Featured Alum: Weidong Cui

Our featured alum for this issue is Weidong Cui, who developed the first version of ICSI's Honeyfarm technology (see front page story for more on the current Honeyfarm developments) while he was a research assistant with the Networking Group in 2005 and 2006.

Cui grew up in China, where he studied Electronic Engineering at Tsinghua University in Beijing, and received his BE and ME degrees. He then moved to California, where he completed his PhD at UC Berkeley in 2006. His thesis was focused on automatic malware detection, specifically, detection of malware by inferring the intent of the user or adversary. Most benign software running on personal computers is user driven, and the authors of different kinds of malware have distinct intent as to the type of damage they want to inflict.

While working on his PhD thesis at UC Berkeley, Cui was part of Vern Paxson's Internet Security team, working closely with both Paxson and Nicholas Weaver. "My working experience with Vern and Nick at ICSI was fantastic. Vern was my de facto co-advisor. I have learned tremendously from him: his high standard for research, exceptional diligence, efficient and effective communication, curiosity for new problems, and understanding and consideration for students. When I was working on the RolePlayer project, Vern gave me the freedom to pursue an approach he suspected at the beginning, which was very important for the success of the project. Nick was a nice and fun colleague to work with. He has generously helped me with my quals and research at ICSI. His reverse thinking always surprised me."

At ICSI, Cui was responsible for much of the design, development, and deployment of the original Honeyfarm system, a project of the Collaborative Center for Internet Epidemiology and Defenses (CCIED), a cooperative effort between researchers at UCSD and ICSI. He also developed a novel system for automatically replaying network application dialog for use with the Honeyfarm.

After completing his PhD, Cui was hired by Microsoft Research, where he currently works on automatic reverse engineering of network protocols and file formats, as well as some security-related work on vulnerability signature generation, web security, hardware security, and botnet detection.

Cui says his time at ICSI was invaluable in preparing him for a private sector research job. "My work at ICSI helped me improve and be ready for my current job in many perspectives... I went through the process of tackling a hard problem (i.e., automatically replaying application level dialog based on two dialog samples), from which I learned that it takes persistent efforts to solve a hard problem, and if I don't give up, the solution may be just steps away."