Course Lecture Plan

Date

Lectures Topics

Speakers & Notes

Reading

Tu 3/27

Class overview, project assignment, overview of Internet security.

Yan [ppt]

Symantec Internet Security Report, March 2007.

Th 3/29

BGP and routing anomalies

Yan [ppt]

No paper summary needed.

1.     BGP tutorial from Cisco, please read the BGP fundamental part and this simplified tutorial of BGP. (I will go over the slides in the class. You may also want to read the full version of Introduction to BGP by Tim Griffin.)

2.     Delayed Internet Routing Convergence, by C. Labovitz, A. Ahuja, A. Bose and F. Jahanian, in ACM SIGCOMM 2000. (slides of their NANOG 19 talk)

Tu 4/3

Next generation network architectures and its security implications

Sagar

[ppt]

Accurate Real-time Identification of IP Hijacking, X. Hu and Z. Mao, IEEE Security Symposium 2007.

[Reference] PHAS: A Prefix Hijack Alert System,

M. Lad et al, USENIX Security Symposium 2006.

[Reference] Next generation network architecture (view point of Cisco) (PowerPoint), Cisco Research Symposium August 2006.

Th 4/5

Honeynet/honeyfarms

Anup

[ppt]

1. The Internet Motion Sensor: A Distributed Blackhole Monitoring System, M. Bailey, et al, NDSS 2005.

2. Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm [presentation], M. Vrable, et al, ACM SOSP 2005.

Tu 4/10

Botnets

Sam

[paper1.ppt]

[paper2.pdf]

botnet blog

1. A Multifaceted Approach to Understanding the Botnet Phenomenon, M. A. Rajab, et al, ACM IMC 2006.

2. Revealing Botnet Membership with DNSBL Counter-Intelligence, A. Ramachandran, N. Feamster, and D. Dagon, 2nd USENIX Steps to Reducing Unwanted Traffic on the Internet (SRUTI), 2006.

Th 4/12

Invited talk on network access control

Kurtis E. Minder, Mirage Networks

[ppt]

 

Tu 4/17

Spam

Sagar

[ppt]

Understanding the Network-Level Behavior of Spammers, A. Ramachandran and N. Feamster, ACM SIGCOMM 2006.

Th 4/19

Worms I

Zhaosheng

[ppt]

1.    ShieldGen: Automated Data Patch Generation for Unknown Vulnerabilities with Informed Probing, W. Cui et al, in IEEE Symposium on Security and Privacy (Oakland) 2007.

2.    Packet Vaccine: Black-box Exploit Detection and Signature Generation, X. Wang, et al, ACM CCS 2006.

Tu 4/24

Worms II

(debate with CS495)

 

Worm Origin Identification Using Random Walks,
Yinglian Xie, Vyas Sekar, David A. Maltz, Michael K. Reiter, Hui Zhang, IEEE Security Symposium 2005

[Reference] Forensic Analysis for Epidemic Attacks in Federated Networks, Yinglian Xie, Vyas Sekar, Mike Reiter, Hui Zhang, IEEE ICNP 2006

Th 4/26

Secure Internet architecture

(debate with CS495)

 

SANE: A Protection Architecture for Enterprise Networks, M. Casado et al., in USENIX Security Symposium 2006.

Tu 5/1

Midterm project presentation

Th 5/3

World Wide Web security I

James

[part 1 from authors]

[part2 from James]

BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML, C. Reis et al, ACM OSDI 2006.

Tu 5/8

Denial-of-Service (DoS) attack defense I

(debate with CS495)

 

DDoS Defense by Offense, M. Walfish et al, ACM SIGCOMM 2006

Th 5/10

DoS attack defense II

(debate with CS495)

 

A DoS-limiting Network Architecture, X. Yang, D. Wetherall, and T. Anderson, ACM SIGCOMM 2005

Tu 5/15

Hardware support for network security

Invited talk by Prof. Bin Liu, Tsinghua Univ.

Rethinking Hardware Support for Network Analysis and Intrusion Prevention, V. Paxson, et al, Proc. USENIX Hot Security, August 2006. Slides from Vern.

Th 5/17

World Wide Web security II

Gary

[ppt]

Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure, V. T. Lam, S. Antonatos, P. Akritidis, and K. G. Anagnostakis, ACM CCS 2006

Tu 5/22

Intrusion detection and forensics I

Zhaosheng

[ppt]

Protomatching Network Traffic for High Throughput Network Intrusion Detection. Shai Rubin, Somesh Jha, and Barton P. Miller, ACM CCS 2006

We 5/23

Future Internet architecture

(debate with CS495)

 

Postmodern Internetwork Architecture, by B. Bhattacharjee et al.

Tu 5/29

Intrusion detection and forensics II

Jim

[ppt]

Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection, H. Dreger et al, USENIX Security Symposium 2006.

[Ref] A Generic Application-Level Protocol Analyzer and its Language, N. Borisov et al, NDSS 2007.

Th 5/31

Project presentation

 

 

Notes:

  1. You may find the brochure useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.