Email: shao -at- utdallas.edu
Office: ECSS 3.705
Office hours: 4-5 pm Tuesday
|Class time:||4-6:45 pm Friday|
CS 6301 is a graduate level, research oriented, network security course. We will cover techniques and considerations for conducting empirical network security and Internet measurement research. The course will center around readings of foundational and seminal research papers. Topics include measurement methodology, intrusion detection, denial-of-service, botnets and spam, protocol issues, web attacks, search engine optimization, and deep learning in security. Students will also learn skills of reading essays and research papers and giving presentations.
Networking course is a pre-requisite. Computer Security course is suggested (not a pre-requisite).
Textbook and Reading List
The course has no textbook. We will read a bunch of research papers. The instructor will introduce reference books for particular topics.
- Measuring and Detecting Fast-Flux Service Networks. Thorsten Holz, Christian Gorecki, Konrad Rieck, and Felix C. Freiling. NDSS 2008.
- The Long 'Taile' of Typosquatting Domain Names. Janos Szurdi, Balazs Kocso, Gabor Cseh, Jonathan Spring, Mark Felegyhazi, and Chris Kanich. USENIX Security 2014.
- Amplification Hell: Revisiting Network Protocols for DDoS Abuse. Christian Rossow. NDSS 2014.
- IoT Goes Nuclear: Creating a ZigBee Chain Reaction. Eyal Ronen, Colin O'Flynn, Adi Shamir, and Achi-Or Weingarten. IEEE S&P 2017.
- Your Botnet is My Botnet: Analysis of a Botnet Takeover. Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna. CCS 2009.
- deSEO: Combating Search-Result Poisoning. John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy, and Martin Abadi. USENIX Security 2011.
- Cloak and Dagger: Dynamics of Web Search cloaking. David Y. Wang, Stefan Savage, and Geoffrey M.Voelker. CCS 2011.
- Click Trajectories: End-to-End Analysis of the Spam Value Chain. Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Mark Felegyhazi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, and Stefan Savage. IEEE S&P 2011.
- IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. NDSS 2018.
- Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy. Jakub Czyz, Matthew Luckie, Mark Allman, and Michael Bailey. NDSS 2016.
- Automated Crowdturfing Attacks and Defenses in Online Review Systems. Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, and Ben Y. Zhao. CCS 2017.
- DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning. Min Du, Feifei Li, Guineng Zheng, and Vivek Srikumar. CCS 2017.
- @spam: The Underground on 140 Characters or Less. Chris Grier, Kurt Thomas, Vern Paxson, and Michael Zhang. CCS 2010.
- Dissecting Android Malware: Characterization and Evolution. Yajin Zhou and Xuxian Jiang. IEEE S&P 2012.
- Entropy/IP: Uncovering Structure in IPv6 Addresses:. Pawel Foremski, David Plonka, and Arthur Berger. IMC 2016.
- Spamming Botnets: Signatures and Characteristics. Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten,and Ivan Osipkov. SIGCOMM 2008.
- Filtering Spam with Behavioral Blacklisting. Anirudh Ramachandran, Nick Feamster, and Santosh Vempala. CCS 2007.
- Measuring Pay-per-Install: The Commoditization of Malware Distribution. Juan Caballero, Chris Grier, Christian Kreibich, and Vern Paxson. USENIX Security 2011.
- Reading Thieves' Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces. Kan Yuan, Haoran Lu, Xiaojing Liao, and XiaoFeng Wang. USENIX Security 2018.
- Detecting and Defending Against Third-Party Tracking on the Web. Franziska Roesner, Tadayoshi Kohno, and David Wetherall. NSDI 2012.
- Fast Portscan Detection Using Sequential Hypothesis Testing. Jaeyeon Jung, Vern Paxson, Arthur Berger, and Hari Balakrishnan. IEEE S&P 2004.
The grade will be computed based on the following components:
- 5% Class Participation
- 45% In-Class Presentations
- 50% Class Project
- Class Participation will be based on attendance.
- In-Class Presentations will be presentations of research papers to the class. Each student will be assigned twice during the class to present the assigned papers. The students are expected to describe the challenges of the problem, introduce technical details of the papers, and provide review opinions on the papers.
- Class Project will be completed individually. The project ideas will be approved by the instructor. Please come to talk with the instructor early about the project ideas, the instructor will provide suggestions or point to the right directions.
Tentative Course Schedule
|09/07||Paper Reading, Writing, and Review|
|09/14||Techniques of Measurement and Large-scale Data Analysis|
|09/21 A||DNS Fast Flux |
|09/21 B||Domain Typosquatting |
|09/28 A||Vulnerabilities in IPv6 Networks |
|09/28 B||Finding IPv6 Addresses |
|10/05 A||Fake Reviews |
|10/05 B||Deep Learning for Detection |
|10/12 A||Android Malware |
|10/12 B||Internet of Things Security |
|10/12 C||Denial-of-Service Attacks |
|10/19 A||Search Engine Poisoning|
|10/19 B||Cloaking and Redirection |
|10/26 A||Fast Scan Detection |
|10/26 B||Detection with Fuzzing |
|11/02 A||Botnet Takeover |
|11/02 B||Social Network Spam |
|11/09 A||Underground Economy |
|11/09 B||Underground Jargons |
|11/09 C||Malware Distribution |
|11/16 A||Web Security |
|11/16 B||Web Tracking |
|11/30 A||Botnet Characteristics |
|11/30 B||Spam Filtering |