    In Proceedings of the IEEE Symposium on Security and Privacy. 2024.

 

  1. WEBRR: A Forensic System for Replaying and Investigating Web-Based Attacks in The Modern Web.
    Joey Allen, Zheng Yang, Feng Xiao, Matthew Landen, Roberto Perdisci, and Wenke Lee.
    In Proceedings of the 33rd USENIX Security Symposium (USENIX). 2024.

 

  1. Towards Generic Database Management System Fuzzing.
    Yupeng Yang, Yongheng Chen, Rui Zhong, Jizhou Chen, and Wenke Lee.
    In Proceedings of the 33rd USENIX Security Symposium (USENIX). 2024.
  1. Geometric Implications of Classification on Reducing Open Space Risk.
    Matthew Lau, Leyan Pan, Stefan Davidov, Athanasios P. Meliopoulos, and Wenke Lee.
    Tiny Papers @ The Twelfth International Conference on Learning Representations (ICLR). 2024.
  1. Physics-Assisted Explainable Anomaly Detection in Power Systems.
    Matthew Lau, Fahad Alsaeed, Kayla Thames, Nano Suresettakul, Saman A. Zonouz, Wenke Lee, and Athanasios P. Meliopoulos.
    In Proceedings of the European Conference on Artificial Intelligence. 2024.
  1. Revisiting Non-separable Binary Classification and its Applications in Anomaly Detection.
    Matthew Lau, Ismaïla Seck, Athanasios P. Meliopoulos, Wenke Lee, and Eugène Ndiaye.
    Transactions on Machine Learning Research. Vol 2024.
  1. RL-ARNE: A Reinforcement Learning Algorithm for Computing Average Reward Nash Equilibrium of Nonzero-Sum Stochastic Games.
    Dinuka Sahabandu, Shana Moothedath, Joey Allen, Linda Bushnell, Wenke Lee, and Radha Poovendran.
    IEEE Transactions on Automatic Control. Vol 69(11), 2024.
  1. Dynamic Information Flow Tracking for Detection of Advanced Persistent Threats: A Stochastic Game Approach.
    Shana Moothedath, Dinuka Sahabandu, Joey Allen, Andrew Clark, Linda Bushnell, Wenke Lee, and Radha Poovendran.
    IEEE Transactions on Automatic Control. Vol 69(10), 2024.
  1. Stochastic Dynamic Information Flow Tracking game using supervised learning for detecting advanced persistent threats.
    Shana Moothedath, Dinuka Sahabandu, Joey Allen, Linda Bushnell, Wenke Lee, and Radha Poovendran. Automatica. Vol 159, 2024.
  1. TRIDENT: Towards Detecting and Mitigating Web-based Social Engineering Attacks.
    Zheng Yang, Joey Allen, Matthew Landen, Roberto Perdisci, and Wenke Lee.
    In Proceedings of the 32nd USENIX Security Symposium (USENIX). Anaheim, California. 2023.
  1. VulChecker: Graph-based Vulnerability Localization in Source Code.
    Yisroel Mirsky, George Macon, Michael Brown, Carter Yagemann, Matthew Pruett, Evan Downing, Sukarno Mertoguno, and Wenke Lee.
    In Proceedings of the 32nd USENIX Security Symposium (USENIX). Anaheim, California. 2023.
  1. PUMM: Preventing Use-After-Free Using Execution Unit Partitioning.
    Carter Yagemann, Simon Chung, Brendan Saltaformaggio,  and Wenke Lee.
    In Proceedings of the 32nd USENIX Security Symposium (USENIX). Anaheim, California. 2023.
  1. µFUZZ: Redesign of Parallel Fuzzing using Microservice Architecture.
    Yongheng Chen, Rui Zhong, Yupeng Yang, Hong Hu, Dinghao Wu, and Wenke Lee.
    In Proceedings of the 32nd USENIX Security Symposium (USENIX). Anaheim, California. 2023.
  1. SCAPHY: Detecting Modern ICS Attacks by Correlating Behaviors in SCADA and PHYsical.
    Moses Ike, Kandy Phan, Keaton Sadoski, Romuald Valme, and Wenke Lee.
    In Proceedings of the 2023 IEEE Symposium on Security and Privacy. San Francisco, California. 2023.
  1. The Threat of Offensive AI to Organizations.
    Yisroel Mirsky, Ambra Demontis, Jaidip Kotak, Ram Shankar, Deng Gelei, Liu Yang, Xiangyu Zhang, Maura Pintor, Wenke Lee, Yuval Elovici, and Battista Biggio.
    Computer Security. Vol 124, 2023.
  1. DRAGON: Deep Reinforcement Learning for Autonomous Grid Operation and Attack Detection.
    Matthew Landen, Keywhan Chung, Moses Ike, Sarah Mackay, Jean-Paul Watson, and Wenke Lee.
    In Proceedings of the Annual Computer Security Applications Conference (ACSAC). 2022.
  1. DeView: Confining Progressive Web Applications by Debloating Web APIs.
    ChangSeok Oh, Sangho Lee, Chenxiong Qian, Hyungjoon Koo, and Wenke Lee.
    In Proceedings of the Annual Computer Security Applications Conference (ACSAC). 2022.
  1. Understanding and Mitigating Remote Code Execution Vulnerabilities in Cross-platform Ecosystem.
    Feng Xiao, Zheng Yang, Joey Allen, Guangliang Yang, Grant Williams, and Wenke Lee.
    In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). 2022.
  1. The Creation and Detection of Deepfakes: A Survey.
    Yisroel Mirsky and Wenke Lee.
    ACM Computing Surveys. 54(1), 2022.
  1. Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis.
    Carter Yagemann, Simon Chung, Brendan Saltaformaggio, and Wenke Lee.
    In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). 2021.
  1. Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks.
    Carter Yagemann, Mohammad Noureddine, Wajih Hassan, Simon Chung, Adam Bates, and Wenke Lee.
    In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). 2021.
  1. Fuzzy Labeled Private Set Intersection with Applications to Private Real-Time Biometric Search.
    Erkam Uzun, Simon P. Chung, Vladimir Kolesnikov, Alexandra Boldyreva, and Wenke Lee.
    In Proceedings of the 2021 USENIX Security Symposium. 2021.
  1. DeepReflect: Discovering Malicious Functionality through Binary Reconstruction.
    Evan Downing, Kyuhong Park, Yisroel Mirsky, and Wenke Lee.
    In Proceedings of the 2021 USENIX Security Symposium. 2021.
  1. ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems.
    Carter Yagemann, Matthew Pruett, Simon P. Chung, Kennon Bittick, Brendan Saltaformaggio, and Wenke Lee.
    In Proceedings of the 2021 USENIX Security Symposium. 2021.
  1. Abusing Hidden Properties to Attack the Node.js Ecosystem.
    Feng Xiao, Jianwei Huang, Yichang Xiong, Guangliang Yang, Hong Hu, Guofei Gu, and Wenke Lee.
    In Proceedings of the 2021 USENIX Security Symposium. 2021.
  1. Identifying Behavior Dispatchers for Malware Analysis.
    Kyuhong Park, Burak Sahin, Yongheng Chen, Jisheng Zhao, Evan Downing, Hong Hu, and Wenke Lee.
    In Proceedings of the 16th ACM ASIA Conference on Computer and Communications Security (ACM AsiaCCS 2021).
  1. Cryptographic Key Derivation from Biometric Inferences for Remote Authentication.
    Erkam Uzun, Carter Yagemann, Simon P. Chung, Vladimir Kolesnikov, and Wenke Lee.
    In Proceedings of the 16th ACM ASIA Conference on Computer and Communications Security (ACM AsiaCCS 2021).
  1. SEPAL: Towards a Large-scale Analysis of SEAndroid Policy Customization.
    Dongsong Yu, Guangliang Yang, Guozhu Meng, Xiaorui Gong, Xiu Zhang, Xiaobo Xiang, Xiaoyu Wang, Yue Jiang, Kai Chen, Wei Zou, Wenke Lee, and Wenchang Shi.
    In Proceedings of The Web Conference 2021 (WWW 2021).
  1. The Creation and Detection of Deepfakes: A Survey.
    Yisroel Mirsky and Wenke Lee.
    ACM Computing Surveys. 54(1), 2021.
  1. One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation.
    Yongheng Chen, Rui Zhong, Hong Hu, Hangfan Zhang, Yupeng Yang, Dinghao Wu, and Wenke Lee.
    In Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland). 2021.
  1. Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages.
    Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, and Wenke Lee.
    In Proceedings of the Network and Distributed System Security Symposium (NDSS). 2021.
  1. Stopping Memory Disclosures via Diversification and Replicated Execution.
    Kangjie Lu, Meng Xu, Chengyu Song, Taesoo Kim, and Wenke Lee.
    IEEE Transactions on Dependable and Secure Computing (TDSC). 18(1), 2021.
  1. On the Feasibility of Automating Stock Market Manipulation.
    Carter Yagemann, Simon P. Chung, Erkam Uzun, Sai Ragam, Brendan Saltaformaggio, and Wenke Lee.
    In Proceedings of the Annual Computer Security Applications Conference (ACSAC). 2020.
  1. Slimium: Debloating the Chromium Browser with Feature Subsetting.
    Chenxiong Qian, Hyungjoon Koo, ChangSeok Oh, Taesoo Kim, and Wenke Lee.
    In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). 2020.
  1. Mnemosyne: An Effective and Efficient Postmortem Watering Hole Attack Investigation System.
    Joey Allen, Zheng Yang, Matthew Landen, Raghav Bhat, Harsh Grover, Andrew Chang, Yang Ji, Roberto Perdisci, and Wenke Lee.
    In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). 2020.
  1. SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback.
    Rui Zhong, Yongheng Chen, Hong Hu, Hangfan Zhang, Wenke Lee, and Dinghao Wu.
    In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). 2020.
  1. Quickest Detection of Advanced Persistent Threats: A Semi-Markov Game Approach.
    Dinuka Sahabandu, Joey Allen, Shana Moothedath, Linda Bushnell, Wenke Lee, and Radha Poovendran.
    In Proceedings of the ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS). 2020.
  1. A Game-Theoretic Approach for Dynamic Information Flow Tracking to Detect Multistage Advanced Persistent Threats.
    Shana Moothedath, Dinuka Sahabandu, Joey Allen, Andrew Clark, Linda Bushnell, Wenke Lee, and Radha Poovendran.
    IEEE Transactions on Automatic Control. 65(12): 5248-5263, 2020.