CS 97 - Senior Conference: Intrusion Detection

CS 97 Senior Conference: Intrusion Detection
TR 2:40-3:55pm, SCI 246
Fall 2005
Swarthmore College

Professor:	Benjamin Kuperman
email:	kuperman AT cs swarthmore edu Please include "CS97" in the subject.
AIM:	ProfKuperman
Office:	SCI 253
Phone:	328-8665
Office Hours:	Mon 2-3pm, Wed 9:30-11:00am

Quick link to http://edventure.brynmawr.edu/

Announcements

ACM Regional Programming Contest will be Nov 12. Please see Ben Kuperman for more information.
sample LaTeX files

Course Description
Text and Useful Links
Grading
Course Policy
Course Schedule
Papers

Course Description

Text and Useful Links

There is no text for this course, though I will put a number of books from my personal collection on reserve in the library.

The following websites are good sources for information on papers in this course and similar areas:

Citeseer - on line digital library
Citeseer mirror
Google Scholar
ACM Digital Library
IEEE Computer Society Digital Library
IEEE Xplore (Swarthmore has a subscription)

General Computer Security Paper Collections

http://www.sans.org/rr/ - SANS Reading Room
http://csrc.nist.gov/publications/ NIST's Computer Security Resource Center
http://csrc.nist.gov/publications/history/ - classic papers in computer security
http://www.usenix.org/publications/ - papers and articles from Usenix
http://www.insecure.org/reading.html - Fyodor's Good Reading List
http://www.securitydocs.com/ Network Security White Papers (?)
http://www.secinf.net/ (?)

Security Conferences

http://www.raid-symposium.org/ - Conference web home for Recent Advances in Intrusion Detection (RAID)
IEEE Security and Privacy
Usenix Security
ESORICS
ACSAC
http://csrc.nist.gov/nissc/ - National Information Systems and Security Conference (NISSC)

Security Sites

http://securityfocus.com/ - has a mailing list just for IDS
http://packetstormsecurity.nl/

If you find other useful sites, let me know and I'll add them.

Grading

Grades will be calculated based on the following distribution:

20% - Critiques/class participation
20% - Paper presentations, class discussion (2)
5% - Project proposal
10% - Literature Review
10% - Rough Draft
10% - Reviewer Comments (2)
10% - Project Presenation
20% - Final Paper

Reading Responses/Critiques

Submitted via EdVenture
Goal to further discussion and understanding
- Not just a summary, show some insight
- good things
- flaws
- thoughts provoked
- questions raised
Responses for credit must be in by 8pm the night before. No "credit" late responses, but they do help with the discussion.
Read and reply early

Paper Presentations

45 minute presentation, coordinate discussion afterwards
Topic and paper focus

Put in context
- Forwards and backwards citations
What inspired this?
What did this inspire?
Why this paper "Rocks!"
Why this paper "Sucks!"

Make use of reading responses

Homework and Course Policy

Schedule

(Subject to change)

WEEK	DAY	Note	READING	HW
1	Aug 30		Administrivia	Background
1	Sep 01		Background of IDS Computer Security Threat Monitoring and Surveillance, James P. Anderson, 1980. An Intrusion Detection Model, Dorothy E. Denning, 1986.
2	Sep 06		Taxonomy (Ben) AINT Misbehaving: A Taxonomy of Anti-Intrusion Techniques, Lawrence R. Halme and R. Kenneth Bauer, 2000. (local copy) Towards a Taxonomy of intrusion-detction systems, Herve Debar, Marc Dacier, and Andreas Wespi, 1999.
2	Sep 08		Pattern matching (Ken) A pattern matching model for misuse intrusion detection, Sandeep Kumar and Gene Spafford, 1994. A secure environment for untrusted helper applications, Goldberg et al, 1996. (Janus)
3	Sep 13		Honeynets (Heather) An evening with Berferd, Bill Cheswick Honeynets, Honeynet Arms Race, KYE Profile: Credit Card Fraud
3	Sep 15		Network intrusion detection (Javier) Network Intrusion Detection, Biswanath Mukherjee, Todd Heberlein, Karl N. Levitt, 1994. Bro: A system for detecting network intruders in real time, Vern Paxon 1999
4	Sep 20		Insertion and Evasion (Connie) Insertion, Evastion, and Denial of Service: Eluding Network Intrusion Detection, Thomas H. Ptacek and Timothy N. Newsham, 1998.	Initial Project Proposal
4	Sep 22		Happy-fun Honeypot day	Initial Project Proposal
5	Sep 27		Computer Immunology (Ethan?) (Javier) A Sense of Self for Unix Processes, Stephanie Forrest et al, 1996. Immune System Approaches to Intrusion Detection - A Review, Aickelin et al.	Literature Search/Review
5	Sep 29		DARPA IDS Shootout (Ben) Testing Intrusion Detection Systems, John McHugh, 2000.
6	Oct 04		Machine Learning(Alan) Lane, Brodley Lee, Stolfo
6	Oct 06		Base Rate Fallacy
	Oct 11	October Break (Oct 8 - 17)
	Oct 13	October Break (Oct 8 - 17)
7	Oct 18		Proposal Presentations (10 min)	Revised Proposal
7	Oct 20		Paper presentation planning and instructions on critiquing	Revised Proposal
8	Oct 25		Anonymous Networks (Dan) Onion Routing Crowds CACM Article (Journal Article)	Work on Project
8	Oct 27		Honeypot Forensics (Connie) Honeypot Forensics
9	Nov 01		Alert Correlation (Javier)
9	Nov 03		Evolving 3D Morphology (Ethan)
10	Nov 08		Network Traceback (Ken)
10	Nov 10		Neural Networks (Ben)
11	Nov 15		Security Tools (Alan)	Rough Draft
11	Nov 17		Warhol Worms (Grant)	Rough Draft
12	Nov 22		Worm Taxonomy (Heather)	Presentation
12	Nov 24	Thanksgiving Break (Nov 24 - 28)
13	Nov 29		Student Project Presentation 1, 2, 3
13	Dec 01		Student Project Presentation 4, 5, 6
14	Dec 06		Student Project Presentation 7 + overflow
	Dec 13	Final Paper Due

Papers

Last Modified: Thu 20 Oct 2005 02:23:08 PM EDT - Benjamin A. Kuperman

CS 97 Senior Conference: Intrusion Detection TR 2:40-3:55pm, SCI 246 Fall 2005 Swarthmore College