Course Info

Class: Mon / Wed 2-3:15PM
Location: Online (Link TBD)

Instructor: Frank Li
Email: frankli@gatech.edu
Office Hours: TBD



Welcome!

Empirical security research seeks to understand how computer security concerns manifest in practice. For example, what strategies and techniques do attackers actually use, and how do they profit from their actions? How do users behave in different security contexts, and why do they behave in those (often insecure) ways? Gaining this understanding is vital for driving improvements in real-world security.

This seminar-style course will cover both classic and recent empirical security studies across a wide range of security topics, including Internet security, underground ecosystems, usable security, and online privacy. Students will analyze, critique, and discuss these works. Beyond broadening their knowledge of real-world computer security, students will gain a deeper understanding of sound and rigorous measurement methodologies for applying to their own work.

Please see the course syllabus for course details, including course requirements and grading.

Schedule

Week 1

8/17: First Class - Introduction to Empirical Computer Security
No readings, but will cover topics discussed in the following papers:
- SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit.
- Strategies for Sound Internet Measurements.
- The Base-Rate Fallacy and the Difficulty of Intrusion Detection.
- Outside the Closed World: On Using Machine Learning For Network Intrusion Detection.
- A Framework for Understanding and Applying Ethical Principles in Network and Security Research.
- Conducting Cybersecurity Research Legally and Ethically.

8/19: Denial of Service + Backscatter Measurements (Classic)
Reading: Inferring Internet Denial-of-Service Activity.

Week 2

8/24: Distributed Denial of Service (Modern)
Reading: Understanding the Mirai Botnet.

8/26: Network Scanning Applications
Reading: Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices.

Week 3

8/31: Internet-wide Network Scanning
Reading: ZMap: Fast Internet-Wide Scanning and its Security Applications.

9/2: Other Network Measurements
Reading: (subject to change) A Longitudinal, End-to-End View of the DNSSEC Ecosystem.

Week 4

9/7: NO CLASS due to Labor Day, Official School Holiday

9/9: Underground Ecosystem - Spam
Reading: (subject to change) Spamalytics: An Empirical Analysis of Spam Marketing Conversion.

Week 5

9/14: Underground Ecosystem - Malware
Reading: Measuring Pay-per-Install: The Commoditization of Malware Distribution.

9/16: Underground Ecosystem - Underground Markets
Reading: Click Trajectories: End-to-End Analysis of the Spam Value Chain.

Week 6

9/21: Project Proposal Presentations
No readings, in-person touch points if desired

9/23: Project Proposal Presentations
No readings, in-person touch points if desired

Week 7

9/28: Underground Ecosystem - Social Networks
Reading: (subject to change) Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse.

9/30: Web Measurements - Security
Reading: (subject to change) Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web.

Week 8

10/5: Web Measurements - Privacy
Reading: The Web Never Forgets:Persistent Tracking Mechanisms in the Wild.

10/7: Web Measurements - Human Factors
Reading: Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness.

Week 9

10/12: Authentication / Passwords
Reading: (subject to change) The Tangled Web of Password Reuse.

10/14: Usable Security (Classic)
Reading: Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0.

Week 10

10/19: Usable Security (Modern)
Reading: (subject to change) Android Permissions: User Attention, Comprehension, and Behavior

10/21: Security in Society - Censorship
Reading: Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests.

Week 11

10/26: Security in Society - Nation-State Attacks
Reading: (subject to change) When Governments Hack Opponents: A Look at Actors and Technology.

10/28: Security in Society - Beyond Traditional Computing
Reading: The Spyware Used in Intimate Partner Violence.

Week 12

11/2: Software Security - Zero-Day Vulnerabilities
Reading: Before we knew it: An empirical study of zero-day attacks in the real world.

11/4: Software Security - Patching Vulnerabilities
Reading: (subject to change) The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching.

Week 13

11/9: NO CLASS due to ACM Conference on Computer and Communications Security (CCS)
No readings, work on class project

11/11: NO CLASS due to ACM Conference on Computer and Communications Security (CCS)
No readings, work on class project

Week 14

11/16: Final Project Presentations
No readings, in-person touch point if desired

11/18: Final Project Presentations
No readings, in-person touch point if desired

Week 15

11/23: Final Class
No readings, finish up any remaining presentations
Frank's research potpourri or random fun topics

11/25: NO CLASS due to Thanksgiving Break

Week 16

Final Project Report due 12/4

Done with class, have a good winter break!!