Course Syllabus - 790.091 --- Spring 2021

Network Security (Spring 2021)

Meeting Times

When: Tuesdays and Thursdays, 11am - 12:15pm
Where: Remote Only

Breadth Requirement Classification: Systems & Hardware

Description

This course focuses on selected topics in network security, with a particular focus on real-time protocols for securing the Internet, traffic monitoring and intrusion detection techniques, malware propagation and detection approaches, digital forensics and web tracking. Where appropriate, we examine threats and vulnerabilities to specific architectures (e.g., IoT) and protocols. The overarching objective is to provide students with exposure to common techniques in threat research. Topics will be related to both endpoint detection (e.g., static and dynamic analyses) and network situational awareness techniques (e.g., botnet detection) for collecting indicators of compromise. Students will also gain a better understanding of the techniques, procedures and tactics used by various threat actors. Programming exercises will involve system and network-level techniques for dissecting the different stages of cyberattacks (spanning reconnaisance, infection, and persistence). The course follows a hybrid structure composed of lectures led by the instructor as well as students-led discussions on selected papers. Introduction to Computer Security (COMP535) or equivalent is required as a prerequisite before taking this course. It is expected that students have good familiarity with Operating Systems concepts (e.g., memory management, processes, file systems). In addition, familiarity with low-level systems programming (e.g., C and assembly) will be necessary for understanding the details of some of the assigned readings, and will be helpful in completing the programming exercises (e.g., on malware classification and forensic discovery).

The required course project will be related to techniques for identifying, defending and attributing cyberattacks. The project will involve validating ideas covered in one or more papers discussed in class. The project will entail using system-level information to support (or refute) artifacts from network traffic (or vice-versa) to make a case for attribution. The full list of papers will be available online.

Readings, Critiques, and Presentations

Students are required to read the material assigned during the semester and be able to competently discuss the material in class. Reviews (2 pages max) on papers will be required. These reviews will be graded by your peers. Specific guidance on review criteria will be provided to all students. Additionally, all students must use a version control system for sharing their solutions to the assigned tasks and be prepared to discuss how they solved a given task.

Office Hours

Weds 2pm-3:30 or by appointment via CourseCare.

Grading

This is intended to be an INTERACTIVE class, and as such, class participation will play a significant role in the course grading criteria. Tentative weights for the grading are as follows:

Deliverable	Grade
Programming tasks and in-class explanations of solutions	30%
Presentation of selected paper(s)	30%
Written paper reviews	10%
Course project (teams of 2-3 students)	20%
Class participation (discussions on current topics)	10%

Academic Integrity and Ethical Hacking

Students will be exposed to knowledge and techniques that can be used for hacking, penetrating and attacking computer systems. Such knowledge is integral to any course on Computer / Network Security. That said, applying the learned techniques "in the wild" can result in violations of local and international laws and/or of institutional policies. Applying these concepts outside of the classroom setting can have very serious consequences: do not take it lightly. Students must sign the course honor code pledge and must abide to the University honor code.

Helpful books on background material

M. Sikorski and A. Honig. Practical Malware Analysis, 1st edition, 2012. The material presented in Chapters 1-3 of this book will be helpful for the programming assignments on malware classification.
R. Hyde M. The Art of Assembly Language, 2nd edition, 2010.
Programming guides:
- Automating the boring stuff with Python by Sweigart or Black Hat Python by Seitz.

The list of required readings for student presentation will be provided online [TBD].

Learning Outcomes

Upon successful completion of this course, students will:

understand fundamental notions of network threats, vulnerabilities, attacks and countermeasures.
understand how malicious code functions, the vulnerabilities that make propagation possible (e.g., buffer overflows), and what methods and practices are available for mitigation.
understand the threats and vulnerabilities that are specific to a networked environment and explain countermeasures.
have an understanding for the vulnerabilities brought about by modern web-based application and services and discuss countermeasures.
have an appreciation for the concerns of privacy and some of the approaches to fend them off.
be able to clearly communicate ideas and to describe technical computer security concepts, so as to be readily understood by their peers.

Absense Policy

As this is an active seminar-style course, it is expected that students will be in attendance during class. Special circumstances may be handled on a per-case basis, if coordinated as soon as possible with the professor.

Accommodations

The University of North Carolina at Chapel Hill facilitates the implementation of reasonable accommodations, including resources and services, for students with disabilities, chronic medical conditions, a temporary disability or pregnancy complications resulting in barriers to fully accessing University courses, programs and activities. Accommodations are determined through the Office of Accessibility Resources and Service (ARS) for individuals with documented qualifying disabilities in accordance with applicable state and federal laws. See the ARS Website for contact information: https://ars.unc.edu or email ars@unc.edu.