CSCE 665: Advanced Networking and Security

Spring 2018


Instructor:        Dr. Guofei Gu (guofei@cse, 502C HRBB)

Lectures:         MWF 1:50 pm- 2:40 pm, Rm 126 HRBB

Office Hour:    Wednesday 3-4pm or by appointment


Course Description

Prerequisites: Operating Systems, Computer Networks, and C/C++ and/or Java.

This course will introduce various modern topics in computer and network security. It will provide a thorough grounding in computer and network security suitable for those interested in conducting research in this area, as well as students more broadly interested in real-world security issues/techniques. Topics may span (but not limited to):

Learning objectives & outcomes:

Textbook (s): There is no required textbook. Most readings will be from research papers in top security conferences and journals (listed below). In addition to research papers, you may also read the following textbooks for more security background.

Three hours of lecture per week. (3 units)


Grading

Paper presentation/mini-review and class participation: 20%
Homework: 30% 
Mini research project: 50%

There is no mid-term or final exam.

All late submissions within one day after the deadline will automatically lose 40% points. Submissions two days after the deadline will NOT be accepted (unless you get permission from the instructor).

There will be bonus points for EXCELLENT mini research projects.


Paper mini-review

You are expected to write several mini-reviews (to be assigned). This mini-review should at least include the following five items:

Details to be discussed in class.


Homework

There will be several homeworks to help you better understand security principles and techniques. Please finish instructed assignments/labs by yourself and submit necessary reports/materials in google classroom.


Mini Research Project

There will be a semester-long mini research project. You will do research in a team (up to 2 people) or individually. You can choose any interesting topic in computer/network security (not necessary a topic discussed in class, and tied with your current research is encouraged). Be ambitious and start thinking of project topics early!.

During this project, you need to submit a project proposal, a progress report, and the final report. A project proposal should contain introduction (motivation, problem statement), proposed technique/solution, survey of related work (and comparison), project plan (tasks, timeline, job split in the team). A project progress report is essentially close to the final report with some experiments/evaluation to be filled. The final report is expected to be a workshop quality paper. You will also present your project in the final mini-workshop.

For the project report, please use the IEEE proceeding template available here. Reports should have a minimum length of 8 pages (excluding references). Reports must be formatted for US letter size (not A4) paper in a two-column layout, with columns no more than 9.25 in. high and 3.5 in. wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing.

The grade of projects will be based on the following factors: novelty, depth, correctness, clarity of presentation, and effort.
Please submit the proposal/report in eCampus. Each group/team only needs to send one.

Ethics & Academic Integrity

We will study/discuss threats and attacks in class. You should be fully aware of ethics when studying these techniques. If in any context you are not sure about where to draw the line, come talk to me first.

"An Aggie does not lie, cheat, or steal or tolerate those who do."

Upon accepting admission to Texas A&M University, a student immediately assumes a commitment to uphold the Honor Code, to accept responsibility for learning, and to follow the philosophy and rules of the Honor System. Students will be required to state their commitment on examinations, research papers, and other academic work. Ignorance of the rules does not exclude any member of the TAMU community from the requirements or the processes of the Honor System.


Schedule (tentative)

This tentative schedule will be updated as the course progresses and it is subject to change! Please check back for most recent update!

Week Topic Readings Note 
Course overview & logistics none
Computer security overview KPS, PP, SB  
Software security Smashing the stack for fun and profit.
Return-to-libc attack.

[Further readings] Blended attacks.
Homework 1 out 
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Crispin Cowan, et al.
On the effectiveness of address-space randomization.CCS'04

3 Malware: Basics
How to 0wn the Internet in Your Spare Time, Stuart Staniford, Vern Paxson and Nicholas Weaver, Security'02
The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets. Evan Cooke, Farnam Jahanian, and Danny McPherson
 
Know your Enemy:Tracking Botnets Using honeynets to learn more about Bots, Paul Bacher, Thorsten Holz, Markus Kotter, Georg Wichersk
A Multifaceted Approach to Understanding the Botnet Phenomenon. Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis. IMC'06
 
4 Intrusion detection  The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson. ACM TISSEC'00
A sense of self for Unix processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. S&P'96

Bro: A System for Detecting Network Intruders in Real-Time, Vern Paxson, Computer Networks, 31(23-24), pp. 2435-2463, 14 Dec. 1999.
Anomalous Payload-based Network Intrusion Detection. Ke Wang and Salvatore J. Stolfo. RAID'04
Intrusion detection via static analysis. S&P'01
 

5
Malware: Bonet detection BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. Security'08
BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee. Security'07
CyberProbe: Towards Internet-Scale Active Detection of Malicious Servers. Nappa et al. NDSS'14
AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis. Xu et al. CCS'14
Homework 2 out
Lab basics
Project proposal due

6
SDN Security Openflow tutorial
FRESCO: Modular Composable Security Services for Software-Defined Networks. Seungwon Shin, Phillip Porras, Vinod Yegneswaran, Martin Fong, Guofei Gu, and Mabry Tyson. NDSS'13
AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks. Seungwon Shin, Vinod Yegneswaran, Phil Porras, and Guofei Gu. CCS'13


7
Web and Social Network Security
CSS explained, CSRF, SQL Injection
Die Free or Live Hard? Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers. Chao Yang, Robert Harkreader, Guofei Gu. RAID'11
Analyzing Spammers' Social Networks For Fun and Profit -- A Case Study of Cyber Criminal Ecosystem on Twitter. Chao Yang, Robert Harkreader, Jialong Zhang, Suengwon Shin, and Guofei Gu. WWW'12
Homework 3 out 
8 Mobiel Security
Android basics.
"Dissecting Android Malware: Characterization and Evolution," Yajin Zhou, Xuxian Jiang,S&P'12.


Intrusion detection
Student presentation, debate, discussion:
FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild. NDSS’17
9
Spring break
No class
 
10
IDS/Malware
Student presentation, debate, discussion:
Detecting Credential Spearphishing in Enterprise Settings. USENIX Security’17
Click Trajectories: End-to-End Analysis of the Spam Value Chain. S&P'11
Amin Kharraz, Engin Kirda, Redemption: Real-time In Protection Against Ransomware at End-Hosts. RAID'17

11
SDN security Student presentation, debate, discussion:
Rosemary: A Robust, Secure, and High-performance Network Operating System. CCS'14
SPHINX: Detecting Security Attacks in Software-Defined Networks. NDSS'15
One Sketch to Rule Them All: Rethinking Network Flow Monitoring with UnivMon. SIGCOMM'16


12
Web security
Student presentation, debate, discussion:
Anomaly Detection of Web-based Attacks. CCS'13
Automatically Detecting Vulnerable Websites Before They Turn Malicious. USENIX Security'14
EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis. NDSS'11
Project progress report due
13
Mobile & IoT security
Student presentation, debate, discussion:
On the Feasibility of Large-Scale Infections of iOS Devices. USENIX Security'14 Security Analysis of Emerging Smart Home Applications . S&P 2016
IOTFUZZER: Discovering Memory Corruptions in IoT Through App-based Fuzzing. NDSS'18

14
Mini-workshop: student project
 
 
15  Mini-workshop: student project   
 
16 Mini-workshop

Final report due TBA


Acknowledgments

Some course materials may have incorporated those developed by Dr. Nick Feamster (Georgia Tech), Dr. Wenke Lee (Georgia Tech), Dr. Wenliang Du (Syracuse), and Dr. Vitaly Shmatikov (UT Austin).