Here are the currently planned lecture topics for the course (subject to
change). Usually, for each lecture the first paper is required reading
and needs to be written up for homework prior to the lecture, while the
remaining papers are optional.
- Denial-of-Service
Inferring Internet Denial of Service Activity, David Moore, Geoffrey Voelker, and Stefan Savage, USENIX Security 2001
Internet Denial-of-Service Considerations, M. Handley and E. Rescorla, ed., RFC 4732, 2006
Denial of Service via Algorithmic Complexity Attacks, Scott Crosby and Dan Wallach, USENIX Security 2003
Understanding the Mirai Botnet, Manos Antonakakis et al., USENIX Security 2017
- Traceback
Practical Network Support for IP Traceback, Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, SIGCOMM 2000
Single-Packet IP Traceback, Alex Snoeren et al., IEEE/ACM Transactions on Networking 10(6), 2002
Understanding the Efficacy of Deployed Internet Source Address Validation Filtering, Robert Beverly, Arthur Berger, Young Hyun, and k claffy, Proc. ACM IMC 2009
- DoS Defense
SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks, Abraham Yaar, Adrian Perrig, and Dawn Song, IEEE S&P 2004
PI: A Path Identification Mechanism to Defend against DDoS Attacks, Abraham Yaar, Adrian Perrig and Dawn Song, IEEE S&P 2003
Controlling High Bandwidth Aggregates in the Network, Ratul Manajan et al., CCR 32(3), 2002
- Network Monitoring
Bro: A System for Detecting Network Intruders in Real-Time, Vern Paxson, Computer Networks, 31(23-24), pp. 2435-2463, 14 Dec. 1999.
Intrusion and intrusion detection, John McHugh, International Journal of Information Security 1(1), 14-35, 2001
Outside the Closed World: On Using Machine Learning For Network Intrusion Detection, Robin Sommer and Vern Paxson, Proc. IEEE Symposium on Security and Privacy, 2010
- Fundamental NIDS Issues
Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics, Mark Handley, Christian Kreibich and Vern Paxson, USENIX Security 2001
Insertion, Evasion, and Denial Of Service: Eluding Network Intrusion Detection, Thomas H. Ptacek and Timothy N. Newsham, Secure Networks techncial report, 1998
Abusing File Processing in Malware Detectors for Fun and Profit, Suman Jana and Vitaly Shmatikov, Proc. IEEE Security & Privacy, 2012
Robust TCP Stream Reassembly in the Presence of Adversaries, Sarang Dharmapurikar and Vern Paxson, USENIX Security 2005
- Evaluating Detectors
Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Off-line Intrusion Detection System Evaluation as Performed by Lincoln Laboratory, John McHugh, ACM Transactions on Information and System Security, 3(4). November, 2000.
- The Threat of Worms
How to 0wn the Internet in Your Spare Time, Stuart Staniford, Vern Paxson and Nicholas Weaver, USENIX Security 2002
Stuxnet: Dissecting a Cyberwarfare Weapon, Ralph Langner, IEEE Security & Privacy 9(3), 2011
With microscope and tweezers: An analysis of the Internet virus of November 1988, Mark Eichin and Jon Rochlis, IEEE S&P 1989
- Scanning
Fast Portscan Detection Using Sequential Hypothesis Testing, Jaeyeon Jung, Vern Paxson, Arthur Berger, and Hari Balakrishnan, IEEE S&P 2004
The Art of Port Scanning, Fyodor, Phrack Magazine 7(51), 1997
ZMap: Fast Internet-Wide Scanning and its Security Applications, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman, Proc. USENIX Security, 2013
Detecting Stealthy, Distributed SSH Brute-Forcing, Mobin Javed and Vern Paxson, Proc. ACM CCS, 2013
- Inferring Activity
Timing Analysis of Keystrokes and Timing Attacks on SSH, Dawn Song, David Wagner, Xuqing Tian, USENIX Security 2001
Statistical Identification of Encrypted Web Browsing Traffic, Qixiang Sun et al., IEEE S&P 2002
Remote Timing Attacks are Practical, David Brumley and Dan Boneh, USENIX Security 2003
- Securing Protocols
Guidelines for Writing RFC Text on Security Considerations, E. Rescorla and B. Korver, RFC 3552, 2003
Security Assessment of the Internet Protocol Version 4, F. Gont, RFC 6274, 2011
Coming of Age: A Longitudinal Study of TLS Deployment, Platon Kotzias et al., Proc. ACM IMC 2018
- Architecture
Ethane: Taking Control of the Enterprise, Martin Casado et al., SIGCOMM 2007
Tussle in Cyberspace: Defining Tomorrow's Internet, David D. Clark, John Wroclawski, Karen Sollins and Robert Braden, SIGCOMM 2002
SCION: Scalability, Control, and Isolation On Next-Generation Networks, Xin Zhang, Hsu-Chun Hsiao, Geoffrey Hasker, Haowen Chan, Adrian Perrig and David G. Andersen, IEEE S&P 2011
- Authentication
Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication, Chris Karlof, J.D. Tygar, and David Wagner, NDSS 2009
You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings, Serge Egelman, Lorrie Faith Cranor, and Jason Hong, Proc. ACM CHI, 2008
Robust Defenses for Cross-Site Request Forgery, Adam Barth, Collin Jackson, and John C. Mitchell, CCS 2008
- Botnets
Your Botnet is My Botnet: Analysis of a Botnet Takeover, Brett Stone-Gross et al., CCS 2009
Characterizing Large-Scale Click Fraud in ZeroAccess, Paul Pearce, et al., Proc. ACM CCS, 2014
- Anonymity
Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, Paul Syverson, USENIX Security 2004
Spoiled Onions: Exposing Malicious Tor Exit Relays, Philipp Winter, Richard Kower, Martin Mulazzani, Markus Huber, Sebastian Schrittwieser, Stefan Lindskog, and Edgar Weippl, PETS 2014
A Fistful of Bitcoins: Characterizing Payments Among Men With No Names, Sarah Meiklejohn et al., Proc. ACM IMC 2013
- Spam
Taster's Choice: A Comparative Analysis of Spam Feeds, Andreas Pitsillidis et al., ACM IMC 2012
Spamming Botnets: Signatures and Characteristics, Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov, SIGCOMM 2008
deSEO: Combating Search-Result Poisoning, John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy, and Martin Abadi, Proc. USENIX Security, 2011