---

Course website: https://shhaos.github.io/courses/CS872/netsec-spr24.html

This course is a research-oriented, graduate-level course, centering around both classic and state-of-the-art techniques on various aspects of compter and network security. The course involves both reading/discussing research papers and a term project/final report. The course aims to provide a thorough grounding on the computer and network security for the students who are interested in conducting research in this area, as well as a comprehensive background for those generally interested in networking or security. See below the completed paper list for the topics covered in the course.

---

Course Schedule

The papers will be presented as a seminar-style presentation in of ~1 hour talk plus 15 mins questions/discussions. (Note: You should consider the audience who are not expert in the relevant topic and provide a comprehensive and thorough technical background for the presented paper, which may require you adopt some materials not included in the paper.) The sequence of presentations aim to somehow provide prerequisites for the following papers. Keeping the sequence is suggested. The adjustment is possible but need receive instructor approval.

Date/Topic	Papers/Notes
1/8	Lecture: Course Introduction [slides]
1/10	Lecture: Network and Internet Security 1
1/15	No Class: Martin Luther King Jr. Holiday
1/17	Lecture: Network and Internet Security 2 [slides]
1/22	Lecture: Foundations of Cryptography 1
1/24	Lecture: Foundations of Cryptography 2 [slides]
1/29	Lecture: Web and Browser Security 1: Web Security
1/31	Lecture: Web and Browser Security 2: Vulnerabilities [slides]
2/5 DNS Security	Paper: All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records, ACM CCS'16 [slides]
2/7 DNS Security	Paper: EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis, NDSS'11
2/12 Botnet	Paper: Understanding the Mirai Botnet, USENIX Security'17
2/14 PKI/DNSSEC	Paper: A Longitudinal, End-to-End View of the DNSSEC Ecosystem, USENIX Security'17
2/19 2/21	No Class: Instructor Traveling Due: Paper Selection for Presention
2/26 PKI/RPKI	Paper: Are We There Yet? On RPKI’s Deployment and Security, NDSS'17
2/28 Censorship	Paper: Understanding the Practices of Global Censorship through Accurate, End-to-End Measurements, ACM SIGMETRICS'22
3/4 3/6	No Class: Spring Holiday Due: Final Report Topic Selection
	The schedule will be updated as the course progresses.

Completed Paper List

1. System Security

StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, USENIX Security'98.
Setuid Demystified, USENIX Security'02.
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity, IEEE S&P (Oakland)'10.
User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems, IEEE S&P (Oakland)'12.
OPERA: Open Remote Attestation for Intel’s Secure Enclaves, ACM CCS'19.

2. Network Security

Bro: A System for Detecting Network Intruders in Real-Time, USENIX Security'98.
Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics, USENIX Security'01.
Inferring Internet Denial of Service Activity, USENIX Security'01.
SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks, IEEE S&P (Oakland)'04.
From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware, USENIX Security'12.
Spamming Botnets: Signatures and Characteristics, ACM SIGCOMM'08.
Your Botnet is My Botnet: Analysis of a Botnet Takeover, ACM CCS'09.
EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis, NDSS'11.
Understanding the Mirai Botnet, USENIX Security'17.
A Longitudinal, End-to-End View of the DNSSEC Ecosystem, USENIX Security'17.
End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks, USENIX Security'18.
RAPTOR: Routing Attacks on Privacy in Tor, USENIX Security'15.
When HTTPS Meets CDN: A Case of Authentication in Delegated Service, IEEE S&P (Oakland)'14.
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks, USENIX Security'14.
Are We There Yet? On RPKI’s Deployment and Security, NDSS'17.

3. Cloud Security

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, ACM CCS'09.
HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis, IEEE S&P (Oakland)'11.
Cross-Tenant Side-channel Attacks in PaaS Clouds, ACM CCS'14.
TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation, NDSS'17.
Maneuvering Around Clouds: Bypassing Cloud-based Security Providers, ACM CCS'15.
All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records, ACM CCS'16.

4. Web Security

Dynamic Pharming Attacks and Locked Same-origin Policies for Web Browsers, ACM CCS'07.
Click Trajectories: End-to-End Analysis of the Spam Value Chain, IEEE S&P (Oakland)'11.
Characterizing Large-Scale Click Fraud in ZeroAccess, ACM CCS'14.
Who Touched My Browser Fingerprint? A Large-scale Measurement Study and Classification of Fingerprint Dynamics, ACM IMC'20.
Juice: A Longitudinal Study of an SEO Botnet, NDSS'13.
Cookies Lack Integrity: Real-World Implications, USENIX Security'15.
Characterizing Large-Scale Click Fraud in ZeroAccess, ACM CCS'14.
Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures, IEEE S&P (Oakland)'13.

5. Privacy and Censorship

The Web Never Forgets: Persistent Tracking Mechanisms in the Wild, ACM CCS'14.
Detecting and Defending Against Third-Party Tracking on the Web, NSDI'12.
Why Does Your Data Leak? Uncovering the Data Leakage in Cloud From Mobile Apps, IEEE S&P (Oakland)'19.
OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS, NDSS'18.
Augur: Internet-Wide Detection of Connectivity Disruptions, IEEE S&P (Oakland)'17.
Understanding the Practices of Global Censorship through Accurate, End-to-End Measurements,ACM SIGMETRICS'22.

6. AI/ML Security

Dos and Don'ts of Machine Learning in Computer Security, USENIX Security'22.
Trojaning Attack on Neural Networks, NDSS'18.
Stealing Machine Learning Models via Prediction APIs, USENIX Security'16.
Deep Entity Classification: Abusive Account Detection for Online Social Networks, USENIX Security'21. DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning, ACM CCS'17.

7. Miscellaneous

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices, USENIX Security'12.
MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense, ACM CCS'18.
It’s Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services, NDSS'16.

---

Presentations

Each student will give one full paper presentation selected from above pool. The slides used to present the paper in the class must be created by the presenters. Using materials from original authors or others is allowed but needs to be properly cited.

The slides should be sent to the instructor 2-3 days ahead of the presentation (a draft version will be fine), so the instructor can review the technical part and provide feedback, as well as arrange additional lecture for providing background if necessary.

---

Paper Reviews and Final Report

Each student is required to write two paper reviews. The Final report is either a research-oriented technical report or a survey paper for a specific topic within the scope of the course. Details and instruction will be given in the lecture and post later.

Grading and Policies

• 5% Class Participation
• 40% Presentations
• 20% Paper Reviews
• 35% Final Report

Reference Textbooks

Network Security: Private Communication in a Public World, 3rd Edition, by Charlie Kaufman, Radia Perlman, Mike Speciner, and Ray Perlner
Computer Security: A Hands-on Approach, by Wenliang Du

The suggested textbooks are not required.