CIS 859 - Advanced Topics in Network Security - Spring 2004

News Calendar and Syllabus Textbooks and Resources
Course Description Course Requirements Course Policy
Instructor: Jelena Mirkovic  
Office hours: T 2-3pm, Th 2-3 pm
Office: 449 Smith Hall 
Phone: 302-831-6052 
Semester: Spring 2004 
Time: Tu/Th 3.30-4.45pm 
Room: Smith 102A
Course Web page:

4/30/04 Report preparation guide posted in PS and PDF

4/30/04 Presentation preparation guide posted in PS and PDF

4/1/04 Sending in a report on project progress
E-mail a half-page (up to 10 sentences) report of project progress to the instructor. Describe what you have done so far and what remains to be done to finish the project. List any problems you currently have. Deadline: 3pm on Tue, 4/6

2/10/04 Selecting a paper to present
Look over the papers that are scheduled as a required reading in the course. Choose one paper that you would like to present and E-mail me your choice. Requests for paper presentations will be granted on a first-come-first-served basis, and I will promptly update the presentation schedule to reflect up-to-date availability of the papers.

Calendar and Syllabus
Date Topic Required reading Presenter Slides
2/10/04 Introduction J. Mirkovic Class 1 in PS
Class 1 in PDF
2/12/04 Cryptography Cryptography overview J. Mirkovic Class 2 in PS
Class 2 in PDF
2/17/04 Intrusions
Intrusion overview
Worm overview
J. Mirkovic Class 3 in PS
Class 3 in PDF
2/19/04 DoS
IP spoofing
IP spoofing overview
DoS overview
J. Mirkovic Class 4 in PS
Class 4 in PDF
2/24/04 Network Security How to 0wn the Internet in Your Spare Time
S. Staniford, V. Paxson. N. Weaver
J. Mirkovic Class 5 in PS
Class 5 in PDF
Student presentations begin
2/26/04 Intrusions Smashing The Stack For Fun And Profit
Aleph One
Amy Antonucci Class 6 in PS
Class 6 in PDF
March 2 at 4pm - Deadline for E-mailing the instructor about your chosen project
3/2/04 Intrusions Model Checking One Million Lines of C Code
H. Chen, D. Dean and D. Wagner
Aaron Brown Class 7 in PS
Class 7 in PDF
3/4/04 Intrusions A Practical Dynamic Buffer Overflow Detector
O. Ruwase and M. S. Lam
Erinc Arikan Class 8 in PS
Class 8 in PDF
3/9/04 Intrusions A Comparison of Publicly Available
Tools for Dynamic Buffer Overflow Prevention
J. Wilander, M. Kamkar
Pu Li Class 9 in PS
Class 9 in PDF
3/11/04 IP spoofing Practical Network Support for IP Traceback
S. Savage, D. Wetherall, A. Karlin, T. Anderson
Songjie Wei Class 10 in PS
Class 10 in PDF
3/16/04 IP spoofing On the Effectiveness of Route-Based
Packet Filtering for Distributed DoS Attack
Prevention in Power-Law Internets
K. Park, H. Lee
Heather Hartman Class 11 in PS
Class 11 in PDF
3/18/04 IP spoofing Hop-Count Filtering: An Effective Defense
Against Spoofed Traffic

C. Jin, H. Wang, K. G. Shin
Ryan Bickhart Class 12 in PS
Class 12 in PDF
3/23/04 Spring break
3/25/04 Spring break
3/30/04 IP spoofing StackPi
A. Perrig, D. Song. A. Yaar
Kireeti Valicherla Class 13 in PS
Class 13 in PDF
4/1/04 Worms Worm Propagation Modeling and Analysis
under Dynamic Quarantine Defense

C. C. Zou, W. Gong, D. Towsley
Jelena Mirkovic Class 14 in PS
Class 14 in PDF
4/6/04 Worms Monitoring and Early Warning for Internet Worms
C. C. Zou, L. Gao, W. Gong and D. Towsley
Xiaojin Niu Class 15 in PS
Class 15 in PDF
4/8/04 Worms An Effective Architecture and Algorithm for
Detecting Worms with Various Scan Techniques

J. Wu, S. Vangala, L. Gao, K. Kwiat
Namratha Hundigopal Class 16 in PS
Class 16 in PDF
4/13/04 Worms A Taxonomy of Computer Worms
N. Weaver, V. Paxson, S. Staniford, R. Cunningham
Joel Lipshultz Class 17 in PS
Class 17 in PDF
4/15/04 Worms Internet Quarantine: Requirements for
Containing Self-Propagating Code

D. Moore, C. Shannon, G. Voelker and S. Savage
Vikram Rajan
4/20/04 DoS SOS: An Architecture for Mitigating
DDoS Attacks

A. D. Keromytis, V. Misra, D. Rubenstein
Maitreya Natu
4/22/04 Dos IP Easy-pass: Edge Resource Access Control
H. Wang, A. Bose, M. El-Gendy, K. G. Shin
Divya Gopalakrishnan
4/27/04 DoS Low-Rate TCP-Targeted
Denial of Service Attacks
(The Shrew vs. the Mice and Elephants)

A. Kuzmanovic, E. W. Knightly
Lei Luo
4/29/04 DoS A Framework for Classifying
Denial of Service Attacks

A. Hussain, J. Heidemann, C. Papadopoulos
George Oikonomou
5/4/04 DoS Alliance Formation for DDoS Defense
J. Mirkovic, M. Robinson, P. Reiher, and G. Kuenning
5/6/04 Paper discussion
Project presentations begin
5/11/04 Project presentation

Group 1: Maitreya Natu, Kireeti Valicherla and Namratha Hundigopal
Group 2: Pu Li and Songjie Wei

5/13/04 Project presentation

Group 1: Ryan Bickhart and Vikram Rajan
Group 2: Joel Lipschultz and Heather Hartman
Group 3: Aaron Brown and Amy Antonucci

5/18/04 Project presentation

Group 1: Divya Gopalakrishnan and George Oikonomou
Group 2: Lei Luo, Erinc Arikan and Xiaojin Niu

May 25 at 4pm - Deadline for E-mailing the instructor your project report
Textbooks and resources
Optional reading
J. Nazario
"Defense and Detection Strategies against Internet Worms"
B. Schneier
"Applied Cryptography: Protocols, Algorithms, and Source Code in C," 2nd edition
W. Stallings
"Cryptography and Network Security: Principles and Practice"
C. Kaufman, et. al
"Network Security: Private Communication in a Public World"
B. Schneier
"Secrets and Lies"
E. Skoudis
"Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses"
W. Cheswick, et. al
"Firewalls and Internet Security: Repelling the Wily Hacker," 2nd edition
Class slides
Will be posted in here after each class.
Course Description
This course is heavily focused on research and emphasizes reading and writing of technical papers, and project work. Course 659 is not a prerequisite for 859, but it is definitely useful. 859 course covers a variety of topics in network security field, such as denial-of-service, worm and virus attacks, privacy, anonymization techniques, IP spoofing, social engineering, etc. The course explores each topic through a blend of short in-class overview followed by the discussion of the selected articles from techical conferences and journals that address important topic-related problems.
Course Requirements
Grading policy
Project - 60%
Paper reports - 10%
Paper presentation - 20%
Class participation - 10%
Programming Project
There will be one programming project in the course. The project should be done in the groups of 2 people, although individual projects and projects in 3-people groups may be allowed after talking to the instructor. Students should choose one of the network security topics and make an original research contribution with their project. This means that a project should pursue some original idea, not found in the current research, and should contain its implementation and experimental performance results or a theoretical proof. While it is hard to do a significant research work during one semester, the project should at least demonstrate that the idea is feasible and promising. For example, a project could take an existing defense approach against the problem X, and augment it to work better. Or, a project could combine ideas found in existing approaches Y and Z into an integrated solution, or apply an approach known to work against problem A to problem B. Of course, a completely new idea could also form the core of a project. Students should survey the current research on their chosen topic before deciding on the project, to further their understanding of the problem, and to make sure that similar ideas have not been tried before. Below are some questions to help you choose a suitable project. You should carefully consider them before you decide what you want to do.
  • Is the problem important?
  • What are the existing approaches to solving the problem? Why don't they work?
  • Is my idea likely to work? Will it be practical? Will it be expensive?
  • Can I define a segment of this idea that can be done in one semester and that will provide results to show if this idea is worth pursuing further?
Feel free to contact the instructor to discuss possible project ideas or get recommendations of papers related to your project.

Projects will likely involve a significant programing load for implementation of the proposed idea. Students can perform experiments required for their project work in Emulab, a testbed at University of Utah where users can request access to multiple machines, organize them in a topology and perform experiments. Machines can run Linux or FreeBSD. Users get clean machines, only an operating system is installed. They also get sudoer access and can do anything that a root can. Any malicious and harmfull activity is contained, nothing bad will happen if a user crashes the machine. After running the experiments users should release the machines. Alternatively, Emulab staff will reclaim the machines if they have been idle for a while. Detailed instructions on how to use Emulab will follow later in the course.

If you have difficulties deciding on a project, programming or dividing the load fairly with your group members, talk to the instructor.

Project grading
As a part of the course requirement you will need to prepare a 30-min presentation and a report about your project. A project grade will be based on the three criteria - quality of the project (60% of the project grade), presentation (20% of the project grade) and report (20% of the project grade).
Paper reports
Students are required to read each paper before its scheduled presentation and E-mail the instructor a brief report (in plain text) containing answers to the following questions:
  • What does the paper propose? (3-4 sentences)
  • What is the value of this paper? (1-2 sentences)
  • In your opinion, is the idea discussed in the paper good or not, and why? (3-4 sentences)
  • State any suggestions you have that could improve this paper? (3-4 sentences)
Paper reports should be received at least an hour before the class in which the paper will be discussed. No extensions will be granted.
Paper presentation
Students should choose one paper from the required course reading, prepare a presentation explaining this paper and present it in the class. The presentation should be in PowerPoint, StarOffice or Latex. It should contain 30-40 slides and run about 40 minutes. Students should E-mail the presentation to the instructor by the morning of the presentation day. They can use personal laptops or an instructor's laptop for presenting.
Course Policy
I personally understand that there will be times when you can't make it. The alarm clock didn't ring, you are tired, you have another midterm to study for ... I will not take attendance or hold it against you if you don't sit in the class. However you are responsible for studying all the material covered in the class, and sending in the paper report. I would also advise you to obtain class notes from one of your classmates.

However, the University Seat Claim Policy, states that:

Unless excused by the faculty member, students holding a confirmed assigned seat in a class will have relinquished their seat if they have not personally appeared in class to claim the seat by ... the second meeting for a class scheduled to meet twice a week ... If the student does not claim the seat within the time limit specified above, and does not drop the course, the instructor has the option of assigning the student a grade of "Z" at the end of the term. It is the responsibility of the student to drop each course that he/she does not plan no attend, even when the student's registration is canceled for non-payment of fees. Failure to drop a course will result in a grade of "Z".
Therefore, attendance will be taken for the first two class meetings. To accomodate the latecomers, the attendance sheet will be distributed at the end of the class.
Late policy
When you come in late you are disturbing both me and your classmates. Please make every effort to come on time. However, if you do happen to be late, come in and join the class (even if you are 30+ min late). Just don't make it a habit.
Academic honesty
You may exchange ideas for projects and discuss papers with your classmates. However, all the work you submit must be your own. Students should get acquainted with their rights and responsibilities as explained in the Student Guide to University Policies (
Asking for help
If you have any problem with the class (difficulties understanding the material or doing the project, excused absence, emergency that prevents you from meeting a report deadline, need a special accomodation, etc.) don't hesitate to ask for help. E-mail the instructor, come to office hours, or simply find the instructor in the office. You can also call by phone if there is an emergency and you have no access to E-mail.
Instruction feedback
I would like to receive your comments with regard to the class organization and teaching quality. If there is ever something you would like me to improve or change, cover in another manner, etc. please write me an anonymous note and slip it into the envelope on the right side of my office door. Please try to provide constructive comments, e.g. instead of saying "I didn't understand anything you just taught" try saying "I didn't understand your explanation of worms, you went too fast over that."

Last Updated: 2/9/04