Date |
Lectures Topics |
Speakers & Notes |
|
Tu 3/29 |
Class overview, Introduction to networking security, project assignment |
Yan [ppt] |
|
W 3/30 |
BGP and routing
anomalies (presentation with CS495) |
Yan [ppt] |
1. BGP tutorial from Cisco, please read the “BGP fundamental” part and this simplified tutorial of BGP. (I will go over the slides in the class. You may also want to read the full version of “Introduction to BGP” by Tim Griffin.) Note: you don’t need to write flaws for the tutorial in your summary. 2. Delayed Internet Routing Convergence, by C. Labovitz, A. Ahuja, A. Bose and F. Jahanian, in ACM SIGCOMM 2000. (slides of their NANOG 19 talk) |
M 4/4 |
Network architecture (debate with CS495) |
495: defense 450: offense |
Towards
an Active Network Architecture, by D. Tennenhouse and D. Wetherall [Reference] Active network vision and reality: lessons from a capsule-based system, by D. Werherall |
W 4/6 |
Malicious code
research agenda |
|
1.
From AntiVirus to AntiWorm:
A New Strategy for A New Threat Landscape (PowerPoint), C. Nachenberg (Symantec
Research Labs), Invited talk at ACM WORM 2004
2. Large
Scale Malicious Code: A Research Agenda, N. Weaver, V. Paxson, |
M 4/11 |
Fast worm propagation (presentation with CS495) |
Presentation by Chi from 495 |
The Top Speed of Flash Worms. S. Staniford, D. Moore, V. Paxson and N. Weaver, ACM WORM 2004. [Reference] How to 0wn the Internet
in Your Spare Time, |
W 4/13 |
Prevalence of global intrusions (debate with CS495) |
Zhichun 450: defense 495: offense [ppt] |
Internet Intrusions: Global
Characteristics and Prevalence, Yegneswaran, Vinod; Barford, Paul;
Ullrich, Johannes., In Proc. of ACM SIGMETRICS, June, 2003 |
M 4/18 |
Malcode containment |
Gao [containment.ppt] |
Very Fast Containment of Scanning Worms, N. Weaver, S. Staniford, V. Paxson, USENIX Security Symposium, 2004. [Reference] Internet Quarantine: Requirements for Containing Self-Propagating Code. D. Moore, C. Shannon, G. Voelker and S. Savage. In Proceedings of the IEEE Infocom, 2003. |
W 4/20 |
Worm signature generation |
Justin & Yunhai |
1. Autograph: Toward Automated, Distributed Worm Signature Detection, H. Kim, and B. Karp, USENIX Security Symposium, 2004. 2. Worm
Origin Identification Using Random Walks, |
M 4/25 |
Worm signature generation II (presentation with CS495) |
Manan Presentation from 450 |
1. Automated
Worm Fingerprinting, S. Singh, C. Estan, G. Varghese, and S. Savage, OSDI
2004. 2. Polygraph: Automatically Generating Signatures For Polymorphic Worms, James Newsome, Brad Karp, Dawn Song, IEEE Security Symposium 2005 |
W 4/27 |
Midterm project presentation |
||
M 5/2 |
Denial-of-Service (DoS) attacks (presentation with CS495) |
Presentation from 495 [dosTaxonomy.ppt] [inferDOS.ppt] [animation movie] |
1. A Taxonomy of DDoS Attacks and Defense Mechanisms, J. Mirkovic and P. Reiher, in ACM Computer and Communication Review (CCR), Apr. 2004. [References] Inferring
Internet Denial of Service Activity, D. |
W 5/4 |
DoS attacks II (debate with CS495) |
Gao 495: defense 450: offense |
Controlling High-Bandwidth Flows at a Congested Router, by R. Mahajan et al. |
M 5/9 |
DoS attacks vs. flash crowds (debate with CS495) |
Manan 450: defense 495: offense |
Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds, NSDI 2005 [Reference] Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites (PS version), J. Jung, B. Krishnamurthy and M. Rabinovich, in Proc. of WWW, 2002. |
W 5/11 |
DoS in P2P (debate with CS495) |
Justin & Yunhai 495: defense 450: offense |
Denial-of-Service Resilience in
Peer-to-Peer File Sharing Systems, by D. Dumitiru et
al., Sigmetrics 05
|
M 5/16 |
DoS in Wireless network (debate with CS495) |
450: defense 495: offense |
Denial-of-Service Resilience in Ad-Hoc Networks,
by |
W 5/18 |
Network fault diagnostics (presentation with CS495) |
Presentation from 450 [tulip.ppt] |
1. User-level Internet Path Diagnosis,R. Mahajan, N. Spring, D. Wetherall and T. Anderson, in Proc. of ACM SOSP 2003. 2. Server-based Inference of Internet Performance.V. N. Padmanabhan, L. Qiu, and H. Wang, in Proc. of IEEE INFOCOM, 2003. |
M 5/23 |
High-speed network anomaly/intrusion detection |
Zhichun |
1. Operational Experiences with High-Volume Network Intrusion Detection, Holger Dreger, Anja Feldmann, Vern Paxson and Robin Sommer, ACM CCS 2004 2. On the Difficulty of Scalably Detecting Network Attacks, Kirill Levchenko, Ramamohan Paturi and George Varghese, ACM CCS 2004 |
W 5/25 |
Project presentation |
Yan Gao and Zhichun |
|
M 5/30 |
No classes |
||
W 6/1 |
Project presentation |
Yunhai and Leon Justin and Zhichun |
Notes: