Notes:
Date |
Lectures Topics |
Speakers & Notes |
|
Tu 3/30 |
Class overview, Introduction to networking security (cryptography, authentication) |
Yan [ppt] |
KR 7.1 - 7.3 |
Th 4/1 |
Introduction to networking security (authentication, integrity). Mobile malcode: intro |
Yan [ppt] |
KR 7.3 – 7.5 |
Tu 4/6 |
Mobile malcode: terminology, anatomy, and defense |
Ashish [taxonomy.ppt] |
1. A Taxonomy of Computer Worms, N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, the First Workshop on Rapid Malcode (WORM), 2003. 2.
How
to 0wn the Internet in Your Spare Time, |
Th 4/8 |
Viruses and worms: history and current defense postures |
Stefan [slammer.ppt] |
1. The Spread of the Sapphire/Slammer Worm. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, 2003. 2.
Large
Scale Malicious Code: A Research Agenda, N. Weaver, V. Paxson, |
Tu 4/13 |
Malcode containment, port scan detection |
Matt [portscan.ppt] |
1. Fast Portscan Detection Using Sequential Hypothesis Testing, J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan, Proc. IEEE Symposium on Security and Privacy, 2004. 2. Internet Quarantine: Requirements for Containing Self-Propagating Code. D. Moore, C. Shannon, G. Voelker and S. Savage. In Proceedings of the IEEE Infocom, 2003. |
Th 4/15 |
Denial-of-Service (DoS) attacks |
Kate [dosTaxonomy.ppt] [inferDOS.ppt] [animation movie] |
1. A Taxonomy of DDoS Attacks and Defense Mechanisms, J. Mirkovic and P. Reiher, in ACM Computer and Communication Review (CCR), Apr. 2004. 2.
Inferring
Internet Denial of Service Activity, D. |
Tu 4/20 |
DoS attacks (cont’d) |
Aaron [DoSvsFE.ppt] [SYNdetection.ppt] [SYNDet_related.ppt] |
1. Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites (PS version), J. Jung, B. Krishnamurthy and M. Rabinovich, in Proc. of WWW, 2002. 2. Detecting SYN Flooding Attacks, Haining Wang, Danlu Zhang, and Kang G. Shin, in Proc. of IEEE INFOCOM, 2002 |
Th 4/22 |
Firewalls |
Kate and Tamara [firewalls.ppt] |
1. Firewall Gateways, Chapter 9 of “Firewalls and Internet Security: Repelling the Wily Hacker”, (similarly, chapter 3 of version 1 is online here), W. Cheswick and S. Bellovin. |
Tu 4/27 |
Intrusion Detection system (IDS): survey and taxonomy |
Laurence [ppt] |
1. Towards a Taxonomy of Intrusion Detection Systems and Attacks, D. Alessandri and many others. IBM research report 2001 2. State of the Practice of Intrusion Detection Technologies, J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, and E. Stoner. CMU/SEI Technical Report (CMU/SEI-99-TR-028) 1999. |
Th 4/29 |
Host-based vs. network-based IDS |
Laurence [ppt] Zach [ppt] |
1. Bro: A System for Detecting Network Intruders in Real-Time, V. Paxson, Computer Networks, 31(23-24). December, 1999. |
Tu 5/4 |
IDS benchmark and Worm Detection |
Ashish [ppt] |
1.
The Use of Honeynets to Detect Exploited
Systems Across Large Enterprise Networks, J. Levine,
R. L, H. Owen, D. Contis, and B. Culver, in Proc. of Workshop on Information
Assurance, 2003. An interesting
extended work-in-progress is Wormholes and
a Honeyfarm (PPT), N. Weaver, V. Paxson, and 2. Benchmarking Anomaly-Based
Detection Systems. R. Maxion and K. M. C Tan. In Proc. of the 1st
International Conference on Dependable Systems & Networks. 2000. |
Th 5/6 |
Signature- vs. statistics-based NIDS and anomaly detection |
Ashish (finish up) Aaron [eluding.ppt], Matt [wavelet.ppt] |
1. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. T. H. Ptacek and T. N. Newsham. Technical Report. 1998. NOTES:
This paper is a bit long. 1. The first 3 sections are the most important. Make sure that you cover everything. 2. We can skip Sec. 4 and 5 3. Go over Sec. 6 and cover the major points, don't need to be very detailed. 4. The metho and evaluation part is kind of interesting, - they compare various out-of-shelf IDS products. Go over briefly.
2. A Signal Analysis of Network Traffic Anomalies, P. Barford, J. Kline, D. Plonka and Amos Ron, in Proc. of ACM SIGCOMM Internet Measurement Workshop (IMW), 2003. (slides in PDF). |
Tu 5/11 |
Network traffic anomaly analysis |
Elliot [ppt] |
1. Internet Intrusions: Global
Characteristics and Prevalence, Yegneswaran, Vinod; Barford, Paul;
Ullrich, Johannes., In Proc. of ACM SIGMETRICS, June, 2003 |
Th 5/13 |
Network fault diagnostics |
1. User-level Internet Path Diagnosis,R. Mahajan, N. Spring, D. Wetherall and T. Anderson, in Proc. of ACM SOSP 2003. 2. Server-based Inference of Internet Performance.V. N. Padmanabhan, L. Qiu, and H. Wang, in Proc. of IEEE INFOCOM, 2003. |
|
Tu 5/18 |
High-speed network anomaly detection |
Elliot [ppt] |
1. Automatically Inferring Patterns of Resource Consumption in Network Traffic, C. Estan, S. Savage and G. Varghese, in ACM SIGCOMM, 2003. Paper in (PostScript) and (PDF). Slides in XP PowerPoint. 2. Sketch-based Change Detection: Methods, Evaluation, and Applications, B. Krishnamurthy, S. Sen, Y. Zhang, and Y. Chen, in Proc. of ACM SIGCOMM Internet Measurement Conference (IMC), 2003. |
Th 5/20 |
Network topology discovery |
Zach [ppt] |
1. Heuristics
for Internet Map Discovery, R. Govindan, and H. Tangmunarunkit, in Proc. of IEEE INFOCOM, 2000 (slides). 2. Measuring ISP Topologies with Rocketfuel, N. Spring, R. Mahajan, and D. Wetherall, in ACM SIGCOMM 2002 (talk). |
Tu 5/25 |
BGP and routing
anomalies |
Tamara [ppt] |
1. BGP tutorial from Cisco, please read the “BGP fundamental” part and this simplified tutorial of BGP. (I will go over the slides in the class. You may also want to read the full version of “Introduction to BGP” by Tim Griffin.) Note: you don’t need to write flaws for the tutorial in your summary. 2. Delayed Internet Routing Convergence, by C. Labovitz, A. Ahuja, A. Bose and F. Jahanian, in ACM SIGCOMM 2000. (slides of their NANOG 19 talk) |
Th 5/27 |
Overlay and P2P network measurement/monitoring |
Stefan [ron.ppt] Hugo [tom.ppt] |
1. Resilient Overlay Networks, D. G. Andersen, H. Balakrishnan, M. F. Kaashoek, and R. Morris, in Proc. of ACM SOSP, 2001 (talk). 2. Tomography-based Overlay Network Monitoring, Y. Chen, D. Bindel, and R. H. Katz, in Proc. of ACM SIGCOMM Internet Measurement Conference (IMC), 2003 (talk). Full version to appear in ACM SIGCOMM 2004. |
Tu 6/1 |
Project presentation |
|
|
Th 6/3 |
Project presentation |
Notes: