CSCI 6900 - Computer Network Attacks and Defenses

Fall 2010

This is the course calendar for the Fall 2010 semester. Please notice that the schedule is not definitive and will be updated as the course progresses. Students are responsible for visiting this page often to stay informed on the latest reading assignments and other information. Of course, I will also inform you of significant changes during the lectures, but this page is the one place you should refer to for all the details.

Date
Topic
Lecture/Reading
Other Assignments
8/16
Introduction
CSCI-6900 Introduction [slides]

8/17
Introduction
Overview of research topics in computer and network security (part A) [slides]
(no reviews)
8/19

Overview of research topics in computer and network security (part B) [slides]
(no reviews)

Choose 3 papers from the paper list by 8/20-11:59pm
8/23
Botnet Detection
G. Gu, R. Perdisci, J. Zhang, W. Lee. BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection. USENIX'08: Proceedings of the 17th conference on Security symposium. Presenter: Prof. Perdisci [slides] (no review, but read the paper)
8/24
Malware
Detection
R. Perdisci, W. Lee, and N. Feamster. Behavioral Clustering of HTTP-based Malware and Signature Generation using Malicious Network Traces. USENIX Symposium on Networked Systems Design and Implementation, NSDI 2010. Presenter: Prof. Perdisci [slides]

Course announcements [slides]
(no review, but read the paper)
8/26
Botnets B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, G.  Vigna. Your botnet is my botnet: analysis of a botnet takeover. CCS '09: Proceedings of the 16th ACM conference on Computer and communications security. Presenter: Farhan Jiva [slides]

[optional] M. Abu Rajab, J. Zarfoss, F. Monrose, and A. Terzis. A multifaceted approach to understanding the botnet phenomenon. IMC'06: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement.
review due today by 12:15pm

Summary of Research Interests due today by 11:59pm
8/30
Botnets
Y. Zhao, Y. Xie, F. Yu, Q. Ke, Y. Yu, Yuan, Y. Chen, E. Gillum. BotGraph: large scale spamming botnet detection. NSDI'09: Proceedings of the 6th USENIX symposium on Networked systems design and implementation. Presenter: Cole Sherer [slides]

[optional] J.P. John, A. Moshchuk, S.D. Gribble, and A. Krishnamurthy, Arvind. Studying spamming botnets using Botlab. NSDI'09: Proceedings of the 6th USENIX symposium on Networked systems design and implementation.
review due today by 12:15pm
8/31
Botnets
Y. Xie, F. Yu, K. Achan, R. Panigrahy, G. Hulten, and I. Osipkov. Spamming Botnets: Signatures and Characteristics. SIGCOMM'08. Presenter: Bo Feng [slides]

Project Proposal Guidelines [slides]
review due today by 12:15pm
9/2
Worms
J. Newsome, B. Karp, and D. Song. Polygraph: Automatically Generating Signatures for Polymorphic Worms. IEEE SP '05: Proceedings of the 2005 IEEE Symposium on Security and Privacy. Presenter: MLavoie [slides]

[optional] S. Staniford, V. Paxson, and N. Weaver. How to Own the Internet in Your Spare Time. Proceedings of the 11th USENIX Security Symposium.
review due today by 12:15pm
9/6

Holiday (Labor Day)

9/7
Worms
R. Perdisci, D. Dagon, W. Lee, P. Fogla, and M. Sharif. Misleading Worm Signature Generators Using Deliberate Noise Injection. IEEE SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy. Presenter: Prof. Perdisci [slides]
(no review, but read the paper)
9/9

5 minutes research proposal presentations
9/13
Malware
J. Oberheide, E. Cooke, and F. Jahanian. CloudAV: N-Version Antivirus in the Network Cloud. USENIX'08: Proceedings of the 17th conference on Security symposium. Presenter: Presenter: Carl Brett Meyer [slides]

[optional] N. Provos, P. Mavrommatis, M. Abu Rajab, F. Monrose. All Your iFRAMEs Point to Us. USENIX'08: Proceedings of the 17th conference on Security symposium.
review due today by 12:15pm
9/14
Malware
H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: capturing system-wide information flow for malware detection and analysis. CCS '07: Proceedings of the 14th ACM conference on Computer and communications security. Presenter: MLavoie [slides]
review due today by 12:15pm
9/16
Malware
A. Moser, C. Kruegel, and E. Kirda. Exploring Multiple Execution Paths for Malware Analysis. IEEE SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy. Presenter: Rohit Mullangi [slides]

[optional] M. Sharif, A. Lanzi, J. Giffin and W. Lee. Impeding Malware Analysis Using Conditional Code Obfuscation. 15th Annual Network and Distributed System Security Symposium (NDSS'08)
review due today by 12:15pm

Research Project
Proposal due 9/17 by 11:59pm
9/20
Malware
F. Guo, P. Ferrie, and T. Chiueh. A Study of the Packer Problem and Its Solutions. RAID'08: Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection 2008. [download it from SpringerLink website, trhough library.uga.edu]. Presenter: Will Whiteside [slides]
review due today by 12:15pm
9/21
Malware
A. Dinaburg, P. Royal, M. Sharif, and W. Lee. Ether: Malware Analysis via Hardware Virtualization Extensions. In Proceedings of The 15th ACM Conference on Computer and Communications Security (CCS 2008). Presenter: Enrico Galli [slides]

[optional] S. King, P. Chen, Y. Wang, C. Verbowski, H. Wang, and J. Lorch. SubVirt: Implementing malware with virtual machines. IEEE Symposium on Security and Privacy, 2006.
review due today by 12:15pm
9/23
Malware
U. Bayer, P. Milani, C. Hlauschek, C. Kruegel, and E. Kirda. Scalable, Behavior-Based Malware Clustering. 16th Annual Network and Distributed System Security Symposium (NDSS 2009). Presenter: Sal LaMarca [slides]
review due today by 12:15pm
9/27
Spam
V. Metsis, I. Androutsopoulos, G. Paliouras. Spam Filtering with Naive Bayes – Which Naive Bayes? CEAS'06: Collaboration, Electronic messaging, Anti-Abuse and Spam Conference 2006. Presenter: Carl Brett Meyer [slides]
review due today by 12:15pm
9/28
Spam
A. Ramachandran and N. Feamster. Understanding the Network-Level Behavior of Spammers. Proc. ACM SIGCOMM 2006. Presenter: MLavoie [slides]

[optional] S. Hao, N. Feamster, A. Gray, N. Syed, S. Krasser. Detecting Spammers with SNARE: Spatio-Temporal Network-Level Automated Reputation Engine. 18th USENIX Security Symposium 2009
review due today by 12:15pm
9/30
Vulnerabilities
C. Cowan, P. Wagle, C. Pu, S. Beattie, J. Walpole. Buffer overflows: attacks and defenses for the vulnerability of the decade. Foundations of Intrusion Tolerant Systems, 2003. Presenter: Chris Neasbitt [slides]
review due today by 12:15pm
10/4

Prepare for Midterm Project Report and Presentation

10/5

Prepare for Midterm Project Report and Presentation
10/7

Prepare for Midterm Project Report and Presentation
10/11
Vulnerabilities
H. Shacham. The Geometry of Innocent Flesh on the Bone: Return-into-libc without function Calls (on the x86). Proceedings of ACM CCS 2007. Presenter: Enrico Galli [slides]

[optional] D. Brumley, T. Chiueh, R. Johnson, H. Lin, D. Song. RICH: Automatically Protecting Against Integer-Based Vulnerabilities. NDSS 2007.
review due today by 12:15pm
10/12

Mideterm 10 minutes progress resport presentations
10/14

Mideterm 10 minutes progress resport presentations Midterm Project Progress Report due on 10/15 at 11:59pm
10/18
IDS
M. Handley, C. Kreibich, and V. Paxson. Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. USENIX Security Symposium 2001. Presenter: Chris Neasbitt [slides]
review due today by 12:15pm
10/19
IDS
K. Wang, and S. J. Stolfo. Anomalous payload-based network intrusion detection. RAID 2004. Presenter: Prof. Perdisci
review due today by 12:15pm
10/21
IDS
J. Mason, S. Small, F. Monrose, and G. MacManus. English shellcode. CCS '09: Proceedings of the 16th ACM conference on Computer and communications security 2009. Presenter: Will Whiteside [slides]
review due today by 12:15pm
10/25
IDS
C. Kruegel, and G. Vigna. Anomaly detection of web-based attacks. CCS '03: Proceedings of the 10th ACM conference on Computer and communications security 2003. Presenter: Farhan Jiva [slides]
review due today by 12:15pm
10/26
IDS
C. Warrender, S. Forrest, B. Pearlmutter. Detecting Intrusions Using System Calls: Alternative Data Models. IEEE Symposium on Security and Privacy 1999.
Presenter: Enrico Galli [slides]
review due today by 12:15pm
10/28
IDS
C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna. Automating Mimicry Attacks Using Static Binary Analysis. In the Proceedings of the 14th USENIX Security Symposium 2005. Presenter: Rohit Mullangi [slides]
review due today by 12:15pm
11/1
Web Security
Y. Wang ,  D. Beck ,  X. Jiang ,  R. Roussev, C. Verbowski, S. Chen, and S. King. Automated Web Patrol with Strider HoneyMonkeys. NDSS 2006
Presenter: Bo Feng [slides]
review due today by 12:15pm
11/2
Web Security
C. Grier, S. Tang, and S.T. King. Secure Web Browsing with the OP Web Browser. Proceedings of the 2008 IEEE Symposium on Security and Privacy.
Presenter: Farhan Jiva [slides]
review due today by 12:15pm
11/4
Web Security
D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, G. Vigna. Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications. Proceedings of the 29th IEEE Symposium on Security and Privacy 2008. Presenter: Rohit Mullangi [slides]
review due today by 12:15pm
11/8

Prepare for Final Project Report and Presentation

Tips on how to write a conference style paper [slides]

11/9
Privacy
R. Geambasu, T. Kohno, A. Levy, H. M. Levy. Vanish: Increasing Data Privacy with Self-Destructing Data. In Proceedings of the USENIX Security Symposium 2009. Presenter: Cole Sherer [slides] review due today by 12:15pm
11/11
Privacy
A. Narayanan, V. Shmatikov. Robust De-anonymization of Large Sparse Datasets. IEEE Symposium on Security and Privacy, 2008. Presenter: Carl Brett Meyer [slides] review due today by 12:15pm
11/15

Prepare for Final Project Report and Presentation
11/16
Privacy
S. Chen, R. Wang, X. Wang, K. Zhang. Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow. IEEE Symposium on Security and Privacy 2010. Presenter: Will Whiteside [slides]
review due today by 12:15pm
11/18
Miscellanea
J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, E. W. Felten. Lest We Remember: Cold Boot Attacks on Encryption Keys. USENIX Security Symposium 2008. Presenter: Bo Feng [slides]
review due today by 12:15pm
11/22 - 11/26

Thanksgiving Holiday

11/29
Miscellanea
A. Bittau, M. Handley and J. Lackey. The Final Nail in WEP's Coffin.  Proceedings of the IEEE Symposium on Security and Privacy, 2006. Presenter: Chris Neasbitt review due today by 12:15pm
11/30
Miscellanea
J. Zhang, P. Porras, J. Ullrich. Highly Predictive Blacklisting. USENIX Security Symposium 2008. Presenter: Cole Sherer review due today by 12:15pm
12/2

Final 15 minutes research project results presentation

12/6

Final 15 minutes research project results presentation
12/7

Final 15 minutes research project results presentation
12/10

Final paper submission deadline (due on 12/10 by 11:59pm)