Instructor: Shuai Hao
Email: shao -AT-
Office: 3111 E&CS Building
Lecture time: Thursday / 9:30 am - 12:15 pm
Location: Dragas Hall 1102
Office hours: 2-4 pm Wednesday

This course is a research-oriented, graduate-level course, centering around introducing both classical and emerging Internet technologies and security enhancements. The course aims to provide a thorough grounding on the Internet and security for the students who are interested in conducting research in this area, as well as a comprehensive background for those generally interested in networking or security. Topics covered in the course include: Internet infrastrucuture and fundamental services; intrusion detection systems; DDoS attacks; malware and botnets; routing system; public key infrastructure; Anonymity and Cencorship; Web systems and attacks; Cybercrime (e.g., advertising networks and spam).

Reading List and Course Schedule

The papers will be presented as a seminar-style presentation in ~50 mins talk plus 10 mins questions/discussions. The sequence of presentations aim to somehow provide prerequisites for the following papers. Keeping the sequence is suggested. The adjustment is possible but need receive instructor approval.

Note: The Reference Reading provides a background, comparison, or supplement to the presented paper. Reading these papers is not required and it is up to the presenter to decide if/how to involve the reference reading paper in the presentation.

Tentative Paper List

The schedule could be revised as the course progresses.

Topic Papers/Notes
/ Lecture: Course Introduction [slides]
/ Lecture: Internet Architecture and Fundemental Services [slides]
/ Lecture: Network Security [slides]
Infrastructure Content Delivery and the Natural Evolution of DNS: Remote DNS Trends, Performance Issues and Alternative Solutions, ACM IMC'12

(Reference Reading: End-User Mapping: Next Generation Request Routing for Content Delivery, ACM SIGCOMM'15)

Infrastructure Satellite: Joint Analysis of CDNs and Network-Level Interference, USENIX ATC'16
DNS Security Building a Dynamic Reputation System for DNS, USENIX Security'10
DNS Security Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates, NDSS'18

(Reference Reading: All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records, ACM CCS'16)

DDoS Inferring Internet Denial of Service Activity, USENIX Security'01
DDoS SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks, IEEE S&P (Oakland)'04
10/10 No Class (Instructor traveling)
10/17 Final Report Topic Selection Due (Abstract/Paper Structure)
NIDS Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics, USENIX Security'01
Botnets; DNS Security From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware, USENIX Security'12
Botnets Spamming Botnets: Signatures and Characteristics, ACM SIGCOMM'08
Botnets Understanding the Mirai Botnet, USENIX Security'17

(Reference Reading: Your Botnet is My Botnet: Analysis of a Botnet Takeover, ACM CCS'09)

PKI/DNSSEC A Longitudinal, End-to-End View of the DNSSEC Ecosystem, USENIX Security'17

(Reference Reading: Measuring the Practical Impact of DNSSEC Deployment, USENIX Security'13)

PKI/HTTPS When HTTPS Meets CDN: A Case of Authentication in Delegated Service, IEEE S&P (Oakland)'14
PKI/HTTPS The Security Impact of HTTPS Interception, NDSS'17
Routing Security Accurate Real-time Identification of IP Prefix Hijacking, IEEE S&P (Oakland)'07

(Reference Reading: A Study of Prefix Hijacking and Interception in the Internet, SIGCOMM'07)

PKI/RPKI Are We There Yet? On RPKI’s Deployment and Security, NDSS'17

(Reference Reading: Why Is It Taking So Long to Secure Internet Routing, ACM Queue'14)

Anonymity RAPTOR: Routing Attacks on Privacy in Tor, USENIX Security'15
Anonymity Measuring and Mitigating AS-level Adversaries against Tor, NDSS'16
Censorship Augur: Internet-Wide Detection of Connectivity Disruptions, IEEE S&P (Oakland)'17
Censorship Global Measurement of DNS Manipulation, USENIX Security'17
Web Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures, IEEE S&P (Oakland)'13
Web Detecting and Defending Against Third-Party Tracking on the Web, NSDI'12
Web Dynamic Pharming Attacks and Locked Same-origin Policies for Web Browsers, ACM CCS'07

(Reference Reading: Google Browser Security Handbook, Part1, Part2)

Ad network; Spam Click Trajectories: End-to-End Analysis of the Spam Value Chain, IEEE S&P (Oakland)'11
Ad network Characterizing Large-Scale Click Fraud in ZeroAccess, ACM CCS'14.
TLS The Matter of Heartbleed, ACM IMC'14
Email Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security, ACM IMC'15


The slides used to present the paper in the class must be created by the presenters. Using materials from original authors or others needs to be properly cited. The slides should be sent to the instructor 2-3 days ahead of the presentation (a draft version will be fine), so the instructor can review the technical part and provide feedback, as well as arrange additional lecture for providing background if necessary.

The slides will be made available on the course website. If you are not comfortable with that, let the instructor know and you will be granted your preference.

Homework and Final Report

Homework is submitted as paper reviews for the papers studied in the class. The Final report is a survey paper for a specific topic within the scope of the course. Details and instruction will be given in the lecture and post later.

Grading and Policies