---

Course website: https://shhaos.github.io/courses/CS872/netsec-fall25.html

This course is a research-oriented, graduate-level course, centering around both classic and state-of-the-art techniques on various aspects of compter and network security. The course involves both reading/discussing research papers and a term project/final report. The course aims to provide a thorough grounding on the computer and network security for the students who are interested in conducting research in this area, as well as a comprehensive background for those generally interested in networking or security. See below the completed paper list for the topics covered in the course.

---

Course Schedule

The papers will be presented as a seminar-style presentation in of 45 mins talk (including ~10 mins questions/discussions). (Note: You should consider the audience who are not expert in the relevant topic and provide a comprehensive and thorough technical background for the presented paper, which may require you adopt some materials not included in the paper.)

Date/Topic	Papers/Notes
8/25	Lecture: Course Introduction [slides]
8/27	Lecture: Network and Internet Security 1
9/1	No Class: Labor Day Holiday
9/3	Lecture: Network and Internet Security 2 [slides]
9/8	No Class: Instructor's Appointment
9/15	Lecture: Foundations of Cryptography 1
9/17	Lecture: Foundations of Cryptography 2
9/22	Lecture: Foundations of Cryptography 2 [slides] Deadline: Paper Selection
9/24	Lecture: Web and Browser Security 1: Web Security
9/29	Lecture: Web and Browser Security 2: Web Vulnerabilities [slides]
10/1	Lecture: Cloud Computing & Paper presentation: All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records (Instructor)
10/6	Paper presentation: Are We There Yet? On RPKI’s Deployment and Security (Instructor)
10/8	Paper presentation: Who Touched My Browser Fingerprint? A Large-scale Measurement Study and Classification of Fingerprint Dynamics (Instructor)
10/13	No Class: Fall Holiday Deadline: Project Topics
10/15	Deep Entity Classification: Abusive Account Detection for Online Social Networks (J. Xu)
10/20	Cookies Lack Integrity: Real-World Implications (M. Robinson)
10/22	Exit from Hell? Reducing the Impact of Amplification DDoS Attacks (C. Larsen)
10/27	TextGuard: Provable Defense against Backdoor Attacks on Text Classification (M. Lin)
10/29	Understanding the Mirai Botnet (S. Alfred)
11/3	Adversarial Illusions in Multi-Modal Embeddings (J. Li)
11/5	Student Paper presentation
11/10	Paper presentation: Censorship - Quack and Augur (Instructor)
11/12	Paper presentation (Guest Speaker - tentative)
11/17	Final project presentation/discussion (10-15 min each)
11/19	Final project presentation/discussion (10-15 min each)
11/24 11/26	No Class: Thanksgiving Holiday and Final report writing
12/1	Course Summary
12/3	No Class: Final report writing
	The schedule will be updated as the course progresses.

Completed Paper List

1. System Security

StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, USENIX Security'98.
Setuid Demystified, USENIX Security'02.
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity, IEEE S&P'10.
User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems, IEEE S&P'12.
OPERA: Open Remote Attestation for Intel’s Secure Enclaves, ACM CCS'19.

2. Network Security

Bro: A System for Detecting Network Intruders in Real-Time, USENIX Security'98.
Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics, USENIX Security'01.
Inferring Internet Denial of Service Activity, USENIX Security'01.
SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks, IEEE S&P'04.
From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware, USENIX Security'12.
Spamming Botnets: Signatures and Characteristics, ACM SIGCOMM'08.
Your Botnet is My Botnet: Analysis of a Botnet Takeover, ACM CCS'09.
EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis, NDSS'11.
Understanding the Mirai Botnet, USENIX Security'17.
A Longitudinal, End-to-End View of the DNSSEC Ecosystem, USENIX Security'17.
End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks, USENIX Security'18.
RAPTOR: Routing Attacks on Privacy in Tor, USENIX Security'15.
When HTTPS Meets CDN: A Case of Authentication in Delegated Service, IEEE S&P'14.
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks, USENIX Security'14.
Are We There Yet? On RPKI’s Deployment and Security, NDSS'17.
Cached and Confused: Web Cache Deception in the Wild, USENIX Security'20.
Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack, USENIX Security'23.

3. Cloud Security

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, ACM CCS'09.
HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis, IEEE S&P'11.
Cross-Tenant Side-channel Attacks in PaaS Clouds, ACM CCS'14.
TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation, NDSS'17.
Maneuvering Around Clouds: Bypassing Cloud-based Security Providers, ACM CCS'15.
All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records, ACM CCS'16.

4. Web Security

Dynamic Pharming Attacks and Locked Same-origin Policies for Web Browsers, ACM CCS'07.
Click Trajectories: End-to-End Analysis of the Spam Value Chain, IEEE S&P'11.
Characterizing Large-Scale Click Fraud in ZeroAccess, ACM CCS'14.
Who Touched My Browser Fingerprint? A Large-scale Measurement Study and Classification of Fingerprint Dynamics, ACM IMC'20.
Juice: A Longitudinal Study of an SEO Botnet, NDSS'13.
Cookies Lack Integrity: Real-World Implications, USENIX Security'15.
Characterizing Large-Scale Click Fraud in ZeroAccess, ACM CCS'14.
Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures, IEEE S&P'13.
Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale, USENIX Security '20.

5. Privacy and Censorship

The Web Never Forgets: Persistent Tracking Mechanisms in the Wild, ACM CCS'14.
Detecting and Defending Against Third-Party Tracking on the Web, NSDI'12.
Why Does Your Data Leak? Uncovering the Data Leakage in Cloud From Mobile Apps, IEEE S&P'19.
OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS, NDSS'18.
Augur: Internet-Wide Detection of Connectivity Disruptions, IEEE S&P'17.
Understanding the Practices of Global Censorship through Accurate, End-to-End Measurements, ACM SIGMETRICS'22.
Is Nobody There? Good! Globally Measuring Connection Tampering Without Responsive Endhosts, IEEE S&P'25.

6. AI/ML/LLM Security

Dos and Don'ts of Machine Learning in Computer Security, USENIX Security'22.
Trojaning Attack on Neural Networks, NDSS'18.
Stealing Machine Learning Models via Prediction APIs, USENIX Security'16.
Deep Entity Classification: Abusive Account Detection for Online Social Networks, USENIX Security'21. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning, ACM CCS'17.
Malla: Demystifying Real-world Large Language Model Integrated Malicious Services, USENIX Security'24.
The Odyssey of robots.txt Governance: Measuring Convention Implications of Web Bots in Large Language Model Services, CCS'25.
Effective PII Extraction from LLMs through Augmented Few-Shot Learning, USENIX Security'25.

7. Crypto/Miscellaneous

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices, USENIX Security'12.
MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense, ACM CCS'18.
It’s Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services, NDSS'16.
Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web, CCS'19.

---

Presentations

Each student will give one full paper presentation selected from above pool. The slides used to present the paper in the class must be created by the presenters. Using materials from original authors or others is allowed but needs to be properly cited.

The slides should be sent to the instructor 2-3 days ahead of the presentation (a draft version will be fine), so the instructor can review the technical part and provide feedback, as well as arrange additional lecture for providing background if necessary.

---

Paper Reviews and Final Report

Each student is required to write two paper reviews. The Final report is either a research-oriented technical report or a survey paper for a specific topic within the scope of the course. Details and instruction will be given in the lecture and post later.

Grading and Policies

• 5% Class Participation
• 35% Presentations
• 20% Paper Reviews
• 40% Final Report

Reference Textbooks

Network Security: Private Communication in a Public World, 3rd Edition, by Charlie Kaufman, Radia Perlman, Mike Speciner, and Ray Perlner
Computer Security: A Hands-on Approach, by Wenliang Du

The suggested textbooks are not required.