Course Lecture Plan


Lectures Topics

Speakers & Notes


Tu 3/29

Class overview, Introduction to networking security, project assignment

Yan [ppt]


W 3/30

BGP and routing anomalies (presentation with CS495)

Yan [ppt]

1.     BGP tutorial from Cisco, please read the “BGP fundamental” part and this simplified tutorial of BGP.  (I will go over the slides in the class.  You may also want to read the full version of “Introduction to BGP” by Tim Griffin.)

Note: you don’t need to write flaws for the tutorial in your summary.

2.     Delayed Internet Routing Convergence, by C. Labovitz, A. Ahuja, A. Bose and F. Jahanian, in ACM SIGCOMM 2000.  (slides of their NANOG 19 talk)

M 4/4

Network architecture

(debate with CS495)


495: defense

450: offense

Towards an Active Network Architecture, by D. Tennenhouse and D. Wetherall

[Reference] Active network vision and reality: lessons from a capsule-based system, by D. Werherall

W 4/6

Malicious code research agenda



1.     From AntiVirus to AntiWorm: A New Strategy for A New Threat Landscape (PowerPoint), C. Nachenberg (Symantec Research Labs), Invited talk at ACM WORM 2004

2. Large Scale Malicious Code: A Research Agenda, N. Weaver, V. Paxson, S. Staniford and R. Cunningham, DARPA-sponsored report, 2003.

M 4/11

Fast worm propagation (presentation with CS495)

Presentation by Chi

from 495

The Top Speed of Flash Worms. S. Staniford, D. Moore, V. Paxson and N. Weaver, ACM WORM 2004.


[Reference] How to 0wn the Internet in Your Spare Time, S. Staniford, V. Parxson and N. Weaver. In Proceedings of the 11th Usenix Security Symposium, 2002.


W 4/13

Prevalence of global intrusions

(debate with CS495)


450: defense

495: offense


Internet Intrusions: Global Characteristics and Prevalence, Yegneswaran, Vinod; Barford, Paul; Ullrich, Johannes., In Proc. of ACM SIGMETRICS, June, 2003

M 4/18

Malcode containment

Gao [containment.ppt]

Very Fast Containment of Scanning Worms, N. Weaver, S. Staniford, V. Paxson, USENIX Security Symposium, 2004.

[Reference] Internet Quarantine: Requirements for Containing Self-Propagating Code. D. Moore, C. Shannon, G. Voelker and S. Savage. In Proceedings of the IEEE Infocom, 2003.

W 4/20

Worm signature generation

Justin & Yunhai

1.     Autograph: Toward Automated, Distributed Worm Signature Detection, H. Kim, and B. Karp, USENIX Security Symposium, 2004.

2.     Worm Origin Identification Using Random Walks,
Yinglian Xie, Vyas Sekar, David A. Maltz, Michael K. Reiter, Hui Zhang, IEEE Security Symposium 2005

M 4/25

Worm signature generation II

(presentation with CS495)


Presentation from 450

1.     Automated Worm Fingerprinting, S. Singh, C. Estan, G. Varghese, and S. Savage, OSDI 2004.

2.     Polygraph: Automatically Generating Signatures For Polymorphic Worms, James Newsome, Brad Karp, Dawn Song, IEEE Security Symposium 2005

W 4/27

Midterm project presentation

M 5/2

Denial-of-Service (DoS) attacks

(presentation with CS495)

Presentation from 495 [dosTaxonomy.ppt] [inferDOS.ppt] [animation movie]

1.     A Taxonomy of DDoS Attacks and Defense Mechanisms, J. Mirkovic and P. Reiher, in ACM Computer and Communication Review (CCR), Apr. 2004.

[References] Inferring Internet Denial of Service Activity, D. Moore, G. Voelker and Stefan Savage, in Proc. of the USENIX Security Symposium, 2001 (best paper award).

W 5/4

DoS attacks II

(debate with CS495)


495: defense

450: offense

Controlling High-Bandwidth Flows at a Congested Router, by R. Mahajan et al.

M 5/9

DoS attacks vs. flash crowds (debate with CS495)


450: defense

495: offense


Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds, NSDI 2005

[Reference] Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites (PS version), J. Jung, B. Krishnamurthy and M. Rabinovich, in Proc. of WWW, 2002.

W 5/11

DoS in P2P

(debate with CS495)

Justin & Yunhai

495: defense

450: offense

Denial-of-Service Resilience in Peer-to-Peer File Sharing Systems, by D. Dumitiru et al., Sigmetrics 05

M 5/16

DoS in Wireless network (debate with CS495)

Yao [ppt]

450: defense

495: offense

Denial-of-Service Resilience in Ad-Hoc Networks, by I. Aad et al.

W 5/18

Network fault diagnostics (presentation with CS495)


Presentation from 450 [tulip.ppt]


1.     User-level Internet Path Diagnosis,R. Mahajan, N. Spring, D. Wetherall and T. Anderson, in Proc. of ACM SOSP 2003.

2.     Server-based Inference of Internet Performance.V. N. Padmanabhan, L. Qiu, and H. Wang, in Proc. of IEEE INFOCOM, 2003.

M 5/23

High-speed network anomaly/intrusion detection




1.     Operational Experiences with High-Volume Network Intrusion Detection, Holger Dreger, Anja Feldmann, Vern Paxson and Robin Sommer, ACM CCS 2004

2.     On the Difficulty of Scalably Detecting Network Attacks, Kirill Levchenko, Ramamohan Paturi and George Varghese, ACM CCS 2004

W 5/25

Project presentation

Yan Gao and Zhichun



M 5/30

No classes

W 6/1

Project presentation

Yunhai and Leon

Justin and Zhichun



  1. You may find the brochure (suggested by Fabián E. Bustamante) useful: Efficient reading of papers in Science and Technology by Michael J. Hanson, 1990, revised 2000 Dylan McNamee.