CDA 6938 Special topic:

Research in Computer and Network Security (Spring 2007)

Home                      Schedule notes                        Assignment

Class 1 (01/9): 

        Class Overview (ppt)

        Internet worm modeling, detection and defense (ppt)

Class 2 (01/11): 

        Modeling and Measuring Botnets (ppt)

        How to Own the Internet in Your Spare Time (presented by Peter Matthews, ppt)

Class 3 (01/18):

        Automated Worm Fingerprinting (presented by Ram Ramani, ppt)

        Fast Portscan Detection Using Sequential Hypothesis Testing (presented by Tai Do, ppt)

Class 4 (01/23):

        Polygraph: Automatic Signature Generation for Polymorphic Worms (presented by Devendra Salvi, ppt)

        Polymorphic Blending Attacks (presented by Himanshu Pagey, ppt) 

Class 5 (01/25):

        A Virtual Honeypot Framework (presented by Tao Li, ppt) 

        HoneyStat: Local Worm Detection Using Honeypots. (presented by Justin Miller, ppt)

Class 6 (02/01):

        Introduction of honeypot, botnet, measurement, email spam (by Cliff Zou, ppt)

        The Internet Motion Sensor: A Distributed Blackhole Monitoring System (presented by Arun Krishnamurthy, ppt)

Class 7 (02/06):

        How to give a good presentation (by Cliff Zou, ppt)

       Detecting Targeted Attacks Using Shadow Honeypots (presented by  Rui Peng, ppt) 

Class 8 (02/08):

        Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm (presented by Tracy Wagner, ppt)

        An Inside Look at Botnets (presented by Jared Bott, ppt)

Class 9 (02/13):

        A Multifaceted Approach to Understanding the Botnet Phenomenon  (presented by Ramanarayanan Ramani, ppt)

        Characteristics of internet background radiation (presented by Tai T Do, ppt) 

Class 10 (02/15):

       Remote Physical Device Fingerprinting (presented by Peter Matthews, ppt)

       Improving Spam Detection Based on Structural Similarity (presented by Jared Bott, ppt)

Class 11 (02/20):

      An Effective Defense Against Email Spam Laundering (presented by Devendra Salvi, ppt)

    Understanding the Network-Level Behavior of Spammers (presented by Tao Li, ppt)

Class 12 (02/22):

  Timing Analysis of Keystrokes and Timing Attacks on SSH (presented by Rui Peng, ppt) 

    Mapping Internet Sensors with Probe Response Attacks  (presented by Tracy Wagner, ppt) 

Class 13 (02/27):

   Security Analysis of a Cryptographically-Enabled RFID Device (Presented by Himanshu Pagey, ppt)

   Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities (presented by  Justin Miller, ppt) 

Class 14 (03/01):

   Presentation of group term project proposal

Class 15 (03/06):

   Malware Prevalence in the KaZaA File-Sharing Network. (presented by Arun Krishnamurthy, ppt)

   A Crawler-based Study of Spyware in the Web. (presented by Justin Miller, ppt)

Class 16 (03/08):

   Software security introduction by Cliff Zou 

After Spring Break week: 

Class 17 (03/20):

   MOPS: an infrastructure for examining security properties of software (presented by Peter Matthew, ppt) 

   Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. (presented by Jared Bott, ppt)

Class 18 (03/22):

   Address obfuscation: an efficient approach to combat a broad range of memory error exploits. (presented by Tracy Wagner, ppt)

   Dynamic Taint Analysis: Automatic Detection, Analysis, and Signature Generation of Exploit Attacks on Commodity Software. (presented by Devendra Salvi, ppt)

Class 19 (03/27):

 Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software (presented by Arun Krishnamurthy, ppt) 

  Vigilante: End-to-End Containment of Internet Worms (presented by Ramanarayanan Ramani, ppt)

Class 20 (03/29):

  Automatic Diagnosis and Response to Memory Corruption Vulnerabilities (presented by Tai Do, ppt)

  Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication (presented by Rui Peng, ppt) 

Class 21 (04/03):

   Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheep's Clothing. (presented by Tao Li, ppt)

  The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy. (presented by Himanshu Pagey, ppt)

Class 22 (04/05):

     How to Build a Low-Cost, Extended-Range RFID Skimmer. (Justin Miller, ppt)

    A taxonomy of DDoS attack and DDoS defense mechanisms. (presented by Jared Bott, ppt) 

(04/10):  Cancelled. Dr. Zou is out of town.

Class 23 (04/12):

     Hop-Count Filtering: An Effective Defense Against Spoofed DDoS Traffic. (presented by Tao Li) 

     SOS: An Architecture For Mitigating DDoS Attacks. (presented by Tracy Wagner, ppt)

Class 24 (04/17):

  Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure (presented by Ramanarayanan Ramani, ppt)

  A Survey of Secure Wireless Ad Hoc Routing (presented by Devendra Salvi, ppt)

Class 25 (04/19):

   Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures (presented by Rui Peng)

   Random Key Predistribution Schemes for Sensor Networks (presented by Himanshu Pagey)

Class 26 (04/26):  4:00pm - 6:50pm  Final term project presentation

¡¡

Research papers for in-class presentation:

1. Internet Malware Modeling and Defense:

    Reference material: http://www.wormblog.com/papers/

  (1). (Peter Matthews) How to 0wn the Internet in Your Spare Time, Stuart Staniford, Vern Paxson, Nicholas Weaver, Usenix Security Symposium 2002.

  (2). (Ramanarayanan Ramani) Automated Worm Fingerprinting. Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage. OSDI'04.

  (3). (Tai T Do) Fast Portscan Detection Using Sequential Hypothesis Testing. Jaeyeon Jung, Vern Paxson, Arthur W. Berger, and Hari Balakrishnan. IEEE Symposium on Security and Privacy 2004.

  (4). (Devendra Salvi) Polygraph: Automatic Signature Generation for Polymorphic Worms. James Newsome, Brad Karp, Dawn Song. In IEEE Security and Privacy Symposium, May 2005.

  (5). (Himanshu Pagey) Polymorphic Blending Attacks. Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov, and Wenke Lee. In Proceedings of The 15th USENIX Security Symposium (SECURITY '06) , Vancouver, B.C., Canada, August 2006.

2. Honeypot:

 introduction material: http://www.honeypots.net/

(1). (Tao Li) A Virtual Honeypot Framework. Niels Provos, Usenix Security Symposium 2004.

(2). (Justin Miller) HoneyStat: Local Worm Detection Using Honeypots. David Dagon, Xinzhou Qin, Guofei Gu,Wenke Lee. The 7th International Symposium on Recent Advances in Intrusion Detection (RAID 2004).

(3). (Arun Krishnamurthy) The Internet Motion Sensor: A Distributed Blackhole Monitoring System. Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson. 12th Annual Network and Distributed System Security Symposium (NDSS'05).

(4). (Rui Peng) Detecting Targeted Attacks Using Shadow Honeypots. K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, A. D. Keromytis. Usenix Security Symposium 2005.

(5). (Tracy Wagner) Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm. Michael Vrable, Justin Ma, Jay chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker and Stefan Savage. Proceedings of the ACM Symposium on Operating System Principles (SOSP), Brighton, UK, October 2005.

3. Botnet:

  Introduction material: SANS, Know your Enemy: Tracking Botnets Using honeynets to learn more about Bots. 

 (1). (Jared Bott) An Inside Look at Botnets, Barford, Paul and Yegneswaran, Vinod.In Series: Advances in Information Security, Springer, 2006, ISBN ISBN-10: 0-387-32720-7. 

 (2).  (Ramanarayanan Ramani)  A Multifaceted Approach to Understanding the Botnet Phenomenon. Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis,  Internet Measurement Conference, IMC'06, Brazil, October 2006.

4. Security Measurement:

  (1).   (Tai T Do) Characteristics of internet background radiation. Ruoming Pang, Vinod Yegneswaran, Paul Barford, Vern Paxson, Larry Peterson. ACM Internet Measurement Conference, 2004.

  (2). (Peter Matthews) Remote Physical Device Fingerprinting. Tadayoshi Kohno, Andre Broido, KC Claffy. IEEE Symposium on Security and Privacy, 2005.

  (3). (Reserved) The Devil and Packet Trace Anonymization. Ruoming Pang, Mark Allman, Vern Paxson and Jason Lee. to appear in Computer Communication Review, January 2006.

5. Email Spam and Email-based Malicious Code:

  (1). (Jared Bott) Improving Spam Detection Based on Structural Similarity. Luiz H. Gomes, Fernando D. O. Castro, Virg¨ªlio A. F. Almeida, Jussara M. Almeida, and Rodrigo B. Almeida. Steps to Reducing Unwanted Traffic on the Internet Workshop, 2005.

  (2). (Devendra Salvi) An Effective Defense Against Email Spam Laundering. Mengjun Xie, Heng Yin and Haining Wang. CCS'06.

 (3).(Tao Li) Understanding the Network-Level Behavior of Spammers. Anirudh Ramachandran,Nick Feamster. ACM SIGCOMM 2006.

6. Various Attacking Technique Research:

  (1). (Rui Peng) Timing Analysis of Keystrokes and Timing Attacks on SSH. Dawn Song, David Wagner, Xuqing Tian. Usenix Security Symposium 2001.

  (2).  (Tracy Wagner) Mapping Internet Sensors with Probe Response Attacks. John Bethencourt, Jason Franklin, and Mary Vernon, University of Wisconsin, Madison, Usenix Security Symposium, 2005.

  (3).  (Himanshu Pagey) Security Analysis of a Cryptographically-Enabled RFID Device. Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Avi Rubin, Michael Szydlo. Usenix Security Symposium 2005.

7. Crawler-based security study:

  (1). (Justing Miller) Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities.   Yi-Min Wang, Doug Beck , Chad Verbowski, Shuo Chen, Sam King; Xuxian Jiang; Roussi Roussev, NDSS'06, 2006.

 (2). (Arun Krishnamurthy) Malware Prevalence in the KaZaA File-Sharing Network. Seungwon Shin; Jaeyeon Jung; Hari Balakrishnan.   Internet Measurement Conference 2006.

 (3).  (Justin Miller) A Crawler-based Study of Spyware in the Web. A. Moshchuk, S.D. Gribble, H. Levy. NDSS 2006.

8. Operating System and Software Security:

   Reference material: 

              Buffer Overflows for Dummies, by Josef Nelißen, 2002.

              Beyond stack smashing: recent advances in exploiting buffer overruns, J. Pincus and B. Baker, IEEE Security & Privacy Magazine, 2004.

  (1). (Peter Matthew) MOPS: an infrastructure for examining security properties of software. Hao Chen and David Wagner. CCS'02.

  (2). (Jared Bott) Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. Helen J. Wang, Chuanxiong Guo, Daniel R. Simon, and Alf Zugenmaier. ACM SIGCOMM, 2004.

  (3). (Tracy Wagner) Address obfuscation: an efficient approach to combat a broad range of memory error exploits. S. Bhatkar, D.C. DuVarney, and R. Sekar. USENIX Security Symposium, 2003.

 (4). (Devendra Salvi) Dynamic Taint Analysis: Automatic Detection, Analysis, and Signature Generation of Exploit Attacks on Commodity Software. James Newsome and Dawn Song. In Network and Distributed Systems Security Symposium (NDSS), Feb 2005.

 (5). (Arun Krishnamurthy) Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software. James Newsome, David Brumley, Dawn Song, Jad Chamcham, Xeno Kovah. Network and Distributed Systems Security Symposium (NDSS), Feb 2006.

 (6). (Ramanarayanan Ramani) Vigilante: End-to-End Containment of Internet Worms. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham.  In Proceedings of the 20th ACM Symposium on Operating System Principles (SOSP), Brighton, UK, Oct. 2005.

 (7). (Tai Do) Automatic Diagnosis and Response to Memory Corruption Vulnerabilities. Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, and Chris Bookholt. ACM Computer and Communication Security (CCS), 2005.

9. Authentication:

(1). (Rui Peng) Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication.Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. IEEE Symposium on Security and Privacy 2005.

(2). (Tao Li) Biometric Authentication Revisited: Understanding the Impact of Wolves in Sheep's Clothing. Lucas Ballard, Fabian Monrose, Daniel Lopresti.  USENIX Security Symposium, 2006.

10. RFID:

Reference materials: http://lasecwww.epfl.ch/~gavoine/rfid/

(1). (Himanshu Pagey)  The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy. Ari Juels, Ronald Rivest, and Michael Szydlo. Conference on Computer and Communications Security - ACM CCS, October 2003.

(2). (Justin Miller) How to Build a Low-Cost, Extended-Range RFID Skimmer. Ilan Kirschenbaum and Avishai Wool, Tel Aviv University, Usenix Security 2006.

11. Denial-of-Service Attack:

(1). (Jared Bott) A taxonomy of DDoS attack and DDoS defense mechanisms. Jelena Mirkovic and Peter Reiher, ACM SIGCOMM Computer Communication Review, pages 39-54, 34 (2), April, 2005.

(2). (Tao Li) Hop-Count Filtering: An Effective Defense Against Spoofed DDoS Traffic, Cheng Jin, Haining Wang, and Kang G. Shin. CCS'03.

(3). (Tracy Wagner) SOS: An Architecture For Mitigating DDoS Attacks. Angelos D. Keromytis, Vishal Misra, Dan Rubenstein. ACM SIGCOMM 2002.

(4).(Ramanarayanan Ramani) Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure. V. T. Lam, S. Antonatos, P. Akritidis, and K. G. Anagnostakis. ACM CCS 2006.

12. Wireless and Sensor Network Security

 (1). (Devendra Salvi) A Survey of Secure Wireless Ad Hoc Routing . YIH-CHUN HU, ADRIAN PERRIG. in IEEE Security and Privacy special issue on Making Wireless Work, 2(3):28-39,  2004.

 (2). (Rui Peng) Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures. Chris Karlof and David Wagner. Elsevier's AdHoc Networks Journal: Special Issue on Sensor Network Applications and Protocols, Volume 1, Issues 2-3, September 2003. 

 (3). (Himanshu Pagey)Random Key Predistribution Schemes for Sensor Networks. Haowen Chan, Adrian Perrig, Dawn Song. In 2003 IEEE Symposium on Research in Security and Privacy.