Adaptive Security (Fall 2020): Difference between revisions
| (2 intermediate revisions by the same user not shown) | |||
| Line 96: | Line 96: | ||
| * [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/lippmann-raid00.pdf Lippmann et al., Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation for Detecting Network Intruders in Real-Time.] (RAID 2000) | * [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/lippmann-raid00.pdf Lippmann et al., Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation for Detecting Network Intruders in Real-Time.] (RAID 2000) | ||
| * [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/mchugh-darpa.pdf McHugh, Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory.] (2000) | * [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/mchugh-darpa.pdf McHugh, Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory.] (ACM TISSEC 2000) | ||
| * [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/axelsson-base-rate.pdf Axelsson, The Base-Rate Fallacy and the Difficulty of Intrusion Detection.] (2000) | * [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/axelsson-base-rate.pdf Axelsson, The Base-Rate Fallacy and the Difficulty of Intrusion Detection.] (ACM TISSEC 2000) | ||
| * [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/mahoney-darpa.pdf Mahoney & Chan, An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection.] (2003) | * [https://homeostasis.scs.carleton.ca/~soma/id-2007w/readings/mahoney-darpa.pdf Mahoney & Chan, An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection.] (RAID 2003) | ||
| * [https://homeostasis.scs.carleton.ca/~soma/pubs/brown-cisda2009.pdf Brown, "Analysis of the 1999 DARPA/Lincoln Laboratory IDS Evaluation Data with NetADHICT."] (CISDA 2009) | * [https://homeostasis.scs.carleton.ca/~soma/pubs/brown-cisda2009.pdf Brown, "Analysis of the 1999 DARPA/Lincoln Laboratory IDS Evaluation Data with NetADHICT."] (CISDA 2009) | ||
Latest revision as of 02:58, 24 November 2020
Course Outline
The outline for the Fall 2020 run of Adaptive Security is available here.
Zoom link info is in cuLearn. If you can't access it, please email anilsomayaji at cunet.carleton.ca!
Research Journal
Your research journal is due by 9 PM the night before class. If you need more time please message me (on Teams) that you are running late. Entries are graded out of 4. Make sure to date stamp your entries. You may have multiple entries between classes; I will look at all entries since the last class.
For instructions on reviewing papers, see here.
Literature Review
To help you write a literature review or the background of a research paper, read the following:
- Harvey, "What Is a Literature Review?" (DOC) (PPT)
- Taylor, "The Literature Review: A Few Tips On Conducting It"
Class Schedule
September 10, 2020
Introduction
September 15, 2020
- A. K. Dewdney, Core Wars (local copy)
- In the game called Core War hostile programs engage in a battle of bits. (Scientific American, May 1984)
- A Core War bestiary of viruses, worms and other threats to computer memories (Sciencific American, March 1985)
- A program called MICE nibbles its way to victory at the first Core War tournament (Scientific American, January 1987)
- Of worms, viruses and Core War (Scientific American, March 1989)
 
Adaptive Security 2020F Lecture 3|September 17, 2020
- Tom Ray, Tierra (1992): Pixelated but with Figures, Clearer Text
- Choosing a Project
September 22, 2020
- Neti, "Software diversity: Security, Entropy, and Game Theory." (HotSec 2012)
- Foster, "Object-Level Recombination of Commodity Applications." (GECCO 2010)
September 24, 2020
- Oda, "Content Provider Conflict on the Modern Web." (ASIA 2008)
- Oda, "Visual Security Policy for the Web." (HotSec 2010)
September 29, 2020
- Forrest, "A Sense of Self for Unix Processes." (Oakland 1996)
- Somayaji, "Automated Response Using System-Call Delays." (USENIX Security 2000)
October 1, 2020
- Matrawy, "Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management." (ACNS 2005)
- Hijazi, "Discovering Packet Structure through Lightweight Hierarchical Clustering." (ICC 2008)
October 6, 2020
- Somayaji, "Evaluating Security Products with Clinical Trials." (CSET 2009)
- Lévesque, "A clinical study of risk factors related to malware infections." (CCS 2013)
October 8, 2020
- Wagner & Soto, "Mimicry attacks on host-based intrusion detection systems." (CCS 2002)
- Wagner & Dean, "Intrusion detection via static analysis." (Oakland 2001)
- Forrest, "The Evolution of System-call Monitoring." (ACSAC 2008)
October 13, 15, & 20, 2020
Review two papers per class following this template. Post your reviews on the Readings Wiki on Teams (in the Readings channel).
October 22, 2020
- Findlay, "bpfbox: Simple Precise Process Confinement in eBPF." (CCSW 2020)
- Chao, "Information Immune Systems." (Genetic Programming and Evolvable Machines, 2003)
November 3, 2020
Look at the papers in the USENIX Security 2000 and USENIX Security 2010 as compared to the papers in USENIX Security 2020.
- How have the kinds of papers changed over the years?
- How has the ratio of attack to defence papers changed?
- Has the "practicality" of papers changed?
November 17, 2020
- Carver, "Establishing a baseline for measuring advancement in the science of security: an analysis of the 2015 IEEE security & privacy proceedings." (HotSoS 2016)
- Burcham, "Characterizing scientific reporting in security literature: An analysis of ACM CCS and IEEE S&P papers." (HotSoS 2017)
November 19, 2020
- Tan & Maxion, "'Why 6?': Defining the Operational Limits of stide, an Anomaly-Based Intrusion Detector." (Oakland 2002)
- Sekar,"A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors." (Oakland 2001)
November 24, 2020
- Lippmann et al., Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation for Detecting Network Intruders in Real-Time. (RAID 2000)
- McHugh, Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. (ACM TISSEC 2000)
- Axelsson, The Base-Rate Fallacy and the Difficulty of Intrusion Detection. (ACM TISSEC 2000)
- Mahoney & Chan, An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. (RAID 2003)
- Brown, "Analysis of the 1999 DARPA/Lincoln Laboratory IDS Evaluation Data with NetADHICT." (CISDA 2009)
November 26, 2020
- Pu, Massalin, & Ioannidis, "The Synthesis Kernel." (Computing Systems 1988)
December 1, 2020
- Brooks, "A Robust Layered Control System For A Mobile Robot." (MIT 1985)
- Brooks, "Intelligence Without Representation." (AI 1991)
- Brooks, "Challenges for complete creature architectures." (SAB 1991)
December 3, 2020
December 8, 2020
Presentations 1
December 10, 2020
Presentations 2
Project Milestones
- September 18, 2020: Areas of interest
- September 29, 2020: Elevator Pitch
- November 2, 2020: Literature Review
- December 1, 2020: Tests/Preliminary Work
- December 23, 2020: Final Project Report
Other Readings
Here are some optional readings, most with a more biological bent:
- Somayaji, "How to Win an Evolutionary Arms Race." (IEEE S&P, Nov-Dec 2004)
- Margulis & Sagan, Acquiring Genomes: A Theory Of The Origin Of Species (Basic Books, 2002-2008): Google Books, Talk on YouTube from Feb. 20, 2004 at the University of Massachusetts, book review by Axel Meyer
Note that some of the content of this course came from a previous course, Biological Approaches to Computer Security:
The focus of this class will be on designing and building actual defenses so we won't cover many of these readings. However, you may want to take a look at them for inspiration.