CS 261N Syllabus - Spring 2020


Here are the currently planned lecture topics for the course (subject to change). Usually, for each lecture the first paper is required reading and needs to be written up for homework prior to the lecture, while the remaining papers are optional.

  1. Denial-of-Service
    Inferring Internet Denial of Service Activity, David Moore, Geoffrey Voelker, and Stefan Savage, USENIX Security 2001
    Internet Denial-of-Service Considerations, M. Handley and E. Rescorla, ed., RFC 4732, 2006
    Denial of Service via Algorithmic Complexity Attacks, Scott Crosby and Dan Wallach, USENIX Security 2003
    Understanding the Mirai Botnet, Manos Antonakakis et al., USENIX Security 2017

  2. Traceback
    Practical Network Support for IP Traceback, Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, SIGCOMM 2000
    Single-Packet IP Traceback, Alex Snoeren et al., IEEE/ACM Transactions on Networking 10(6), 2002
    Understanding the Efficacy of Deployed Internet Source Address Validation Filtering, Robert Beverly, Arthur Berger, Young Hyun, and k claffy, Proc. ACM IMC 2009

  3. DoS Defense
    SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks, Abraham Yaar, Adrian Perrig, and Dawn Song, IEEE S&P 2004
    PI: A Path Identification Mechanism to Defend against DDoS Attacks, Abraham Yaar, Adrian Perrig and Dawn Song, IEEE S&P 2003
    Controlling High Bandwidth Aggregates in the Network, Ratul Manajan et al., CCR 32(3), 2002

  4. Network Monitoring
    Bro: A System for Detecting Network Intruders in Real-Time, Vern Paxson, Computer Networks, 31(23-24), pp. 2435-2463, 14 Dec. 1999.
    Intrusion and intrusion detection, John McHugh, International Journal of Information Security 1(1), 14-35, 2001
    Outside the Closed World: On Using Machine Learning For Network Intrusion Detection, Robin Sommer and Vern Paxson, Proc. IEEE Symposium on Security and Privacy, 2010

  5. Fundamental NIDS Issues
    Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics, Mark Handley, Christian Kreibich and Vern Paxson, USENIX Security 2001
    Insertion, Evasion, and Denial Of Service: Eluding Network Intrusion Detection, Thomas H. Ptacek and Timothy N. Newsham, Secure Networks techncial report, 1998
    Abusing File Processing in Malware Detectors for Fun and Profit, Suman Jana and Vitaly Shmatikov, Proc. IEEE Security & Privacy, 2012
    Robust TCP Stream Reassembly in the Presence of Adversaries, Sarang Dharmapurikar and Vern Paxson, USENIX Security 2005

  6. Evaluating Detectors
    Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Off-line Intrusion Detection System Evaluation as Performed by Lincoln Laboratory, John McHugh, ACM Transactions on Information and System Security, 3(4). November, 2000.

  7. The Threat of Worms
    How to 0wn the Internet in Your Spare Time, Stuart Staniford, Vern Paxson and Nicholas Weaver, USENIX Security 2002
    Stuxnet: Dissecting a Cyberwarfare Weapon, Ralph Langner, IEEE Security & Privacy 9(3), 2011
    With microscope and tweezers: An analysis of the Internet virus of November 1988, Mark Eichin and Jon Rochlis, IEEE S&P 1989

  8. Scanning
    Fast Portscan Detection Using Sequential Hypothesis Testing, Jaeyeon Jung, Vern Paxson, Arthur Berger, and Hari Balakrishnan, IEEE S&P 2004
    The Art of Port Scanning, Fyodor, Phrack Magazine 7(51), 1997
    ZMap: Fast Internet-Wide Scanning and its Security Applications, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman, Proc. USENIX Security, 2013
    Detecting Stealthy, Distributed SSH Brute-Forcing, Mobin Javed and Vern Paxson, Proc. ACM CCS, 2013

  9. Inferring Activity
    Timing Analysis of Keystrokes and Timing Attacks on SSH, Dawn Song, David Wagner, Xuqing Tian, USENIX Security 2001
    Statistical Identification of Encrypted Web Browsing Traffic, Qixiang Sun et al., IEEE S&P 2002
    Remote Timing Attacks are Practical, David Brumley and Dan Boneh, USENIX Security 2003

  10. Securing Protocols
    Guidelines for Writing RFC Text on Security Considerations, E. Rescorla and B. Korver, RFC 3552, 2003
    Security Assessment of the Internet Protocol Version 4, F. Gont, RFC 6274, 2011
    Coming of Age: A Longitudinal Study of TLS Deployment, Platon Kotzias et al., Proc. ACM IMC 2018

  11. Architecture
    Ethane: Taking Control of the Enterprise, Martin Casado et al., SIGCOMM 2007
    Tussle in Cyberspace: Defining Tomorrow's Internet, David D. Clark, John Wroclawski, Karen Sollins and Robert Braden, SIGCOMM 2002
    SCION: Scalability, Control, and Isolation On Next-Generation Networks, Xin Zhang, Hsu-Chun Hsiao, Geoffrey Hasker, Haowen Chan, Adrian Perrig and David G. Andersen, IEEE S&P 2011

  12. Authentication
    Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication, Chris Karlof, J.D. Tygar, and David Wagner, NDSS 2009
    You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings, Serge Egelman, Lorrie Faith Cranor, and Jason Hong, Proc. ACM CHI, 2008
    Robust Defenses for Cross-Site Request Forgery, Adam Barth, Collin Jackson, and John C. Mitchell, CCS 2008

  13. Botnets
    Your Botnet is My Botnet: Analysis of a Botnet Takeover, Brett Stone-Gross et al., CCS 2009
    Characterizing Large-Scale Click Fraud in ZeroAccess, Paul Pearce, et al., Proc. ACM CCS, 2014

  14. Anonymity
    Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, Paul Syverson, USENIX Security 2004
    Spoiled Onions: Exposing Malicious Tor Exit Relays, Philipp Winter, Richard Kower, Martin Mulazzani, Markus Huber, Sebastian Schrittwieser, Stefan Lindskog, and Edgar Weippl, PETS 2014
    A Fistful of Bitcoins: Characterizing Payments Among Men With No Names, Sarah Meiklejohn et al., Proc. ACM IMC 2013

  15. Spam
    Taster's Choice: A Comparative Analysis of Spam Feeds, Andreas Pitsillidis et al., ACM IMC 2012
    Spamming Botnets: Signatures and Characteristics, Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov, SIGCOMM 2008
    deSEO: Combating Search-Result Poisoning, John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy, and Martin Abadi, Proc. USENIX Security, 2011