Presentation is loading. Please wait.

Presentation is loading. Please wait.

Welcome to EECS 450 Internet Security. 2 Why Internet Security The past decade has seen an explosion in the concern for the security of information –Malicious.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Welcome to EECS 450 Internet Security. 2 Why Internet Security The past decade has seen an explosion in the concern for the security of information –Malicious."— Presentation transcript:

1 Welcome to EECS 450 Internet Security

2 2 Why Internet Security The past decade has seen an explosion in the concern for the security of information –Malicious codes (viruses, worms, etc.) caused over $28 billion in economic losses in 2003 and $67 billion in 2006! Security specialists markets are expanding ! –“Salary Premiums for Security Certifications Increasing” (Computerworld 2007) Up to 15% more salary Demand is being driven not only by compliance and government regulation, but also by customers who are "demanding more security" from companies –US Struggles to recruit compute security experts (Washington Post Dec. 23 2009)

3 3 Why Internet Security (cont’d) Internet attacks are increasing in frequency, severity and sophistication –The number of scans, probes, and attacks reported to the DHS has increased by more than 300 percent from 2006 to 2008. –Karen Evans, the Bush administration's information technology (IT) administrator, points out that most federal IT managers do not know what advanced skills are required to counter cyberattacks.

4 4 Why Internet Security (cont’d) Virus and worms faster and powerful –Cause over $28 billion in economic losses in 2003, growing to over $75 billion in economic losses by 2007. –Code Red (2001): 13 hours infected >360K machines - $2.4 billion loss –Slammer (2003): 15 minutes infected > 75K machines - $1 billion loss Spams, phishing … New Internet security landscape emerging: BOTNETS ! –Conficker/Downadup (2008): infected > 10M machines MSFT offering $250K reward

5 The History of Computing For a long time, security was largely ignored in the community –The computer industry was in “survival mode”, struggling to overcome technological and economic hurdles –As a result, a lot of comers were cut and many compromises made –There was lots of theory, and even examples of systems built with very good security, but were largely ignored or unsuccessful E.g., ADA language vs. C (powerful and easy to use)

6 Computing Today is Very Different Computers today are far from “survival mode” –Performance is abundant and the cost is very cheap –As a result, computers now ubiquitous at every facet of society Internet –Computers are all connected and interdependent –This codependency magnifies the effects of any failures

7 Biological Analogy Computing today is very homogeneous. –A single architecture and a handful of OS dominates In biology, homogeneous populations are in danger –A single disease or virus can wipe them out overnight because they all share the same weakness –The disease only needs a vector to travel among hosts Computers are like the animals, the Internet provides the vector. –It is like having only one kind of cow in the world, and having them drink from one single pool of water!

8 The Spread of Sapphire/Slammer Worms

9 The Flash Worm Slammer worm infected 75,000 machines in <15 minutes A properly designed worm, flash worm, can take less than 1 second to compromise 1 million vulnerable machines in the Internet –The Top Speed of Flash Worms. S. Staniford, D. Moore, V. Paxson and N. Weaver, ACM WORM Workshop 2004.The Top Speed of Flash Worms –Exploit many vectors such as P2P file sharing, intelligent scanning, hitlists, etc.

10 Logistics Instructor Yan Chen (ychen@northwestern.edu), Associate Professorychen@northwestern.edu Zhichun Li (lizc@cs.northwestern.edu), Research Associatelizc@cs.northwestern.edu Joint email contact: eecs450-staff@cs.northwestern.edu: eecs450-staff@cs.northwestern.edu Location and time Mon and Wed 10:30-11:50am, LG62 Tech

11 Seminar class: paper reading + a big project Start with overview of Internet attack landscape Introducing complicated Internet sevices 2.0 and its diagnosis Major attack force: botnet Most important emerging threat: Web security Other topics –Mobile system security (Android) –Social net security Major network defense mechanism: network intrusion detection/prevention system Course Overview

12 Prerequisites and Course Materials Required: EECS340 (Intro to computer networking) or any introductory networking course, or talk to me Highly Recommended: EECS350/354 No required textbook – paper reading! Recommended books on computer security (see webpage for a complete list)

13 Grading No exams for this class Class participation 10% Paper reading summary 10% In class paper presentation and debate 25% Project 55% –Proposal and survey 5% –Midterm presentation and report 10% –Weekly report and meeting 10% –Final presentation 10% –Final report 20%

14 Paper Reading Write a very brief summary of each paper, to be emailed to me before the class Summary should include: –Paper title and its author(s) –Brief one-line summary –A paragraph of the one or two most significant new insight(s) you took away from the paper –A paragraph of at least two most significant flaw(s) of the paper –A last paragraph where you state the relevance of the ideas today, potential future research suggested by the article

15 Class Format - Presentation Student presentations of one paper or two closely related papers –Background, basic problems, survey of the related work, give overview to the general problems (30 minutes) –40 minutes for particular solutions presented in these two papers –Each non-speaker are strongly recommended to ask questions Summarize with the last 10 minutes

16 Format of the Presentation Presentation should include the following –Motivation and background –Classification of related work/background –Main ideas –Evaluation and results –Open issues Send the slides to the instructors for review at least 24 hours ahead of the class Guidelines online

17 Projects The most important part of class Group of 3~4 people (Undergrads will be paired w/ a grads) Project list to be discussed soon Proposal – 4/11 –3-4 pages describing the purpose of the project, work to be done, expected outcome/results and related work Weekly Meeting and Progress Report – 4/5 – 6/2 –Each team will schedule a weekly meeting (30 minutes) with the instructors. An accumulative work-in-progress report (with 1-2 page new content) is due 24 hours ahead of the meeting. Midterm presentation – 5/3 Project Presentation – 6/2 Final Report – 6/9

18 Next … Sign up for Presentation Symantec Internet Threat Report Discussion of potential projects –High-speed network intrusion detection system: UltraPAC – Daniel, Jing (Mon 2pm) –Web Cross-origin AJAX – Vaibhav, Yi (Tue 10am) –Mobile system security (Android system) -- Ted, Tyler, Brett (Tue 1pm) –Social networking security -- Jun, Jingnan, Tuo (Mon 4pm)

Download ppt "Welcome to EECS 450 Internet Security. 2 Why Internet Security The past decade has seen an explosion in the concern for the security of information –Malicious."

Similar presentations

Slide 01-1COMP 7370, Auburn University COMP 7370 Advanced Computer and Network Security Dr. Xiao Qin Auburn University

Slide 01-1COMP 7370, Auburn University COMP 7370 Advanced Computer and Network Security Dr. Xiao Qin Auburn University
Introduction and Logistics Amir Houmansadr CS660: Advanced Information Assurance Spring 2015.

Introduction and Logistics Amir Houmansadr CS660: Advanced Information Assurance Spring 2015.
CS 345 Distributed Systems Fabián E. Bustamante, Winter 2004 Welcome to Advanced OS Fabián E. Bustamante (Instructor) Yi Qiao (Ad Honorem TA) Communication.

CS 345 Distributed Systems Fabián E. Bustamante, Winter 2004 Welcome to Advanced OS Fabián E. Bustamante (Instructor) Yi Qiao (Ad Honorem TA) Communication.
CSCI 11 Google’s Technology and its Impact on our Culture David Irwin Winter Study 2008 January 5, 2008.

CSCI 11 Google’s Technology and its Impact on our Culture David Irwin Winter Study 2008 January 5, 2008.
The Structure of Networks with emphasis on information and social networks RU T-214-SINE Summer 2011 Ýmir Vigfússon.

The Structure of Networks with emphasis on information and social networks RU T-214-SINE Summer 2011 Ýmir Vigfússon.
Welcome to EECS 350 Introduction to Computer Security.

Welcome to EECS 350 Introduction to Computer Security.
Welcome to CS 395/495 Introduction to Computer Security.

Welcome to CS 395/495 Introduction to Computer Security.
Advanced Topics in Next- Generation Wireless Networks Qian Zhang Department of Computer Science HKUST.

Advanced Topics in Next- Generation Wireless Networks Qian Zhang Department of Computer Science HKUST.
Welcome to EECS 354 Network Penetration and Security.

Welcome to EECS 354 Network Penetration and Security.
Welcome to CS 450 Internet Security: A Measurement-based Approach.

Welcome to CS 450 Internet Security: A Measurement-based Approach.
Welcome to CS 395/495 Basic Information Security: Technology, Business and Law.

Welcome to CS 395/495 Basic Information Security: Technology, Business and Law.
Welcome to EECS 440 Advanced Networking. What is this class about? Goal: to help you learn how to do the networking research –Read research papers –Argue.

Welcome to EECS 440 Advanced Networking. What is this class about? Goal: to help you learn how to do the networking research –Read research papers –Argue.
Welcome to EECS 450 Internet Security. Why Internet Security The past decade has seen an explosion in the concern for the security of information –Malicious.

Welcome to EECS 450 Internet Security. Why Internet Security The past decade has seen an explosion in the concern for the security of information –Malicious.
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: 509-359-6908 Office.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
Privacy-Aware Computing Introduction. Outline  Brief introduction Motivating applications Major research issues  Tentative schedule  Reading assignments.

Privacy-Aware Computing Introduction. Outline  Brief introduction Motivating applications Major research issues  Tentative schedule  Reading assignments.
CSCE790: Security and Privacy for Emerging Ubiquitous Communication system Wenyuan Xu Department of Computer Science and Engineering University of South.

CSCE790: Security and Privacy for Emerging Ubiquitous Communication system Wenyuan Xu Department of Computer Science and Engineering University of South.
Welcome to CS 395/495 Internet Measurement and its Reverse Engineering.

Welcome to CS 395/495 Internet Measurement and its Reverse Engineering.
Welcome to EECS 395/495 Networking Problems in Cloud Computing.

Welcome to EECS 395/495 Networking Problems in Cloud Computing.
CSCD 330 Network Programming Winter 2012 Lecture 1 - Course Details.

CSCD 330 Network Programming Winter 2012 Lecture 1 - Course Details.
Welcome to CS 395/495 Measurement and Analysis of Online Social Networks.

Welcome to CS 395/495 Measurement and Analysis of Online Social Networks.

Similar presentations

Ads by Google