FCM 745 - Network Forensics
Fall 2013, John Jay College of Criminal Justice
Class Schedule
| Date | Topics covered (or comments) | Readings |
| Lec 1, 9/3 | Course Overview, Internet Routing & BGP |
- Kurose & Ross, Computer Networking - A Top Down Approach, Chapter 4 - BGP Routing Policies in ISP networks, Matthew Caesar and Jennifer Rexford, IEEE Network, Vol 19, Issue 6, 2005 - On Inferring Autonomous System Relationships in the Internet, Lixin Gao, IEEE/ACM Transactions on Networking (TON), Vol. 9, Issue 6, 2001 |
| Lec 2, 9/10 |
IP Prefix Hijacking Detection (Project One) Case Study: Matt Honen's Life Hacked Presenter: Louise Cheung |
- A Study of Prefix Hijacking and Interception in the Internet, H. Ballani, P. Francis and X. Zhang, SIGCOMM 2007 - A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Realtime, C. Zheng, L. Ji, D. Pei, J. Wang and P. Francis, SIGCOMM 2007 - iSPY: Detecting IP Prefix Hijacking on My Own, Z. Zhang, Y. Zhang, Y. Hu, Z. Mao and R. Bush, SIGCOMM 2008 - TowerDefense: Deployment Strategies for Battling against IP Prefix Hijacking, T. Qiu, L. Ji, D. Pei, J. Wang and J. Xu, ICNP 2010 - Visualizing Interdomain Routing with BGPlay, L. Colitti, G. Battista, F. Mariani, M. Patrignani, M. Pizzonia, 2003 |
| Lec 3, 9/17 |
IP Traceback Case Study:Suicide Points to Rise in Apps Used by Cyberbullies Presenter: Chavier Carpen |
- E. Katz-Bassett, H. Madhyastha, V. Adhikari, C. Scott, J. Sherry, P. Wesep, T. Anderson and A. Krishnamurthy, Reverse Traceroute, NSDI 2010, Best Paper Award - A. Snoeren,et al, Single-packet IP Traceback, ACM SIGCOMM 2001. - K. Shanmugasundaram, et al, Payload Attribution via Hierarchical Bloom Filters, ACM CCS 2004 - A. Belenky and N. Ansari, IP Traceback With Deterministic Packet Marking, IEEE COMMUNICATIONS LETTERS, vol. 7, no. 4, pp. 162-164, Apr. 2003. - S. Savage, et.al, Practical Network Support for IP Traceback, ACM SIGCOMM, 2000. - Z. Xu, et.al, AK-PPM: An Authenticated Packet Attribution Scheme for Mobile Ad Hoc Netowrks, RAID 2012 - M. F. D. Dean and A. Stubblefield, An Algebraic Approach to IP Traceback, Network and Distributed System Security Symposium, 2001 - R. Shokri, et.al., DDPM: Dynamic Deterministic Packet Marking for IP Traceback, 2006 - Y. Xiang, et.al., Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks |
| Lec 4, 9/24 | Anonymity Case Study:Data Breach Presenter: Suchitra Shetty |
- The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability, David Chaum, Journal of Cryptology 1/1, pp. 65-75, 1988. - TOR: The Second-Generation Onion Router, R.Dingledine, N.Mathewson, P.Syverson, 2004 - Detecting stepping stones, Y. Zhang and V. Paxson, 2000 - Detection of stepping stone attack under delay and chaff perturbations, Zhang et al, 2006 - Information Slicing: Anonymity Using Unreliable Overlays, S.Katti, J.Cohen, D.Katabi, USENIX NSDI 2007 - Detection of Interactive stepping stones, Blum et al, 2004 |
| Lec 5, 10/1 | Botnet & Spam Case Study:Internet Census Presenter: Max Lamboy |
- The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets, Evan Cooke, Farnam Jahanian, Danny McPherson, SRUTI (Steps to Reducing Unwanted Traffic on the Internet) 2005 - What's Clicking What? Techniques and Innovations of Todays Clickbots, B. Miller, P. Pearce, C. Grier, C. Kreibich and V. Paxson, DIMVA 2011 - To Filter or to Authorize: Network-Layer DoS Defense Against Multimillion-node Botnets, X. Liu, X. Yang and Y. Lu, SIGCOMM 2008 Inference and Analysis of Formal Models of Botnet Command and Control Protocols, C. Cho, D. Babic, E. Shin, D. Song, CCS 2010 - Show Me the Money: Characterizing Spam-advertised Revenue, C. Kanich, N. Weaver, D. McCoy, T. Halvorson, C. Kreibich, etc., USENIX Security Symposium, 2011 - Understanding the Network-Level Behavior of Spammers, A. Ramachandran and N. Feamster, SIGCOMM 2006 (Best student paper award) - Spamming Botnets: Signatures and Characteristics, Y. Xie, F. Yu, K. Achan, R. Panigrahy, G. Hulten, I. Osipkov, SIGCOMM 2008 - Detecting Spam Zombies by Monitoring Outgoing Messages, Zhenhai Duan, et.al., Infocom 2009 - BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection, Guofei Gu, Et.Al, USENIX Security Symposium, 2008 |
| Lec 6, 10/8 | Accountable IP (Project 2) Case Study: ATM Scam Presenter: Chunhui Meng |
- Accountable Internet Protocol (AIP), D. Andersen, Hari Balakrishnan, N. Feamster, T. Koponen, D. Moon and S. Shenker, SIGCOMM 2008 - ForNet: A Distributed Forensics Network, K. Shanmugasundaram, N. Memon, A. Savant, H.Bronnimann, International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, 2003 |
| 10/15 | NO CLASS | |
| Lec 7, 10/22 | Final Project Proposal Due Accountable IP (cont.) Case Study: Ransomware Presenter: Jessica Suarez |
|
| Lec 8, 10/29 | Wireless Network Fundamentals Case Study: Electronic CarJacking Presenter: Thierno Diallo |
- Kurose & Ross: Computer Networking, A Top-Down Approach Featuring the Internet, Chapter 6 |
| Lec 9, 11/5 | Wireless Network Security Case Study Presenter: Hasan Dogan |
- Intercepting Mobile Communications: The Insecurity of 802.11, Nikita Borisov, Ian Goldberg, David Wagner, in Proceedings of 7th Annual International Conference on Mobile Computing and Networking, July 2001 - Enhanced TKIP Michael Attacks, Martin Beck, Feb 2010 - MS-PEAP, Microsoft PEAP specification, Sept. 2011 - Hacking Exposed Wireless, 2nd Edition, Johnny Cache, Joshua Wright, Vincent Liu, McGraw-Hill Osborne Media, ISBN: 978-0071666619 |
| Lec 10, 11/12 | Wireless Network Security (cont.) Case Study Presenter: Fatih Isiktas |
|
| Lec 11, 11/19 | Social Networks Case Studies Presenters: Ahmet Oguz & Frank Ono |
- Information Revelation and Privacy in Online Social Networks (The Facebook Case), Ralph Gross and Alessandro Acquisti, ACM Workshop on Privacy in the Electronic Society (WPES), 2005 - Detecting and Characterizing Social Spam Campaigns, H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen, B. Zhao, IMC 2010 - [Optional] Persona: An Online Social Network with User-Defined Privacy, R. Baden, A. Bender, N. Spring, B. Bhattacharjee and D. Starin, Sigcomm 2009 |
| Lec 12, 11/26 | Lab Session: Mobile Forensics |
|
| Lec 13, 12/3 | IN CLASS EXAM | |
| Lec 14, 12/10 | Final Project Presentation | |
| 12/23 | Final Project Report Due |