Ke Wang

604 CEPSR, Computer Science Dept
Columbia University
New York, NY 10027
Tel: (212) 939-7078 (o) 

OBJECTIVE  Full-time position in network security related research and software development
July 2002 - present PhD candidate
Department of Computer Science, Columbia University. GPA 4.1/4.0
Aug. 2000 - May 02 MS of Computer Science (Minor in Financial Engineering)
Department of Computer Science, Cornell University. GPA 3.8/4.0
Sep.1995 - Jul.2000 BS of Computer Science, Department of Computer Science,  GPA 3.95/4.0
University of Science and Technology of China (USTC)
RESEARCH INTEREST  Network traffic modeling and anomaly detection, collaborative security, machine learning and data mining algorithms and their applications
July 02 - present Research Assistant, Intrusion Detection System (IDS) lab, Columbia University
Advisor: Prof. Salvatore J. Stolfo
Work on data mining based approach to detect intruders to the computer system and other related computer security problems. Large quantities of data are collected from the system and analyzed to build models of normal behavior and intrusion behavior. These models are evaluated on data collected in real time to detect intruders. The project I'm working/worked on:                 
  • PAYL (Payload based anomaly detection) we model the network payload using a incremental statistical approach, then apply Mahananobis distance to detect anomalies. The initial result is in our RAID 04 paper, and more recent work is in RAID 05 paper)
  • EMT (Email Mining Toolkit) A user behavior-based approach to secure email system, including detect virus, spam, and abnormal usage of the emails. We are currently co-working with NYPD to apply EMT to forensics detection)
  • RUU (Are you you) Build models for userís normal behavior on a system from multiple aspects to detect masqueraders, for example, commands executed, system calls, file system, registry access, etc.)
06/2005 - 08/2005 Summer Intern, Security/Infrastructure Group, Google Inc. (Mountain View)
  Mentor: Dr. Niels Provos
06/2004 - 08/2004 Summer intern,  Systems and Networking Research Group, Microsoft Research Redmond
Mentor : Dr. John Dunagan
My project: FDR - Flight Data Recorder. In this project we are trying to use black-box analysis to the persistent state changes to manage changes on a computer. Persistent state here means the registry system and file system. Our goal of this project is: given all the registry and file modification traces of some machine, we can automatically group them into meaningful groups that are corresponding to the actions happened on that machine. During the summer I've finished initial algorithm design and implemented a GUI to present results. Later we are wishing to refine it and do more experiment using more traces
May 01 - May 02 Research Assistant, Information Assurance Institute (IAI), CS Dept, Cornell University
Advisor: Prof. Emin Gun Sirer
Worked on enforcing security policies on web applications from language approach. We created a simple language to specify the security policy of a web server, and then wrote translators to translate the language into proper codes on different platforms. Using this way the security can be automatically enforced on a web server once the administrator specifies the rules using our language
Fall 2004 Instructor for CS3101-1 Programming Language in Java. CS Dept, Columbia University
Fall 2003 Teaching Assistant for CS4701 Artificial Intelligence, CS Dept, Columbia University
Fall 2000 Teaching Assistant of Java programming, CS Dept, Cornell University. 
Fall 1999 Teaching Assistant of Parallel and Distributed System, Department of Computer Science, USTC 
1.   Michael Locasto, Ke Wang, Angelos Kyrometis,Salvatore J. Stolfo. "FLIPS: Hybrid Adaptive Intrusion Prevention" Recent Advance in Intrusion Detection (RAID), Sept. 2005
2.   Ke Wang, Gabriela Cretu,Salvatore J. Stolfo. "Anomalous Payload-based Worm Detection and Signature Generation" Recent Advance in Intrusion Detection (RAID), Sept. 2005
  3.   Wei-Jen Li, Ke Wang, Salvotore J. Stolfo, "Fileprints: Identifying File Types by n-gram Analysis." IEEE Information Assurance Workshop, June, 2005
4.   Ke Wang, Salvatore J. Stolfo. "Anomalous Payload-based Network Intrusion Detection" Recent Advance in Intrusion Detection (RAID), Sept. 2004
5.   Rui Kuang, Eugene Ie, Ke Wang, Kai Wang, Mahira Siddiqi, Yoav Freund and Christina Leslie. "Profile-based String Kernels for Remote Homology Detection and Motif Extraction", Proc. of the Computational Systems Bioinformatics Conference (IEEE CSB 2004). Invited to Journal of Bioinformatics and Computational Biology. 
6.   Salvatore J. Stolfo, Wei-Jen Li, Shlomo Hershkop, Ke Wang, Chia-Wei Hu, Olivier Nimeskern. "Detecting Viral Propagations Using Email Behavior Profiles"  ACM Transactions on Internet Technology (TOIT) May 2004
7.   Ke Wang, Salvatore J. Stolfo, "One Class Training for Masquerade Detection"ICDM Workshop on Data Mining for Computer Security (DMSEC 2003).
8.   Salvatore J. Stolfo, Shlomo Hershkop, Ke Wang, Olivier Nimeskern, Chia-Wei Hu, " Behavior-Based Approach to Secure Email Systems" Int. Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security (ACNS-2003)
9.   Salvatore J. Stolfo, Shlomo Hershkop, Ke Wang, Olivier Nimeskern, Chia-Wei Hu, "Behavior Profiling of Email" 1st NSF/NIJ Symposium on Intelligence & Security Informatics (ISI 2003)
10.   Emin Gun Sirer, Ke Wang, "An access control language for web services"  7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002)
HONORS 2005     Student Author Travel Scholarship, RAID conference, 2005
  2000     Best B.S. Thesis of 2000, USTC  
(Title: Distributed Sorting by Sampling and High-Speed Crossbar Network)
1999     Guo Moruo Presidential Fellowship (highest honor of USTC)
1998     Baogang National Education Fellowship (12 out of 8000 students)
1998     National Mathematical Contest of Modeling, First Prize of Region
1997     Zhang Zongzhi Sci.&Tech. Scholarship (50 out of 8000 students)
1996     Excellent Student Scholarship, Frist Prize, USTC
US PATENT  FILED  Ke Wang, Sal Stolfo. "Apparatus method and medium for detecting payload anomaly using n-gram distribution of normal data", filed on Nov. 2004
ACTIVITIES Program Committee, SDM 2006.
  Invited as university representative to the Microsoft Professional Developers' Conference (PDC) 2001 by Microsoft Corporation.
Give poster "EMT- detect virus by email behavior profiling" in Recent Advances in Intrusion Detection (RAID), Sept 2003, Pittsburg.
Review the submissions to some security, network, data mining conferences including DNS, ICDM, CCS, NDSS etc.
SKILLS Programming Languages
JAVA, C, C++, ASP.NET, VB.NET, Assembly, SQL, Shells, HTML, ML, Prolog, Pascal, FORTRAN, Tcl, PVM, MPI, NX
Operating Systems
UNIX (SUN/SOLARIS, HP/HP-UX, FreeBSD), LINUX, Windows NT, .NET platform


REFERENCES Professor Salvatore J. Stolfo,
Compute Science Department, Columbia University
Professor Angelos Keromytis
Compute Science Department, Columbia University