Network Security (Spring 2017) - CS 6262 & ECE 6612

The objective of this course is l
earn the basics of 
cryptography and its application to network and operating system security. 

At the same time we will explain core concepts around
 network security threats and their countermeasures
discuss current open operational problems in network security and get exposed to academic 
research from this field. 

Prerequisites: Computer Networks (CS 4251/ECE 3600), Operating Systems, and Discrete Mathematics. Programming languages: C and/or python and/or Go.

Basic Information

Instructor: Manos Antonakakis
Office: Klaus 3364  
Class Location: College of Business 100
Class Date/Time: Tue/Thu 15:05 - 16:25
Office hours location:  MW  15:10 to 16:30 @Klaus 3364

Teaching assistant: Panos Kintis
Office hours: Wed 13:30 - 15:00
Email address: 
Location: Klaus 3361

Teaching assistant: Thanos Kountouras
Office hours: Tue-Thu 10.00 - 11.00
Email address: 
Location: Klaus 3361

  • Required text book: 
    • Charlie Kaufman, Radia Perlman and Mike Speciner, Network Security - Private Communication in a Public World, 2nd Edition, Prentice Hall, 2002. 
  • Reference text books:
    • J. F. Kurose, K. W. Ross, Computer Networking, A Top-Down Approach Featuring the Internet, Addison-Wesley. 
    • Introduction to Computer Security, Michael T. Goodrich and Roberto Tamassia, Addition Wesley
Course Outline
  • Introduction  
  • Cryptography
  • Network Protocol Security 
  • Malware and Botnets
  • DNS Security
  • Intrusion and Anomaly Detection
  • Privacy

Important Dates: 
  • 01/19/17: In class Quiz 1.
  • 02/02/17: Team Creation and Project Selection Deadline.
  • 02/21/17: Midterm in class exam.
  • 03/07/17: In class project progress update.
  • 03/16/17: In class Quiz 2.
  • 04/13/17: In class Quiz 3.
  • 04/18/17: Project's report, code and presentation due date.
  • 04/18/17 - 04/25/17: Team presentation period. 

Course Expectations, Requirements and Policies 

All students must follow the academic integrity and Georgia Tech Honor Code described here:

I. Course requirements
  • Three in class quizzes 
  • One midterm exam 
  • One class project with three deliverables: 1) Codebase, 2) Presentation and 3) Technical report shaped as an academic paper.
II. Projects 

Each student is required to complete a mid-size project being part of a larger team. The project description will be given to the teams by the 4th week of the class. If you do not form your own teams, the teams will be assembled by the TAs according to the grade distribution of the first quiz. That is, we will create even teams that will tackle these course-long projects. We anticipate the teams to be between 5 and 8 students. The responsibilities for the team will be to provide a 10 page technical report around their project. 

The codebase needs to be either in C, Python or Go. It also needs to contain clear technical documentation about 1) the environment assumptions, and 2) the execution process. The TAs and I should be able to operate your code without you being in the room. Each team will be assigned a Debian virtual environment that should be used to prototype their project. The (no more than 10 pages) report should include at least 4 sections: 1) A brief (no more than 3 paragraphs) description of the problem and the proposed solution, 2) a background and related work, 3) an overview of the proposed solution to the problem and 4) the results from the experiments. 

The paper, code base for the project and the presentation is due the same day for all teams (04/18/17). In the last two weeks of classes, each team will have to give a 30-45 minute research presentation for their project, a 5 minutes demonstration in class that their codebase actually works, and answer questions from the audience. 

Clearly, this project requires a lot of work. Therefore, mandatory requirements for the project to be successful are: 1) learn to work as part of a team, 2) learn to write code that other people may use, 3) learn to write a technical report, and 4) learn to present your ideas. The grade distribution for the project is as follows: 40% codebase, 30% presentation, and 30% the technical report.  

    Ideas for the team projects.

In the first two weeks we will discuss some project ideas during class. Beyond those ideas, you are free to submit your own ideas to me alongside the team composition. Your ideas could include the development of a component or the modification of a system that have been already proposed by academic researchers. Systems for which we should be able to provide you data and resources for are:
  • Athanasios Kountouras, Panagiotis Kintis, Chaz Lever, Yizheng Chen, Yacin Nadji, David Dagon, Manos Antonakakis, and Rodney Joffe, “Enabling Network Security Through Active DNS Datasets”, In the 19th International Symposium on Research in Attacks, Intrusions and Defenses, September 19-21 at Telecom SudParis, Evry, France.
  • Marcos Sebastian, Richard Rivera, Platon Kotzias, Juan Caballero. “AVClass: A Tool for Massive Malware Labeling PDF Bibtex  Publisher” In Proceedings of the 19th International Symposium on Research in Attacks, Intrusions and Defenses, Evry, France, September 2016
  • Charles Lever, Robert Walls, Yacin Nadji, David Dagon, Patrick McDaniel, Manos Antonakakis, ”Domain-Z: 28 Registrations Later --- Measuring the Exploitation of Residual Trust in Domains”, In the 37th IEEE Symposium on Security and Privacy, 2016. 
  • Terry Nelms, Roberto Perdisci, Manos Antonakakis, Mustaque Ahamad. "WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths." In the USENIX Security Symposium, 2015.
  • Zhaoyan Xu, Antonio Nappa, Robert Baykov, Guangliang Yang, Juan Caballero, and Guofei Gu. "AutoProbe: Towards Automatic Active Malicious Server Probing Using Dynamic Binary Analysis." In Proc. of the 21st ACM Conference on Computer and Communications Security (CCS’14), Scottsdale, AZ, November 2014.
  • Alexandros Kapravelos, Chris Grier, Neha Chachra, Christopher Kruegel, Giovanni Vigna, and Vern Paxson. 2014. Hulk: eliciting malicious behavior in browser extensions. In Proceedings of the 23rd USENIX conference on Security Symposium (SEC'14). USENIX Association, Berkeley, CA, USA, 641-654.
  • Yizheng Chen, Manos Antonakakis, Roberto Perdisci, Yacin Nadji, David Dagon, Wenke Lee. "DNS Noise: Measuring the Pervasiveness of Disposable Domains in Modern DNS Traffic." In the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, June 23 - 26, 2014 Atlanta, Georgia USA.
  • Jason Polakis, Panagiotis Ilia, Federico Maggi, Marco Lancini, Georgios Kontaxis, Stefano Zanero, Sotiris Ioannidis, Angelos D. Keromytis, “Faces in the Distorting Mirror: Revisiting Photo-based Social Authentication”, In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS) November 2014, Arizona, USA.
  • S. Krishnan, T. Taylor, F. Monrose, and J. McHugh. “Crossing the threshold: Detecting network malfeasance via sequential hypothesis testing”, DSN, page 1-12. IEEE Computer Society, (2013)
  • Nick Nikiforakis, Steven Van Acker, Wannes Meert, Lieven Desmet, Frank Piessens, Wouter Joosen, “Bitsquatting: Exploiting bit-flips for fun, or profit?,” in Proceedings of the 22nd International World Wide Web Conference (WWW 2013), Rio de Janeiro, Brazil.
  • Phani Vadrevu, Babak Rahbarinia, Roberto Perdisci, Kang Li, Manos Antonakakis. "Measuring and Detecting Malware Downloads in Live Network Traffic." In the 18th European Symposium on Research in Computer Security, RHUL, Egham, UK, 2013. (Source code for Amico is here:
  • Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou, Saeed Abu-Nimeh, Wenke Lee,  David Dagon, "From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware", In the 21th USENIX Security Symposium, Bellevue, WA, August 8–10, 2012.
  • Juan Caballero, Chris Grier, Christian Kreibich, and Vern Paxson. 2011. Measuring pay-per-install: the commoditization of malware distribution. In Proceedings of the 20th USENIX conference on Security (SEC'11). USENIX Association, Berkeley, CA, USA, 13-13.
  • Hsieh, Jonathan M., Steven D. Gribble, and Henry M. Levy. "The Architecture and Implementation of an Extensible Web Crawler." In NSDI, pp. 329-344. 2010.
  • Roberto Perdisci, Wenke Lee, Nick Feamster. "Behavioral Clustering of HTTP-based Malware and Signature Generation using Malicious Network Traces". USENIX Symposium on Networked Systems Design and Implementation, NSDI 2010.
  • Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee and Nick Feamster. "Building a Dynamic Reputation System for DNS", In the 19th USENIX Security Symposium, Washington D.C., August 11, 2010. 

III. Grading Scale 

There is no curve in this course. However, we may elect to include extra credit assignments at various times during the semester. The grading breakdown is as follows: NOTE: Grading subject to minor changes. 
  • Quizzes 30%
  • Project 30%
  • Midterm 35%.
  • Class participation 5%.

IV. Letter Grades

Letter grades are given according to the following cutoffs with no rounding:
  • 90.0 <= A <= 100 
  • 80.0 <= B < 90.0 
  • 70.0 <= C < 80.0 
  • 60.0 <= D < 70.0 
  • 0 <= F < 60.0
V. Appealing Grades 

You have the right to question your grade on any assignment; but you must initiate discussion about the grade within one week of receiving the grade. All re-grade requests should be sent via email to the TA for your section. In the email, include your T-square id and a clear description of which questions you would like reviewed and why.

Grade issues addressed outside of the requirements listed above will not be considered. Pay attention to your grades. If something doesn't look right, address it immediately! Be sure to follow the guidelines outlined in the "Problem Escalation Policy".

It is your responsibility to ensure that all the grades in T-Square are correct before finals week. After that, the only grade appeal will be about grading your final. 

VII. Problem Escalation Policy 

If you need help and/or have a problem, you should contact the following people in the following order:
(1) Your TA
(2) Your Head TA 
(3) Your Instructor (via e-mail)

If you are not comfortable talking to your TA about a particular issue, please contact the professor ASAP.

VIII. Excused Absences 

If you must miss an exam for a school-approved reason, it is your responsibility to provide adequate documentation and get approval. If you miss your test / exam period without prior approval or a valid excuse, you may be approved to take a makeup test, but you will be penalized 25% of the maximum test score possible (so the maximum score). ***CAUTION: the preprinted note from the infirmary stating that you visited the infirmary is not sufficient documentation.*** Please contact the Dean of Students with your excuse and they can provide you with the proper documentation. 

IX. Open Door Policy 

The instructor maintains an open door policy. You are free to visit me during the posted office hours or, if you prefer a different time, arrange an appointment with me. It is very important to contact me as soon as you feel that you might need to. Problems, unlike fine wines, typically do not to improve with age.

Full Disclosure: Portion of the class policies have been stollen from the syllabus of CS1371, created by Charles E. Phillips.