CAP 6133: Advanced Topics in Computer Security and 

Computer Forensic (Spring 2008)

Home                      Schedule notes                        Assignment

Class 1 (01/07/08):  

    Course Introduction;   How to give a good presentation

Class 2 (01/09/08):

    Introduction to Internet Worm (presented by Cliff Zou)
    Modeling and Measuring Botnets (presented by Cliff Zou)

Class 3 (01/14/08):

Continuing: Modeling and Measuring Botnets (presented by Cliff Zou)
On the Performance of Internet Worm Scanning Strategies (presented by Cliff Zou)

Class 4 (01/16/08):

How to 0wn the Internet in Your Spare Time, (presented by Melvin Rodriguez)
Automated Worm Fingerprinting (presented by Dan DeBlasio)

Class 5 (01/23/08):

Polygraph: Automatic Signature Generation for Polymorphic Worms. (presented by Anvita Priyam)
Polymorphic Blending Attacks (presented by Hiral Chhaya )

Class 6 (01/28/08):

An Inside Look at Botnets (presented by Kishore Padma Raju)
A Multifaceted Approach to Understanding the Botnet Phenomenon (presented by Richard Bares)

Class 7 (01/30/08):

BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation (presented by Bharat Soundarararajan)
Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis (presented by Brad Mundt)

Class 8 (02/04/08):

Dynamic Taint Analysis: Automatic Detection, Analysis, and Signature Generation of Exploit Attacks on Commodity Software (presented by Amit Shrivastava)
Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software. (presented chowdhury, abu rahat)

Class 9 (02/06/08):

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities.(presented by Radha Maldhure)
Introduction of honeypot and security measurement (presented by Cliff Zou)

Class 10 (02/11/08):

A Virtual Honeypot Framework (presented by Hiral Chhaya)
The Internet Motion Sensor: A Distributed Blackhole Monitoring System (presented by Brad Mundt)

Class 11 (02/13/08):

Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm (presented by Dan DeBlasio)
Defending Against Internet Worms: A Signature-Based Approach (presented by Richard Bares)

Class 12 (02/18/08):

HoneyStat: Local Worm Detection Using Honeypots. (presented by Melvin Rodriguez)
Detecting Targeted Attacks Using Shadow Honeypots(presented by Bharat Soundarararajan)

Class 13 (02/20/08):

Characteristics of internet background radiation(presented by Chowdhury, Abu Rahat)
Remote Physical Device Fingerprinting.   (Presented by Kishore Padma Raju)

Class 14 (02/25/08):

ConceptDoppler: A Weather Tracker for Internet Censorship (presented by Amit Shrivastava)
An Advanced Hybrid Peer-to-Peer Botnet (presented by Cliff Zou)

<>Class 15 (02/27/08):
Term project proposal
Wireshark (by Hiral and Anvita)
Botnet (by Bharat and Amit )
Steganography (by Dan and Brad)


Class 16 (03/03/08):
The Devil and Packet Trace Anonymization (presented by Radha Maldhure)
Protocol-Independent Adaptive Replay of Application Dialog (Anvita Priyam)

Class 17 (03/05/08): 
Improving Spam Detection Based on Structural Similarity (presented by Dan DeBlasio)
Understanding the Network-Level Behavior of Spammers (presented by Bharat Soundarararajan)

Spring break (a week)
03/17/08: Dr. Zou is out of town (attending NSF PI meeting)

Class 18 (03/19/08):
rootkit introduction by Dr. Cliff Zou
Security Analysis of a Cryptographically-Enabled RFID Device (presented by Rahat Chowdhury)

Class 19 (03/24/08):
SubVirt: implementing malware with virtual machines (presented by Radha Maldhure)
Raising The Bar For Windows Rootkit Detection (presetned by Richard Bares)

Class 20 (03/26/08):
 Timing Analysis of Keystrokes and Timing Attacks on SSH  (presented by Hiral Chhaya)
An Effective Defense Against Email Spam Laundering (presented by Amit Shrivastava)

Class 21 (03/31/08):
Mapping Internet Sensors with Probe Response Attacks  (presented by Anvita Priyam)
Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks (presented by Kishore Padma Raju)

Class 22 (04/02/08):
Exploiting Open Functionality in SMS-Capable Cellular Networks (presented by Brad Mundt)
Filtering Spam with Behavioral Blacklisting (presented by Melvin Rodriguez)

Class 23 (04/07/08):
Background Introduction  (presented by Cliff Zou)
Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities (presented by Bharat Soundarararajan)

Class 23 (04/09/08):
Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. (presented by Anvita Priyam)
SOS: An Architecture For Mitigating DDoS Attacks (presented by Hiral Chhaya)

Class 24 (04/14/08):
A Crawler-based Study of Spyware in the Web (presented by Amit Shrivastava)
How to Build a Low-Cost, Extended-Range RFID Skimmer (presented by Kishore Padma Raju)

04/16/08:   Term project presentation (part 1
Wireshark (by Hiral and Anvita)
Service Hardening (by Kishore Padma Raju, Abu Rahat Chowdhary, Radha Maldhure)

04/21/08:   Term project presentation (part 2)
Steganography (by Dan and Brad)
(by Richard Bares and Melvin Rodriguez)
P2P botnet (by Bharat Soundarararajan, Amit Shrivastava

Research papers for in-class presentation:

 Internet Malware Modeling and Defense:

    Reference material: http://www.wormblog.com/papers/

  (1). (Melvin Rodriguez) How to 0wn the Internet in Your Spare Time, Stuart Staniford, Vern Paxson, Nicholas Weaver, Usenix Security Symposium 2002.

  (2). (Cliff Zou) On the Performance of Internet Worm Scanning Strategies, Cliff C. Zou, Don Towsley, and Weibo Gong. Elsevier Journal of Performance Evaluation, 63(7), 700-723, July 2006.

  (3).  (Dan DeBlasio) Automated Worm Fingerprinting. Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage. OSDI'04.

  (4).  (Anvita Priyam) Polygraph: Automatic Signature Generation for Polymorphic Worms. James Newsome, Brad Karp, Dawn Song. In IEEE Security and Privacy Symposium, May 2005.

  (5).  (Hiral Chhaya ) Polymorphic Blending Attacks. Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov, and Wenke Lee. In Proceedings of The 15th USENIX Security Symposium (SECURITY '06) , Vancouver, B.C., Canada, August 2006.

Botnet:

  Introduction material: SANS, Know your Enemy: Tracking Botnets Using honeynets to learn more about Bots

 (1). (Kishore Padma Raju) An Inside Look at Botnets, Barford, Paul and Yegneswaran, Vinod.In Series: Advances in Information Security, Springer, 2006, ISBN ISBN-10: 0-387-32720-7. 

 (2).   (Richard Bares) A Multifaceted Approach to Understanding the Botnet Phenomenon. Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis,  Internet Measurement Conference, IMC'06, Brazil, October 2006.

 (3).  (Bharat Soundarararajan) BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation.Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, Wenke Lee. In USENIX Security Symposium, 2007.

Host-based Malware detection and defense

  (1). (Brad Mundt) Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis. Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, and Engin Kirda. ACM Conference on Computer and Communications Security, 2007.

  (2). (Radha Maldhure) Automatic Diagnosis and Response to Memory Corruption Vulnerabilities. Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, and Chris Bookholt. ACM Computer and Communication Security (CCS), 2005.

 (3). (Amit Shrivastava)Dynamic Taint Analysis: Automatic Detection, Analysis, and Signature Generation of Exploit Attacks on Commodity Software. James Newsome and Dawn Song. In Network and Distributed Systems Security Symposium (NDSS), Feb 2005.

 (4).  (chowdhury, abu rahat) Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software. James Newsome, David Brumley, Dawn Song, Jad Chamcham, Xeno Kovah. Network and Distributed Systems Security Symposium (NDSS), Feb 2006.

Honeypot:

 introduction material: http://www.honeypots.net/

(1). (Hiral Chhaya ) A Virtual Honeypot Framework. Niels Provos, Usenix Security Symposium 2004.

(2).  (Melvin Rodriguez) HoneyStat: Local Worm Detection Using Honeypots. David Dagon, Xinzhou Qin, Guofei Gu,Wenke Lee. The 7th International Symposium on Recent Advances in Intrusion Detection (RAID 2004).

(3).  (Brad Mundt) The Internet Motion Sensor: A Distributed Blackhole Monitoring System. Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson. 12th Annual Network and Distributed System Security Symposium (NDSS'05).

(4).  (Bharat Soundarararajan) Detecting Targeted Attacks Using Shadow Honeypots. K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, A. D. Keromytis. Usenix Security Symposium 2005.

(5).  (Dan DeBlasio) Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm. Michael Vrable, Justin Ma, Jay chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker and Stefan Savage. Proceedings of the ACM Symposium on Operating System Principles (SOSP), Brighton, UK, October 2005.

(6). (Richard Bares) Defending Against Internet Worms: A Signature-Based Approach, Yong Tang, Shigang Chen. in Proc. of IEEE INFOCOM'05

 Security Measurement and Traces:

  (1).  (chowdhury, abu rahat) Characteristics of internet background radiation. Ruoming Pang, Vinod Yegneswaran, Paul Barford, Vern Paxson, Larry Peterson. ACM Internet Measurement Conference, 2004.

  (2).  (Kishore Padma Raju) Remote Physical Device Fingerprinting. Tadayoshi Kohno, Andre Broido, KC Claffy. IEEE Symposium on Security and Privacy, 2005.

  (3). (Radha Maldhure) The Devil and Packet Trace Anonymization. Ruoming Pang, Mark Allman, Vern Paxson and Jason Lee. to appear in Computer Communication Review, January 2006.

 (4).  (Amit Shrivastava) ConceptDoppler: A Weather Tracker for Internet Censorship. Jedidiah R. Crandall, Daniel Zinn, Michael Byrd, Earl Barr, and Rich East.  ACM Conference on Computer and Communications Security (CCS 2007).

 (5). (Anvita Priyam) Protocol-Independent Adaptive Replay of Application Dialog, W. Cui, V. Paxson, N. Weaver and R Katz,  NDSS, 2006.

 Email Spam and Email-based Malicious Code:

  (1).(Dan DeBlasio) Improving Spam Detection Based on Structural Similarity. Luiz H. Gomes, Fernando D. O. Castro, Virglio A. F. Almeida, Jussara M. Almeida, and Rodrigo B. Almeida. Steps to Reducing Unwanted Traffic on the Internet Workshop, 2005.

  (2). (Amit Shrivastava) An Effective Defense Against Email Spam Laundering. Mengjun Xie, Heng Yin and Haining Wang. CCS'06

  (3).(Bharat Soundarararajan) Understanding the Network-Level Behavior of Spammers. Anirudh Ramachandran,Nick Feamster. ACM SIGCOMM 2006.

(4). (Melvin Rodriguez) Filtering Spam with Behavioral Blacklisting. Anirudh Ramachandran, Nick Feamster, and Santosh Vempala. ACM Conference on Computer and Communications Security 2007

Rootkit:

(1). (Radha Maldhure) SubVirt: implementing malware with virtual machines. Samuel T. King, Peter M. Chen, Yi-Min Wang, Chad Verbowski, Helen J. Wang, Jacob R. Lorch. IEEE Securtity and Privacy May 2006.

(2). (Richard Bares) Raising The Bar For Windows Rootkit Detection. Sherri Sparks, Jamie Butler. Phrack Magazine, 2005. 

Various Attacking Technique Research:

  (1).   (Hiral Chhaya ) Timing Analysis of Keystrokes and Timing Attacks on SSH. Dawn Song, David Wagner, Xuqing Tian. Usenix Security Symposium 2001.

  (2).  (Anvita Priyam) Mapping Internet Sensors with Probe Response Attacks. John Bethencourt, Jason Franklin, and Mary Vernon, University of Wisconsin, Madison, Usenix Security Symposium, 2005.

  (3). (Chowdhury, Abu Rahat) Security Analysis of a Cryptographically-Enabled RFID Device. Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Avi Rubin, Michael Szydlo. Usenix Security Symposium 2005.

  (4). (Kishore Padma Raju) Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks.  Saar Drimer and Steven J. Murdoch, Computer Laboratory, University of Cambridge, Usenix'07 best student paper.

  (5).  (Brad Mundt) Exploiting Open Functionality in SMS-Capable Cellular Networks. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), November 2005.

  (6). Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract). Philippe Golle, David Wagner:  IEEE Symposium on Security and Privacy 2007

  (7). Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems. Xinyuan Wang, Shiping Chen and Sushil Jajodia. IEEE Symposium on Security and Privacy 2007

Crawler-based security study:

  (1).  (Bharat Soundarararajan) Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities.   Yi-Min Wang, Doug Beck , Chad Verbowski, Shuo Chen, Sam King; Xuxian Jiang; Roussi Roussev, NDSS'06, 2006.

 (2).  Malware Prevalence in the KaZaA File-Sharing Network. Seungwon Shin; Jaeyeon Jung; Hari Balakrishnan.   Internet Measurement Conference 2006.

 (3). (Amit Shrivastava) A Crawler-based Study of Spyware in the Web. A. Moshchuk, S.D. Gribble, H. Levy. NDSS 2006.

Operating System and Software Security:

   Reference material: 

              Buffer Overflows for Dummies, by Josef Nelißen, 2002.

              Beyond stack smashing: recent advances in exploiting buffer overruns, J. Pincus and B. Baker, IEEE Security & Privacy Magazine, 2004.

  (2). (Anvita Priyam) Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. Helen J. Wang, Chuanxiong Guo, Daniel R. Simon, and Alf Zugenmaier. ACM SIGCOMM, 2004.

  (3).  Address obfuscation: an efficient approach to combat a broad range of memory error exploits. S. Bhatkar, D.C. DuVarney, and R. Sekar. USENIX Security Symposium, 2003.

 (6). Vigilante: End-to-End Containment of Internet Worms. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham.  In Proceedings of the 20th ACM Symposium on Operating System Principles (SOSP), Brighton, UK, Oct. 2005.

(8). EXE: automatically generating inputs of death, Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, Dawson R. Engler. ACM Conference on Computer and Communications Security 2006.

(9). Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting, Sherri Sparks, Ryan Cunningham, Shawn Embleton, Cliff C. Zou. in 23rd Annual Computer Security Applications Conference (ACSAC), 2007. (Best student paper award)

 Authentication:

(1). Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication.Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. IEEE Symposium on Security and Privacy 2005.

(2). Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheep's Clothing. Lucas Ballard, Fabian Monrose, Daniel Lopresti.  USENIX Security Symposium, 2006.

RFID:

Reference materials: http://lasecwww.epfl.ch/~gavoine/rfid/

(1).   (Melvin Rodriguez) The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy. Ari Juels, Ronald Rivest, and Michael Szydlo. Conference on Computer and Communications Security - ACM CCS, October 2003.

(2).  (Kishore Padma Raju) How to Build a Low-Cost, Extended-Range RFID Skimmer. Ilan Kirschenbaum and Avishai Wool, Tel Aviv University, Usenix Security 2006.

Denial-of-Service Attack:

(1).  A taxonomy of DDoS attack and DDoS defense mechanisms. Jelena Mirkovic and Peter Reiher, ACM SIGCOMM Computer Communication Review, pages 39-54, 34 (2), April, 2005.

(2). Hop-Count Filtering: An Effective Defense Against Spoofed DDoS Traffic, Cheng Jin, Haining Wang, and Kang G. Shin. CCS'03.

(3). (Hiral Chhaya) SOS: An Architecture For Mitigating DDoS Attacks. Angelos D. Keromytis, Vishal Misra, Dan Rubenstein. ACM SIGCOMM 2002.

(4).Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure. V. T. Lam, S. Antonatos, P. Akritidis, and K. G. Anagnostakis. ACM CCS 2006.

Detecting Covert Timing Channels: An Entropy-Based Approach. Steven Gianvecchio and Haining Wang. ACM Conference on Computer and Communications Security 2007.

Polyglot: Automatic Extraction of Protocol Message Format using Dynamic Binary Analysis. Juan Caballero, Heng Yin, Zhenkai Liang, and Dawn Song. ACM Conference on Computer and Communication Security, 2007.