man sitting in front of a window

Focusing on Fundamentals Earns Professor Two Test of Time Awards

Two research papers published 15 years ago at the Annual Computer Security Applications Conference (ACSAC) earned prestigious test of time awards in December.  

The publications were recognized by ACSAC for becoming a fundamental part of over 300 botnet and virtual machine research papers. 

When he walked onto the stage to accept the awards, School of Cybersecurity and Privacy Professor Wenke Lee gave the same advice he had given his students 15 years prior in his Georgia Tech lab.

“Do something that you think is important and that you’re passionate about,” he said. “Push yourselves to think about things that are more fundamental.”

Both papers were published in 2007 and purposefully took a different approach from the norm. 

For example, Lee says when A Taxonomy of Botnet Structures was published, researchers focused on the malicious activities of botnets rather than their command-and-control (C&C) design. 

Lee and Georgia Tech alum David DagonGuofei Gu, and Christopher Lee were among the first to systematically analyze how attackers designed botnets. By taking the viewpoint of a botmaster, the researchers provided insight into every way a botnet can be organized. This paper has become a go-to reference for researchers and practitioners to design defense mechanisms against botnets.

“People still use it as a guide,” Lee said. “We asked, ‘If you are a bad guy creating a botnet, how do you build one that cannot be taken down easily? And if you are a good guy, you need to know how a bad guy may organize his botnet and design the countermeasure accordingly.’”

Lee and former students Bryan Payne and Martim Carbone took a similar approach in their paper Secure and Flexible Monitoring of Virtual Machines. The Georgia Tech team analyzed the requirements of virtual machine monitoring solutions and developed XenAccess, an introspection library for safely and efficiently accessing the memory state and disk activity of a virtual machine. 

Coding researchers and practitioners still use the team’s library, which has been renamed from XenAccess to LibVMI. The award-winning paper continues to be widely used in academia and the industry more than 15 years after its publication. 

Lee has been awarded four test of time awards for security research published with his students. He serves as John P. Imlay Jr. Chair of Software at the Georgia Tech College of Computing, where he has been leading research efforts in various labs and research groups since 2001. Notably, the students who worked with Lee on the two 2023 ACSAC Test of Time Paper Awards have become leaders in industry and academia.

Recent Stories