Room 330, 1890 Maple Ave.,
Office Hours: Wed. 2-4pm, Rm 330, 1890
Jason A. Skicewicz
Office Hours: Tu. and Th. 3:30pm - 4:30pm, Rm 321, 1890 Maple Ave.
Location and Time
Lectures: Tuesday and Thursday 2-3:20pm, Room
342, 1890 Maple.
evolution of Internet has spawned rich complexity and vulnerability in its
infrastructure. In this course, we will
take a measurement-based approach to understand the complexity of the Internet,
i.e., characterize, understand, and model the enormous volume and great variety
of Internet traffic in terms of large-scale behaviors. Based on that, we will investigate the
vulnerability of the Internet when different services have evolved and
innovated in different and competing ways, with increasingly less global
We will start with the basic
concepts of security, cryptography, authentication and integrity, and then
focus on security challenges of network and distributed systems as well as the
counter-attack approaches. In the first half
of the course, we will study large-scale Internet attacks. Topics include the
characterization, technologies, history and current defense of mobile malcode
(virus/worm), denial of service (DoS) attacks, firewall technologies, intrusion
detection systems (IDS), testbed and benchmark for security. While lots of existing attacks can be
discovered by their signatures, there are still many unknown, new attacks, and
traffic anomalies. In the second part of
the class we examine these anomalies through investigating high-speed network measurement
and monitoring, network fault diagnostics and root cause analysis, BGP/routing
anomalies, network topology discovery, measurement-based inference, and overlay
and peer-to-peer system monitoring.
During the course, we will read
and discuss research papers, and identify a list of open research problems,
from which the students can choose their class projects. In addition to deploying end-to-end
measurement on global network testbed, PlanetLab (http://www.planet-lab.org/),
massive real-world anonymized router/gateway traffic data will be obtained to analyze
the reliability/vulnerability of the Internet and to detect both well-known and
unknown virus/worm/attacks. Students can
build their own anomaly/intrusion detection systems and have them benchmarked
in a cluster-based emulation environment with real attacks, e.g., with root
- Required: CS 340 or any
equivalent computer network introductory courses.
- Highly recommended: CS 213 or
equivalent computer systems course.
- Highly recommended: CS 343 or
equivalent operating systems course.
- Highly recommended: UNIX
programming experience (gcc, gdb, make, etc.)
- There is no required
textbook. All reading will be from papers which will be made available
- Recommended books and
- Firewalls and Internet Security:
Repelling the Wily Hacker, 2nd edition, by William R. Cheswick,
Steven M. Bellovin, and Aviel D. Rubin
- Network Security - Private
Communication in a Public World, by Charlie Kaufman,
Radia Perlman and Mike Speciner, 2nd Edition, Prentice Hall, 2002
- An encyclopedia of DDoS by Dave Dittrich at Univ. of Washington is here.
- Lecture Notes on
Cryptography, by S. Goldwasser and M. Bellare, available online at http://www-cse.ucsd.edu/users/mihir/papers/gb.html
- Computer Networking: A
Top-Down Approach Featuring the Internet, [KR], Second Edition, James
Kurose and Keith Ross, Addison Wesley, 2002 (Note: buy the hardcover
second edition, not the softcover “preliminary edition” or
the first edition).
exams for this class.
- Class participation and
- Paper reading summary 10%
- In class paper presentation
- Project 65%
- Proposal and survey 5%
- Design document 5%
- Weekly report and
- Project presentation
- Final report 25%
Papers Reading and Presentation
There is no required textbook. All reading will be from papers. Whenever
possible, handouts and papers will be placed online on the web page. A schedule of
assigned readings is available online.
To ensure lively discussions, you will be required to write
a very brief summary of each paper you read, to be
electronically handed in to the TA before the beginning of the class when the
reading is due. Your summary should
include at least:
title and its author(s).
paragraph of the one or two most significant new insight(s) you took away
from the paper.
paragraph of the one or two most significant flaw(s) of the paper: maybe
an experiment was poorly designed or the main idea had a narrow scope or applicability.
Being able to assess weaknesses as well as strengths is an important skill
for this course and beyond.
- A last
paragraph where you state the relevance of the ideas today, potential
future research suggested by the article, etc.
We will start each class with an introduction of the basic
problems/ideas/solutions (10 minutes), followed by student presentations of the
two papers assigned. For each paper, there are 20 minutes for presentation, and
10 minutes for discussion. We will
summarize them with the last 10 minutes.
Some rules for the paper presentation are available online.
Each presentation should include at least the following from
of related work and background
You must send the slides to the TA and me for review at
least 24 hours before your presentation. There are some
guidelines suggested by Fabián E. Bustamante
which you will find useful.
- Course web site:
http://www.cs.northwestern.edu/~ychen/classes/cs495/. Check it out
regularly for schedule changes, clarifications and corrections to
assignments, and other course-related announcements.
- Email list and newsgroup (cs.netsec)
will be available for announcement, and posting questions and answers.
- Late policy:
Since there are many small handin (e.g., paper summary, work-in-progress
report) for this course, we do not
accept late submissions.
- Work division:
I will try to group undergrad and grad students together. While more work
is certainly expected for the grad students, undergraduate students should
also be responsible for significant portion of the project and each undergrad
in the team should do similar amount of work. At the end of the quarter, we will ask
each one to submit a brief description on work division of his/her team.