Erinevus lehekülje "ITC8112" redaktsioonide vahel
5. rida: | 5. rida: | ||
'''Time:''' Odd weeks, Wednesday, 17:45-20:15 | '''Time:''' Odd weeks, Wednesday, 17:45-20:15 | ||
− | '''Location: ICT-312 | + | '''Location:''' ICT-312 |
'''Course Objectives:''' Main objective is to present and discuss some of the technical research topics recently emerged due to the new technical and strategic dimensions of cyber security. | '''Course Objectives:''' Main objective is to present and discuss some of the technical research topics recently emerged due to the new technical and strategic dimensions of cyber security. |
Redaktsioon: 27. jaanuar 2016, kell 13:32
Special Course in Cyber Security / 2015-2016 Spring Term
Instructor: Hayretdin Bahsi, hayretdin.bahsi@ttu.ee
Time: Odd weeks, Wednesday, 17:45-20:15
Location: ICT-312
Course Objectives: Main objective is to present and discuss some of the technical research topics recently emerged due to the new technical and strategic dimensions of cyber security.
Learning Outcomes: After successful completion of the course, students will have solid understanding about the discussed security concepts and their links with the strategic concepts. They will find opportunity to enhance their practical skills by hands-on homeworks. Their research capabilities will be improved by conducting an implementation project or preparing a short literature survey paper.
Textbook: No specific textbook is required. Appropriate documents and papers are listed below.
Grading: Grading is mainly based on the success of students in the term project. Homework assignments that include some hands-on studies will be delivered.
A tentative distribution of grading items are given as follows: • Attendance: 15% • Homework Assignments: 25% • Term Project (Report/Paper+Presentations): 60%
The final grade will be converted to "pass" if it exceeds 60 (out of 100) otherwise it will be "fail".
Homework assignments will be delivered on weeks 3 and 11. They will include hands-on studies about the utilization of security scanning and attack graph generation tools.
Students may follow one of the two paths for the term project. First path is to conduct an implementation project that requires to integrate existing security tools or to develop a new tool in order to solve a technical problem. The other path is to prepare a short literature survey about a topic. Surveys should include the analysis of at least 5 papers. Students can choose their project or paper topics by themselves but their choices are subject to approval by instructor. They can also select their topics from a list which will be given by the instructor. Each student is requested to present the project findings or literature survey to the class.
Syllabus:
Classes will take place in two-week period. Reading resources for each week are given below.
Week 1: Definitions of key terms and some background information
Week 3: Cyber threat intelligence and information sharing
• Jon Friedman, Mark Bouchard, Definite Guide for Cyber Threat Intelligence, 2015, iSightPartners
• Romain Bourgue, Joshua Budd, Jachym Homola, and Michal Wlasenko, Dariusz Kulawik Detect, Share, Protect Solutions for Improving Threat Data Exchange among CERTs, 2013, ENISA
• Burger, Eric W., et al. "Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies." Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security. ACM, 2014.
Week 5: Advanced persistent threats
• Hutchins, Eric M., Michael J. Cloppert, and Rohan M. Amin. "Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains." Leading Issues in Information Warfare & Security Research 1 (2011): 80.
• Sood, Aditya K., and Richard J. Enbody. "Targeted cyberattacks: a superset of advanced persistent threats." IEEE security & privacy 1 (2013): 54-61.
• APT1 Exposing One of China’s Cyber Espionage Units, 2013, MANDIANT.
Week 7: Cyber security situational awareness and continuous monitoring
• Jakobson, Gabriel. "Mission cyber security situation assessment using impact dependency graphs." Information Fusion (FUSION), 2011 Proceedings of the 14th International Conference on. IEEE, 2011.
• Natarajan, Arun, et al. NSDMiner: Automated discovery of network service dependencies. IEEE, 2012.
• Mell, Peter, et al. "CAESARS Framework new Extension: An Enterprise Continuous Monitoring Technical Reference Model (Second Draft)." (2012).
Week 9: Deception in cyber defence
• Almeshekah, Mohammed H., and Eugene H. Spafford. "Planning and integrating deception into computer security defenses." Proceedings of the 2014 workshop on New Security Paradigms Workshop. ACM, 2014.
• Virvilis, Nikos, Oscar Serrano Serrano, and Bart Vanautgaerden. "Changing the game: The art of deceiving sophisticated attackers." Cyber Conflict (CyCon 2014), 2014 6th International Conference On. IEEE, 2014.
Week 11: Attack graphs
• Ou, Xinming, Sudhakar Govindavajhala, and Andrew W. Appel. "MulVAL: A Logic-based Network Security Analyzer." USENIX security. 2005.
• Singhal, Anoop, and Xinming Ou. Security risk analysis of enterprise networks using probabilistic attack graphs. US Department of Commerce, National Institute of Standards and Technology, 2011.
• Cheng, Pengsu, et al. "Aggregating CVSS base scores for semantics-rich network security metrics." Reliable Distributed Systems (SRDS), 2012 IEEE 31st Symposium on. IEEE, 2012.
Week 13: Cyber security of industrial control systems (ICSs)
• CSSP, DHS. "Recommended Proctice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies." US-CERT Defense In Depth (October 2009) (2009).
• Robinson, Michael. "The SCADA threat landscape." Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research 2013. BCS, 2013.
• Edmonds, Janica, Mauricio Papa, and Sujeet Shenoi. "Security analysis of multilayer SCADA protocols." Critical Infrastructure Protection. Springer US, 2008. 205-221.
Week 15: Presentations