FCM 745 - Network Forensics
Fall, 2008

Class Schedule

Date Topics covered (or comments) Notes  Readings  
 Lec 1, 9/2   Course Overview,
  Network Trace Monitoring,

  Project one assigned (download) 		  slides overview, Lecture 1.1 Lecture 1.2 1. Casey: Chapter 10-13 related parts, Chapter 14
2. Bejtlich: Chapter 5, 7, 11, 17, 18
3. RFC 1739 - A Primer On Internet and TCP/IP Tools
4. Ethereal Network Analyzer
 Lec 2, 9/9
 9/16   CLASS CANCELLED    
 Lec 3, 9/23   IP Traceback   slides Lecture 2   1. A. Snoeren,et al, Single-packet IP Traceback, ACM SIGCOMM 2001.
  2. K. Shanmugasundaram, et al, Payload Attribution via Hierarchical Bloom Filters, ACM CCS 2004
  3. A. Belenky and N. Ansari, IP Traceback With Deterministic Packet Marking, IEEE COMMUNICATIONS LETTERS, vol. 7, no. 4, pp. 162¨C164, Apr. 2003.
  4. S. Savage, et.al, Practical Network Support for IP Traceback, ACM SIGCOMM, 2000.
  5. M. F. D. Dean and A. Stubblefield, An Algebraic Approach to IP Traceback, Network and Distributed System Security Symposium, 2001
 9/30   NO CLASS    
 Lec 4, 10/7   Stepping Stone Detection
  Project one due!		   slides Lecture 3   1. Detecting stepping stones, Y. Zhang and V. Paxson, 2000
  2. Detection of Interactive stepping stones, Blum et al, 2004
  3. Detection of stepping stone attack under delay and chaff perturbations, Zhang et al, 2006
  4. Stepping-stone detection via request-response traffic analysis, Huang et al, 2007
 10/14   NO CLASS    
 Lec 5, 10/21   Inter Domain Routing - BGP   slides Lecture 4   1. Kurose & Ross, Chapter 4
  2. BGP Routing Policies in ISP Networks, M. Caesar and J. Rexford, IEEE Network, Vol 19, Issue 6, 2005
  3. On Inferring Autonomous System Relationships in the Internet, L. Gao, IEEE/ACM Transaction on Networking (TON), Vol 9, Issue 6, 2001
 Lec 6, 10/28   IP Prefix Hijacking   slides Lecture 5   [IP Prefix Hijacking]
  1. A Study of Prefix Hijacking and Interception in the Internet, H. Ballani, P. Francis and X. Zhang, SIGCOMM 2007
  2. A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Realtime, C. Zheng, L. Ji, D. Pei, J. Wang and P. Francis, SIGCOMM 2007
  3. iSPY: Detecting IP Prefix Hijacking on My Own, Z. Zhang, Y. Zhang, Y. Hu, Z. Mao and R. Bush, SIGCOMM 2008
  [Accountability]
  4. Accountable Internet Protocol (AIP), D. Andersen, Hari Balakrishnan, N. Feamster, T. Koponen, D. Moon and S. Shenker, SIGCOMM 2008
 Lec 7, 11/4   Network Security Analysis
  Final Project Proposal Due!
 Project Two assigned (download) 		  slides Lecture 6   1. Gigascope: a Stream Database for Network Application, C. Cranor, T. Johnson, O. Spatscheck and V. Shkapenyuk, SIGMOD 2003
  2. A Heartbeat Mechanism and its Application in Gigascope, T. Johnson, S.Muthukrishnan, V.Shkapenyuk and O.Spatscheck, VLDB 2005
  3. Enriching Network Security Analysis with Time Travel, G.Maier, R.Sommer, H.Dreger, A.Feldmann, V.Paxson, F.Schneider, SIGCOMM 2008
 Lec 8, 11/11   Wireless Networks   slides Lecture 7   1. Casey: Chapter 16
  2. Kurose & Ross: Chapter 6, Chapter 8.8.4
 11/18   IN-Class EXAM    
 Seminar I, 11/25   - Spam (Pedro Tejeda)
  - Intrusion Detection and Response (Chris Marrone and Thomas Ricardo)
   Slides available upon request   [Spam]
  * The Botnet Wistper
  * Understanding the Network-Level Behavior of Spammers, A. Ramachandran and N. Feamster, SIGCOMM 2006 (best student paper award)
  * Spamming Botnets: Signatures and Characteristics, Y.Xie, F.Yu, K.Achan, R.Panigrahy, G.Hulten, I.Osipkov, SIGCOMM 2008
  [Intrusion Detection and Response]
 Seminar II, 12/2   - Bittorrent Attacks (Marti Ksionsk)
  - Anonymity (Jessica Ho)
  - VoIP Security (Rustu Deryol) 		  Slides available upon request   [Bittorrent Attacks]
  * BotTorrent: Misusing BitTorrent to Launch DdoS Attacks, El Defrawy, K., Gjoka, M., Markopoulou, A, USENIX 3rd Workshop on Steps to Reducing Unwanted Traffic on the Internet, 2007
  * DDoS Vulnerability Analysis of Bittorrent Protocol , Ka Cheung Sia, UCLA Tech. Report, Spring 2006
  [Anonymity]
  * TOR: The Second-Generation Onion Router, R.Dingledine, N.Mathewson, P.Syverson, USENIX Security Symposium, 2004
  * Information Slicing: Anonymity Using Unreliable Overlays, S.Katti, J.Cohen, D.Katabi, USENIX NSDI 2007.
  [VoIP Security]
  * Security Considerations for Voice Over IP Systems, R. Kuhn, T. Walsh, and S. Fries, NIST Special Publication 800-58, January 2005.
  * Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet, X. Wang, S. Chen, and S. Jajodia, in Proceedings of ACM CCS, 2005.
 Seminar III, 12/4 (Thu.), Last Class   - Multimedia Forensics ( Sabir Kamran )
  - Wireless Forensics (Sahin Buyrukbilen)
  - More on Stepping Stone (Robert Shullich) 		  Slides available upon request   [ Multimedia Forensics]
  [Wireless Forensics]
  * Wireless Wardriving, Luca Caviglione, in Handbook of Research on Wireless Security, 2008
  * WI-Foo: The Secrets of Wireless Hacking, A. Vladimirov, K. Gavrilenko, A. Mikhailovsky, Addison Wesley
  [Stepping Stone]
  The Optimization Of Stepping Stone Detection: Packet Capturing Steps, M. Omar, M. Maarof, and A. Zainal, Journal Teknologi Siri D, No. 44, Jun 2006
  Dropped Packet Problems in Stepping Stone Detection Method, M. Omar, L. Siregar, and R. Budiarto, IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.2, February 2008, pp 109-115