Yan Chen,
Assistant Professor
Room 330,
Office Hours: Wed. 2-4pm, Rm 330,
Jason A. Skicewicz
jskitz@cs.northwestern.edu
Office Hours: Tu. and Th. 3:30pm - 4:30pm, Rm 321,
· Lectures: Tuesday and Thursday 2-3:20pm, Room 342, 1890 Maple.
The evolution of Internet has spawned rich complexity and vulnerability in its infrastructure. In this course, we will take a measurement-based approach to understand the complexity of the Internet, i.e., characterize, understand, and model the enormous volume and great variety of Internet traffic in terms of large-scale behaviors. Based on that, we will investigate the vulnerability of the Internet when different services have evolved and innovated in different and competing ways, with increasingly less global consensus.
We will start with the basic concepts of security, cryptography, authentication and integrity, and then focus on security challenges of network and distributed systems as well as the counter-attack approaches. In the first half of the course, we will study large-scale Internet attacks. Topics include the characterization, technologies, history and current defense of mobile malcode (virus/worm), denial of service (DoS) attacks, firewall technologies, intrusion detection systems (IDS), testbed and benchmark for security. While lots of existing attacks can be discovered by their signatures, there are still many unknown, new attacks, and traffic anomalies. In the second part of the class we examine these anomalies through investigating high-speed network measurement and monitoring, network fault diagnostics and root cause analysis, BGP/routing anomalies, network topology discovery, measurement-based inference, and overlay and peer-to-peer system monitoring.
During the course, we will read and discuss research papers, and identify a list of open research problems, from which the students can choose their class projects. In addition to deploying end-to-end measurement on global network testbed, PlanetLab (http://www.planet-lab.org/), massive real-world anonymized router/gateway traffic data will be obtained to analyze the reliability/vulnerability of the Internet and to detect both well-known and unknown virus/worm/attacks. Students can build their own anomaly/intrusion detection systems and have them benchmarked in a cluster-based emulation environment with real attacks, e.g., with root kits.
No exams for this class.
There is no required textbook. All reading will be from papers. Whenever possible, handouts and papers will be placed online on the web page. A schedule of assigned readings is available online.
To ensure lively discussions, you will be required to write a very brief summary of each paper you read, to be electronically handed in to the TA before the beginning of the class when the reading is due. Your summary should include at least:
We will start each class with an introduction of the basic problems/ideas/solutions (10 minutes), followed by student presentations of the two papers assigned. For each paper, there are 20 minutes for presentation, and 10 minutes for discussion. We will summarize them with the last 10 minutes. Some rules for the paper presentation are available online.
Each presentation should include at least the following from the paper:
You must send the slides to the TA and me for review at least 24 hours before your presentation. There are some guidelines suggested by Fabián E. Bustamante which you will find useful.