General Course Information

Learning Objectives

This is a graduate-level network security course. It teaches the concepts, principles, techniques to secure networks. The main topics include:

1. Large-scale attacks and impacts: DDoS attacks, malware-based underground economy

2. Penetration testing and security measures: basic techniques and tools, social engineering and human factors

3. Security of Internet protocols: vulnerabilities of TCP/IP, BGP security, and DNS cache poisoning and DNSSEC

4. Advanced web security: browser security models, session management, and goals and pitfalls of HTTPS

5. Advanced malware analysis: malware obfuscation, mobile malware

6. Advanced network monitoring: botnet detections systems

7. Internet-scale threat analysis: mapping the Internet, domain/network reputation

8. Bitcoins and cryptocurrencies: basic concepts of blockchain and bitcoins, emerging technologies

9. Big data and security: applying machine learning to security analytics, and security of data analysis - data poisoning and model evasion

10.Cloud security: virtual-machine security, goals and pitfalls of property-preserving encryption, oblivious RAM11.Attack-tolerant systems: secret-sharing, Byzantine fault-tolerant systems, diversification and moving-target defense

Pre-Requisites

You should have taken an introductory course on,or be otherwise familiar with, the basic concepts of  information  security (there is very little overlap between this course and 6035). Prior programming experience with C or Java (or similar language) is required .

Course Materials

Reading Materials

There is no required textbook. Papers and other reading materials for each topic will be posted. IT IS VERY IMPORTANT that you read these materials because the videos and slides only cover the high-level concepts, and if you want to really learn the materials, you need to study the papers. The quiz and the exam questions are based on the slides and papers, and the projects are based on the papers as well. This is how we typically run a graduate -level course - read papers and work on projects.

Classroom Management Tools

Everything else can be accessed here through Canvas. All exams, quizzes, lectures, and readings. Our discussion board will be hosted on Piazza and also can be accessed via Canvas.

Course Requirements, Assignments & Grading

Assignment Distribution and Grading Scale

Assignments Weight

Quizzes	10%
Projects	80%
Exam	10%
Extra Credit	5%

Grading Scale

Your final grade will be assigned as a letter grade according to the following scale:

A 90- 100%

B 80-89%

C 70-79%

D 60-69%

F 0-59%

Description of Graded Components

• Ten quizzes for a total of 10%. A quiz will be released when the lessons that it covers are expected to be completed by the students per the schedule. Each quiz is released on a Friday and due in 1 week (on the following Friday) . Quiz questions will be based on the slide materials and readings.

• Five required individual projects for a total of 80%:

o  Project #1: vulnerability scanning and penetration test - exploit a vulnerability of a network service (10%)

o  Project #2: advanced malware analysis - iterative program analysis and debugging of malware (10%)

o  Project #3: advanced web security - attacks and defenses (20%)

o  Project #4: network monitoring - write NIDS rules to identify botnet traffic (20%)

o  Project #5: machine learning for security - build normal traffic profile, design attacks to evade the model (20%)

• 10% exam: T/F and multiple-choice, close-everything, at the end ofsemester. Exam questions are based on the slide materials and projects.

• 5% extra credit: You can make one suggestion for each project. It can be about how to improve the write-up or any  part of the project for future release. If we agree with your suggestion, you will receive one extra point.

Late Assignments

No late submissions (quizzes, exams, etc.) are allowed unless special circumstances subject to Georgia Tech rules (e.g., medical/family emergencies, and instructor approvals) . There are no exceptions to this rule . Projects can be turned in late for a 20% grade reduction for EACH of the first two days after the regular deadline , and a zero grade afterwards .

Regrade Requests

Up to one week after each Project grade is released, you may submit one (and only one) regrade   request. We will not accept regrade requests via email, Piazza, or otherwise. We will only accept them through a Google Form submission. A link to each Project regrade form will be sent following each project’s grade release on Canvas. You will only be able to submit this form once, so make sure you’ve worded your request properly. Note that your grade for this project can go up or down if you request a regrade. If the TA grading it sees a grading mistake that costs you points, they will deduct them. Once your project has been regraded, you will receive an email notification. If, after your project has been regraded, you are still unsatisfied, please post privately on Piazza. If you submit a regrade request after this one-week window, we will not answer or accept your regrade     request. There are no exceptions to this rule.

Submissions Errors

We are aware that Canvas’ submissions system can have errors sometimes and can prevent you from submitting projects at the last minute (before the deadline) . If this happens, please do not panic. Simply email the TA responsible for grading your submission about the error and attach your solutions of the project to this email along with a screenshot of your error on Canvas. However, you will not be allowed to submit documents that are missing from the submission after initial grades have been returned. This is a graduate course and students are responsible for their submissions.

Grading and Feedback

After every Project deadline, feedback on incorrect answers will be released on Canvas. After every Quiz is due, their respective solutions (including your original answers) will be released on Canvas.  After Exam deadline, you will be given feedback on the questions you answered incorrectly only. We will not release full solutions to the exam, which is classified as an “Assignment” on Canvas for technical reasons. So, this feedback can be found under the exam assignment feedback on Canvas once the grades have been released.

Technology Requirements

Computer Hardware and Software

•    Browser and connection speed: An up-to-date version of Google Chrome or Firefox is strongly recommended. 2+ Mbps is recommended.

•    Operating System: Windows XP or higher with latest updates. Mac OS X 10.6 or higher with latest updates. Any Linux recent distribution will work so long as you can install Python and OpenCV.

•    Virtual Machine: You will be provided virtual machines (VM) for performing many of the class assignments and projects. For the projects, the supplied resources are identical to those used to test your submissions. Details for downloading and installing each VM can be found in the project write-ups. You should have at minimum 30GB of free storage (although more , e.g., 80GB, is recommended) .

Proctoring Information

The exam will be proctored. It is similar to the one you would take in the classroom. This means no open textbooks, notebooks, notes, and other like resources are allowed unless any or all of these materials are allowed. These exams are delivered via a tool called Honorlock. Honorlock is an online proctoring service that allows you to take your exam from the comfort of your home. You DO NOT need to create an account, download software or schedule an appointment in advance. Honorlock is available 24/7, and all that is needed is a computer, a working webcam/microphone, your ID, and a   stable internet connection.

To get started, you will need Google Chrome and download theHonorlock Chrome Extension. When you are ready to complete your assessment, log into Canvas, go to your course, and click on your exam. Clicking "Launch Proctoring" will begin the Honorlock authentication process, where you will take a picture of yourself, show your ID, and complete a scan of your room. Honorlock will be recording your exam session through your webcam, microphone, and recording your screen.

Honorlock also has an integrity algorithm that can detect search -engine use, so please do not attempt to search for answers, even if it's on a secondary device.

Honorlock support is available 24/7/365. If you encounter any issues, you may contact them through live chat on thesupport pageor within the exam itself . Some guides you should review are Honorlock MSRs,Student FAQ,Honorlock Knowledge Base, andHow to Use Honorlock. Good luck!

Course Policies, Expectations & Guidelines

Piazza

Piazza will be used as the main communications medium for this class. You are encouraged to post discussions on issues you’re having with projects or otherwise. Please do not post solutions to Piazza. If you do, we may revoke your access to our Piazza page. Please do not post new messages addressing us individually (e.g., Wenke Lee) . We have multiple TAs answering Piazza posts on a rotating basis so you will not get a response from Wenke if you do this. Only if the TA feels the need to, they (the TA) will contact the Head TA to see if the situation can be resolved. If it  cannot be resolved, the Head TA will contact the Instructor and the Instructor will have the final say on the situation.

Email & Communication Policy

In order to handle a class of this size, we must delegate specific topics/questions for each          Instructor/Head TA/TA to handle/answer. Each Instructor/Head TA/TA will only read the types of emails delegated to them as listed below. They will delete and ignore any other types of emails.

•    If you have a regrade request, use the Google Forms link we send you after each project grade release.

•    If, after your project has been regraded, you are still unsatisfied with your grade, please post privately on Piazza.

•    If you would like to request a deadline extension (projects, quizzes, exams, etc.) because of a Georgia Tech approved reason (e.g., medical emergency), please email the Head TA, CC the    Instructor, and attach appropriate documentation (e.g., a doctor’s note for a medical emergency) to your email. Your email’s subject should be named “CS6262 - Deadline Extension Request” . If you do not write the subject as such, your email will be deleted/ignored.

•    If exam grades have been released but you do not see your grade, please email the Head TA with the subject “CS6262 - Exam Grade Issue” . If you do not write the subject as such, your   email will be deleted/ignored.

•    If quiz grades have been released but you do not see your grade, please email the Head TA with the subject “CS6262 - Quiz Grade Issue” . If you do not write the subject as such, your email will  be deleted/ignored.

•    If project grades have been released but you do not see your grade, please post privately on Piazza.

•    If you would like to ask a question about a particular Instructor/Head TA/TA’s office hour (or office hours’ content), email that particular Instructor/Head TA/TA with the subject “CS6262 - Office Hours” .

•    If you would like to ask a question about unclear (or incorrect) wording in projects, quizzes, exam, etc., please post publicly on Piazza.

•    If you would like to ask a question regarding help or advice on a project, please post publicly on Piazza.

•    If a TA cannot resolve your issue on Piazza (after multiple posts with you), then that TA will contact the Head TA in order to resolve the situation. If the Head T A cannot resolve the situation, that Head TA will contact the Instructor and they will have the final say on the situation. Do not directly contact the Head TA or the Instructor. They will not answer your emails unless otherwise noted here in this list.

•    If a TA has not responded to your Piazza post within 2 days, please email the Head TA with the subject “CS6262 - Piazza Post Issue” and provide a link to that Piazza post. If you do not write  the subject as such, your email will be deleted/ignored.

•    If you have taken the class previously or have .ova files from prior courses, please do not use those files to complete the projects because this will result in a zero.

•    Please do not put your projects on public Github. Otherwise, if a student (in the future) copies your codes/projects, the student obviously violates the honor code, but you will also be implicated.

•    Do not contact us about releasing grades and solutions. We will do this only when all student  submissions are in (accounting for those who may have had a Georgia Tech approved reason such as a medical emergency) and we are ready to release them.

•    Do not contact us about re-grading your project after you’ve submitted a regrade request but     before we’ve sent you an email notifying you that your project has bee n regraded. Trust that we are diligently working on re-grading your project and we will notify you when we’re finished.

Online Student Conduct and (N)etiquette

Communicating appropriately in the online classroom can be challenging. In order to minimize th is challenge, it is important to remember several points of “internet etiquette”

that will smooth communication for both students and instructors:

1. Read first, Write later. Read the ENTIRE set of posts/comments on a discussion board before posting your reply, in order to prevent repeating commentary or asking questions that have already been answered.

2. Avoid language that may come across as strong or offensive . Language can be easily            misinterpreted in written electronic communication. Review email and discussion board posts BEFORE submitting. Humor and sarcasm may be easily misinterpreted by your reader(s) .     Try to be as matter of fact and professional as possible.

3. Follow the language rules of the Internet . Do not write using all capital letters, because it will appear as shouting. Also, the use of emoticons can be helpful when used to convey nonverbal feelings. ☺

4. Consider the privacy of others . Ask permission prior to giving out a classmate's email address or other information.

5. Keep attachments small. If it is necessary to send pictures, change the size to an acceptable 250kb or less (one free, web-based tool to try is picresize.com) .

6. No inappropriate material. Do not forward virus warnings, chain letters, jokes, etc. to classmates or instructors. The sharing of pornographic material is forbidden.

NOTE: The instructor reserves the right to remove posts that are not collegial in nature and/or do not meet the Online Student Conduct and Etiquette guidelines listed above.

University Use of Electronic Email

A university-assigned student e-mail account is the official university means of communication with all students at Georgia Institute of Technology. Students are responsible for all information sent to them via their university-assigned e-mail account. If a student chooses to forward information in their university e-mail account, he or she is responsible for all information, including attachments, sent to  any other e-mail account. To stay current with university information, students are e xpected to check their official university e-mail account and other electronic communications on a frequent and consistent basis. Recognizing that some communications may be time -critical, the university recommends that electronic communications be checked minimally twice a week.

Plagiarism & Academic Integrity

Georgia Tech aims to cultivate a community based on trust, academic integrity, and honor. Students are expected to act according to the highest ethical standards. All students enrolled at Georgia Te ch, and all its campuses, are to perform their academic work according to standards set by faculty members, departments, schools and colleges of the university; and cheating and plagiarism constitute fraudulent misrepresentation for which no credit can be given and for which appropriate sanctions are warranted and will be applied.  For information on Georgia Tech's Academic Honor

Code, please visit

http://www.catalog.gatech.edu/policies/honor-code/ or

http://www.catalog.gatech.edu/rules/18/ .

Any student suspected of cheating or plagiarizing on a quiz, exam, or assignment will be reported to the Office of Student Integrity, who will investigate the incident and identify the appropriate penalty for violations.

You are prohibited from posting course materials including quizzes, exams, and projects on the Internet (including public Github) . If any student copies your work that you had posted on -line, you will be considered as having committed plagiarism as well.

Accommodations for Students with Disabilities

If you are a student with learning needs that require special accommodation , contact the Office of Disability Services at (404)894-2563 orhttp://disabilityservices.gatech.edu/ , as soon as possible , to make an appointment to discuss your special needs and to obtain an accommodations letter. Please also e-mail me as soon as possible in order to set up a time to discuss your learning needs .

Student-Faculty Expectations Agreement

At Georgia Tech we believe that it is important to strive for an atmosphere of mutual respect, acknowledgement, and responsibility between faculty members and the student body. See http://www.catalog.gatech.edu/rules/22/ for an articulation of some basic expectation that you can have of me and that I have of you. In the end, simple respect for knowledge, hard work, and cordial  interactions will help build the environment we seek. Therefore, I encourage you to remain committed to the ideals of Georgia Tech while in this class.

Subject to Change Statement

The syllabus and course schedule may be subject to change. It is the responsibility of students to check Piazza, email messages, and course announcements to stay current in their online courses.

Resources for Students

In your time at Georgia Tech, you may find yourself in need of support. Below you will find some resources to support you both as a student and as a person.

Academic support

•    Center for Academic Successhttp://success.gatech.edu

o  1-to- 1 tutoringhttp://success.gatech.edu/1-1-tutoring

o Peer-Led Undergraduate Study (PLUS)http://success.gatech.edu/tutoring/plus

•    OMED: Educational Services (http://omed.gatech.edu/programs/academic-support)

o Group study sessions and tutoring programs

•    Communication Center (http://www.communicationcenter.gatech.edu)

o  Individualized help with writing and multimedia projects

•    Advising and Transition (https://advising.gatech.edu)

o  Study Strategies Seminar coursehttps://advising.gatech.edu/gt2801-study- strategies-seminar

o Academic coachinghttps://advising.gatech.edu/academic-coaching

o Advising in your major http://advising.gatech.edu/

Personal Support

Georgia Tech Resources

•    The Office of the Dean of Students: https://studentlife.gatech.edu/content/get-help-now; 404-894-6367; Smithgall Student Services Building 2nd floor

o You also may request assistance at https://gatech- advocate.symplicity.com/care_report/index.php/pid383662?

•    Center for Assessment, Referral and Education (CARE) 404-894-3498;

https://care.gatech.edu/

o Smithgall Student Services Building 1st floor

o Students seeking assistance  from the Counseling  Center or Stamps  Psychiatry need to visit  CARE first for a primary  assessment  and  referral to on and off     campus  mental  health  and well-being  resources.

o Students in crisis may walk in during business hours (8am -4pm, Monday through

Friday) or contact the counselor on call after hours at 404-894-2575 or 404-894- 3498. Other crisis resources:https://counseling.gatech.edu/content/students-crisis

•    Students’ Temporary Assistance and Resources (STAR):

https://studentlife.gatech.edu/content/star-services

o Can assist with interview clothing, food, and housing needs.

•    Stamps Health Services:https://health.gatech.edu; 404-894-1420

o Primary care, pharmacy, women’s health, psychiatry, immunization and allergy,

health promotion, and nutrition

•    OMED: Educational Services: http://www.omed.gatech.edu

• Women’s Resource Center: http://www.womenscenter.gatech.edu; 404-385-0230

• LGBTQIA Resource Center: http://lgbtqia.gatech.edu/; 404-385-2679

• Veteran’s Resource Center: http://veterans.gatech.edu/; 404-385-2067

• Georgia Tech Police: 404-894-2500; http://www.police.gatech.edu

National Resources

●     TheNational Suicide Prevention Lifeline | 1-800-273-8255

o Free and confidential support 24/7 to those in suicidal or emotional distress

●     TheTrevor Project

o Crisis intervention and suicide prevention support to members of the LGBTQ+ community and their friends

o Telephone | 1-866-488-7386 | 24 hours a day, 7 days a week

o Online chat | 24 hours a day, 7 days a week

o Text message | Text “START” to 687687 | 24hrs day, 7 days a week

Statement of Intent for Inclusivity

As a member of the Georgia Tech community, I am committed to creating a learning environment in which all of my students feel safe and included.  Because we are individuals with varying needs, I am reliant on your feedback to achieve this goal.  To that end, I invite you to enter into dialogue with me about the things I can stop, start, and continue doing to make my classroom an environment in which every student feels valued and can engage actively in our learning community.