Topics in Network Forensics
(Tsinghua University, Summer 2013)
Instructor: Ping Ji
Class Schedule
| Date/Time | Topic | Reading |
|
Lec 1: 5/21 (T) 10am - noon |
Course Overview Internet Architecture Review |
1. Kurose & Ross, Computer Networking - A Top Down Approach, latest version |
|
Lec 2: 5/23 (R) 4pm - 6pm |
Internet Addressing & InterDomain Routing |
1. BGP Routing Policies in ISP networks, Matthew Caesar and Jennifer Rexford, IEEE Network, Vol 19, Issue 6, 2005 2. On Inferring Autonomous System Relationships in the Internet, Lixin Gao, IEEE/ACM Transactions on Networking (TON), Vol. 9, Issue 6, 2001 |
|
Lec 3: 5/24 (F) 10am - noon |
IP Prefix Hijacking Detection |
1. A Study of Prefix Hijacking and Interception in the Internet, H. Ballani, P. Francis and X. Zhang, SIGCOMM 2007 2. A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Realtime, C. Zheng, L. Ji, D. Pei, J. Wang and P. Francis, SIGCOMM 2007 3. iSPY: Detecting IP Prefix Hijacking on My Own, Z. Zhang, Y. Zhang, Y. Hu, Z. Mao and R. Bush, SIGCOMM 2008 4. TowerDefense: Deployment Strategies for Battling against IP Prefix Hijacking, T. Qiu, L. Ji, D. Pei, J. Wang and J. Xu, ICNP 2010 5. Visualizing Interdomain Routing with BGPlay, L. Colitti, G. Battista, F. Mariani, M. Patrignani, M. Pizzonia, 2003 |
|
Lec 4: 5/27 (M) 4pm - 6pm |
IP Traceback |
1. E. Katz-Bassett, H. Madhyastha, V. Adhikari, C. Scott, J. Sherry, P. Wesep, T. Anderson and A. Krishnamurthy, Reverse Traceroute, NSDI 2010, Best Paper Award 2. A. Snoeren,et al, Single-packet IP Traceback, ACM SIGCOMM 2001. 3. K. Shanmugasundaram, et al, Payload Attribution via Hierarchical Bloom Filters, ACM CCS 2004 4. A. Belenky and N. Ansari, IP Traceback With Deterministic Packet Marking, IEEE COMMUNICATIONS LETTERS, vol. 7, no. 4, pp. 162¨C164, Apr. 2003. 5. S. Savage, et.al, Practical Network Support for IP Traceback, ACM SIGCOMM, 2000. 6. Z. Xu, et.al, AK-PPM: An Authenticated Packet Attribution Scheme for Mobile Ad Hoc Netowrks, RAID 2012 7. M. F. D. Dean and A. Stubblefield, An Algebraic Approach to IP Traceback, Network and Distributed System Security Symposium, 2001 8. R. Shokri, et.al., DDPM: Dynamic Deterministic Packet Marking for IP Traceback, 2006 9. Y. Xiang, et.al., Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks |
|
Lec 5: 5/28 (T) 10am - noon |
||
|
Lec 6: 5/30 (R) 4pm - 6pm |
Accountable IP |
1. Accountable Internet Protocol (AIP), D. Andersen, Hari Balakrishnan, N. Feamster, T. Koponen, D. Moon and S. Shenker, SIGCOMM 2008 2. ForNet: A Distributed Forensics Network, K. Shanmugasundaram, N. Memon, A. Savant, H. Brronnimann, International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, 2003 |
|
Lec 7: 5/31 (F) 10am - noon |
Anonymity |
1. The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability, David Chaum, Journal of Cryptology 1/1, pp. 65-75, 1988. 2. TOR: The Second-Generation Onion Router, R.Dingledine, N.Mathewson, P.Syverson, 2004 3. Detecting stepping stones, Y. Zhang and V. Paxson, 2000 4. Detection of stepping stone attack under delay and chaff perturbations, Zhang et al, 2006 5. Information Slicing: Anonymity Using Unreliable Overlays, S.Katti, J.Cohen, D.Katabi, USENIX NSDI 2007 6. Detection of Interactive stepping stones, Blum et al, 2004 |
|
Lec 8: 5/31 (F) 2pm - 4pm |
Botnets & Spam |
1. The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets, Evan Cooke, Farnam Jahanian, Danny McPherson, SRUTI (Steps to Reducing Unwanted Traffic on the Internet) 2005 2. What’s Clicking What? Techniques and Innovations of Todays Clickbots, B. Miller, P. Pearce, C. Grier, C. Kreibich and V. Paxson, DIMVA 2011 3. To Filter or to Authorize: Network-Layer DoS Defense Against Multimillion-node Botnets, X. Liu, X. Yang and Y. Lu, SIGCOMM 2008 4. Inference and Analysis of Formal Models of Botnet Command and Control Protocols, C. Cho, D. Babic, E. Shin, D. Song, CCS 2010 5. Show Me the Money: Characterizing Spam-advertised Revenue, C. Kanich, N. Weaver, D. McCoy, T. Halvorson, C. Kreibich, etc., USENIX Security Symposium, 2011 6. Understanding the Network-Level Behavior of Spammers, A. Ramachandran and N. Feamster, SIGCOMM 2006 (Best student paper award) 7. Spamming Botnets: Signatures and Characteristics, Y. Xie, F. Yu, K. Achan, R. Panigrahy, G. Hulten, I. Osipkov, SIGCOMM 2008 8. Detecting Spam Zombies by Monitoring Outgoing Messages, Zhenhai Duan, et.al., Infocom 2009 9. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection, Guofei Gu, Et.Al, USENIX Security Symposium, 2008 |
|
Lec 9: 6/3 (M) 4pm - 6pm |
Identity Theft | Scoping Paper on Online Identity Theft, Organization for Economic Co-operation and Development, 2008 |
|
Lec 10: 6/4 (T) 10am - noon |
Social Network Security |
1. Measurement and Analysis of Online Social Networks, Alan Mislove, Massimiliano Marcon and Krishna P. Gummadi, IMC 2007 2. Information Revelation and Privacy in Online Social Networks (The Facebook case), Ralph Gross and Alessandro Acquisti, ACM Workshop on Privacy in the Electronic Society (WPES), 2005 3.Detecting and Characterizing Social Spam Campaigns, Hongyu Gao, Jun Hu, Christo Wilson, Zhichun Li, Yan Chen and Ben Y. Zhao, IMC 2010 4. Detecting and Analyzing Automated Activity on Twitter, Chao Michael Zhang and Vern Paxson, PAM 2011 |
|
Lec 11, 6/7 (R) 4pm - 6pm |
Cloud Security | 1. Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control, Richard Chow, Philippe Golle, Markus Jakobsson, Elaine Shi, Jessica Staddon, Ryusuke Masuoka and Jesus Molina, CCSW 2009 |
|
Lec 12: 6/8 (F) 10am - noon |
Wireless Networks |
1. Intercepting Mobile Communications: The Insecurity of 802.11, Nikita Borisov, Ian Goldberg, David Wagner, in Proceedings of 7th Annual International Conference on Mobile Computing and Networking, July 2001 2. Enhanced TKIP Michael Attacks, Martin Beck, Feb 2010 3. MS-PEAP, Microsoft PEAP specification, Sept. 2011 |
|
Lec 13: 6/8 (F) 2pm - 4pm |
||
|
Lec 14: 6/21 (F) 10am - noon |
Project Proposal Presentation | |
|
Lec 15: 7/7 (M) 10am - noon |
Final Project Presentation I | |
|
Lec 16: 7/8 (T) 10am - noon |
Final Project Presentation II |