CS 450 Internet Security: a Measurement-based Approach

Instructor

Yan Chen, Assistant Professor
Room 330, 1890 Maple Ave., 491-4946. ychen@cs.northwestern.edu
Office Hours: Th. 2-4pm, Rm 330, 1890 Maple Ave.

Location and Time

·       Lectures: Mon and Wed 2-3:20pm, Room 342, 1890 Maple.

Course Description

The evolution of Internet has spawned rich complexity and vulnerability in its infrastructure.  In this course, we will take a measurement-based approach to understand the complexity of the Internet, i.e., characterize, understand, and model the enormous volume and great variety of Internet traffic in terms of large-scale behaviors.  Based on that, we will investigate the vulnerability of the Internet when different services have evolved and innovated in different and competing ways, with increasingly less global consensus.

 

We will start with the basic concepts of Internet architecture, its design principles and evolution, and then focus on security challenges of network and distributed systems as well as the counter-attack approaches.  In the first half of the course, we will study large-scale Internet attacks and defenses. Topics include the global characteristics, prevalence, and propagation strategies of mobile malcode (virus/worm), Internet quarantine: self-propagating code containment, denial of service attacks (in P2P and stealthy DoS) vs. flash crowds, wireless, ad hoc and sensor network security.  In the second part of the class we examine these anomalies through investigating high-speed network measurement and monitoring, network fault diagnostics and root cause analysis, and measurement-based inference.

 

During the course, we will read and discuss research papers, and identify a list of open research problems, from which the students can choose their class projects.  In addition to deploying end-to-end measurement on global network testbed, PlanetLab (http://www.planet-lab.org/), massive real-world anonymized router/gateway traffic data will be obtained to analyze the reliability/vulnerability of the Internet and to detect both well-known and unknown virus/worm/attacks. We will further characterize and diagnoise the unknown anomalies and network failures.

Course Prerequisites

• Required: CS 340 or any equivalent computer network introductory courses.
• Highly recommended: CS 395/495-20 or equivalent intro to computer security course.
• Highly recommended: CS 213 or equivalent computer systems course.
• Highly recommended: CS 343 or equivalent operating systems course.
• Highly recommended: UNIX programming experience (gcc, gdb, make, etc.)

Course Materials

• There is no required textbook. All reading will be from papers which will be made available online.
• Recommended books and references
• Network Security - Private Communication in a Public World, by Charlie Kaufman, Radia Perlman and Mike Speciner, 2nd Edition, Prentice Hall, 2002
• Cryptography and Network Security, by William Stallings, 3^rd Edition, Prentice Hall, 2003
• Firewalls and Internet Security: Repelling the Wily Hacker, 2^nd edition, by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin, Addison Wesley, 2003
• An encyclopedia of DDoS by Dave Dittrich at Univ. of Washington is here.

Grading

No exams for this class.

• Class participation and discussion 15%
• Paper reading summary 10%
• In class paper presentation and debate 20%
• Project 55%
1. Proposal and survey 5%
2. Midterm presentation and report 10%
3. Weekly report and meeting 10%
4. Final presentation 10%
5. Final report 20%

Papers Reading and Presentation

There is no required textbook. All reading will be from papers. Whenever possible, handouts and papers will be placed online on the web page.  A schedule of assigned readings is available online.

To ensure lively discussions, you will be required to write a very brief summary of each paper you read, to be electronically handed in to the TA before the beginning of the class when the reading is due.  Your summary should include at least:

• Paper title and its author(s).
• Brief one-line summary.
• A paragraph of the one or two most significant new insight(s) you took away from the paper.
• A paragraph of the one or two most significant flaw(s) of the paper: maybe an experiment was poorly designed or the main idea had a narrow scope or applicability. Being able to assess weaknesses as well as strengths is an important skill for this course and beyond.
• A last paragraph where you state the relevance of the ideas today, potential future research suggested by the article, etc.

 

We will start each class with an introduction of the basic problems/ideas/solutions (10 minutes), followed by student presentations of the two papers assigned. For each paper, there are 20 minutes for presentation, and 10 minutes for discussion.  We will summarize them with the last 10 minutes.  Some rules for the paper presentation are available online.

 

Each presentation should include at least the following from the paper:

• Motivation
• Classification of related work and background
• Main ideas
• Evaluation and results
• Open issues

 

You must send the slides to the TA and me for review at least 24 hours before your presentation. There are some guidelines suggested by Prof. Fabián E. Bustamante which you will find useful.

Projects

Projects (done in groups of size 2+) are a critical component of this course. Your goal is to design, build and evaluate interesting systems that address issues, solve problems and exploit techniques from classroom discussions and readings.

 

Projects must be written up in a term paper and teams will present their results at the end of the course in a mini-conference and write up a report.  The list of potential ideas for projects will be posted soon.  Feel free to use one, propose something completely different, or refine one of these into your own idea.

 

Project Deliverables and Deadlines (all due at 11:59pm of the due date)

Proposal – April 8: 3-4 pages describing the purpose of the project, work to be done and potential load distribution, expected outcome/results, etc.  Make sure to describe the context and related work for the proposed project.

Weekly Meeting and Progress Report – 4/4-5/20:  Each team will schedule a weekly meeting (30 minutes) with me.  Send me the updated report and highlight the new updated part (except the 4/25 week).  For each week, I expect updates of 1-2 pages on the project status, initial results, and problems encountered, etc. The report is due 24 hours ahead of the meeting.

Midterm presentation – April 27  Presentation of your project in progress to the class (20 minutes each group)

Midterm report – April 29  Work-in-progress report of about 6 pages long.

Project Presentation – May 25 and June 1: Present the results in class, including Q&A.

Final Report – June 10:  The final report is a workshop-level paper describing your work, evaluation, related research, potential avenues to explore, etc. You should incorporate the comments received during the presentation. Code should be submitted electronically.

Communication

• Course web site: http://www.cs.northwestern.edu/~ychen/classes/cs450-05/

Policies

• Late policy:
  Since there are many small handin (e.g., paper summary, work-in-progress report)  for this course, we do not accept late submissions.
• Work division:
  I will try to group undergrad and grad students together. While more work is certainly expected for the grad students, undergraduate students should also be responsible for significant portion of the project and each undergrad in the team should do similar amount of work.  At the end of the quarter, we will ask each one to submit a brief description on work division of his/her team.