CS-6264 - Information Security Lab - System & Network Defenses
SND, ISND, ISLND |
Toggle to Select Spcific Semesters
Reviews
To mimic the others, the course is extremely challenging. This is a “lab” course, so the course content isn’t all that in-depth and in order to complete the projects, a significant amount of external reading/learning is required. The Summer 2020 semester did have a curve similar to what was mentioned below, but I believe the size of the curve depends on the class averages, not a defined marker or guarantee.
This was probably the most challenging course I’ve ever taken, across all of undergrad and through 4 masters-level courses here at GA Tech. That’s not entirely a bad thing, as this program is meant to be rigorous, but this course suffered from many of the issues that first-time offerings have, notably that the projects were not quite as refined as they otherwise could have been, and many required a key “aha” moment similar to other classes.
The majority of the grade (90%) was based on 7 projects, with a final exam comprising the last 10% of the grade. Some of these projects were reasonable; others, less so given the time.
Info on those 7 projects follows below - in general, each was supposed to be 2 weeks, but COVID-19 led to some changes later in the semester:
-
ROP Chains. Exploiting an application to read a flag using Return-Oriented Programming. This project was challenging, but well-done, building nicely on the overflow attack from IIS. ~20 hours.
-
Malware analysis. Again, this built (to some degree) on the malware analysis project from IIS, but with a focus on activating and analyzing malware behaviors both statically and via concolic execution. 2/3 of the project was doable, the last binary could have used more guidance. This was the project the class struggled with the most. ~60 hours.
-
Kernel IDS. We had to hook system calls and determine whether or not the actions performed by a binary were anomalous or malicious for different inputs. There was some confusion over alerting on just anomalies, or just malicious behavior. The base concept was workable, but some specific requirements (notably that they wanted anomaly detection to be done via some sort of syscall tracking rather than exempting known good) made it so that this would be very difficult to accomplish in 2 weeks. This was the second-hardest project. ~40 hours.
-
Network IDS. This takes the kernel IDS from project 3, and uses Snort and daemons to capture and analyze binaries sent over the wire. Neat project, relatively doable (as long as project 3 went well). The open-endedness on how this was done was beneficial for this one; it didn’t matter so much how we got to the end result as long as it all worked. ~25 hours.
-
Exploiting Android Webview UI. This one had potential, and wound up being relatively easy. We initially had to exploit flaws in Webviews via two mechanisms, and then implement a solution within an application to mitigate those vulnerabilities. Unfortunately, one of the two flaws was no longer working at the time we did the project. This took what would have been a 5-10 hour project and turned it into a 40-50 hour project. If the second exploit was doable, it probably would have been a 15-20 hour project. As it stands, ~40 hours.
-
Rooting an Android Device. This is a guided project and lab write-up, requiring less coding. As long as you read through the documentation a couple times, it’s not difficult. ~15 hours.
-
Machine learning classification of malware, and mimicry attacks. This was originally a 5-part project, but was later cut to 3. Originally had a one week window, but was extended to about 10 days. Could have used more guidance on this, and there were a number of technical issues. ~30 hours.
The class did end up being curved to an 80 for an A, a 60 for a B, otherwise C. I wouldn’t expect such a generous curve in future semesters. I think the biggest issue was with projects being too large in scope. If this had been cut to 5 or so projects over the course of 15 weeks (3 weeks/project, maybe less for easier projects and more for harder projects), it would have been more reasonable. Others have mentioned recycled content, which is a fair issue to raise, but I think most of the learning in this class came out of projects, and that was fairly reflected in the grading. I really hope they get some of the issues with the first run of this class ironed out, as I definitely learned a lot, but there was much more frustration than there needed to be.
This was the first time this course was offered at Georgia Tech. With the honour of being amongst the pioneers a.k.a guinea pigs, I would highly recommend taking CS 6262 (Network Security) as a prerequisite. CS 7641 (ML) or CS 7646 (ML4T) are optional prerequisites, either one will be required to tackle one of the projects that entails machine learning.
There were a total of seven projects:
-
Return Oriented Programming (ROP): Primarily a CTF project.
-
Malware Analysis: You’ll be given three malware samples; two known and one unknown and you’re expected to assess the samples using both static and dynamic analysis.
-
Kernel Hooking: This task entailed writing a loadable kernel module (lkm) in linux to differentiate malicious from benign activity from a binary sample.
-
Network Intrusion Detection: You are expected to use SNORT in conjunction with shell scripts and a custom daemon to detect both malicious and benign binary files.
-
Exploiting Android Webview UI: Write a javascript code that secretly renders a malicious web page onto the Android browser.
-
Rooting Android: Build over-the-air (OVA) updates to gain a root shell on a locked android device. The entire project was conducted using the Android VM.
-
Malware Detection using ML: You’ll use MLSploit and devise a machine learning model based on extracted static malware features in order to detect an unknown malware sample.
The projects constitute 90% of your grade with the remainder of the grade from a cumulative final exam. Expect a grading curve with the cutoffs for this semester being:
A: 80+
B: 60-79
C: 0-59
On the contrary, this course had several teething problems my primary dissatisfaction being vague and unclear project requirements with the TAs constantly pestled and sought for clarifications.
All in all, I give my thumbs up as the projects were challenging and if you had an open mind you’ll get to learn much.
This was the first semester this class was taught. Never be the first cohort for an OMSCS course.
The lectures are non-existent (it’s all recycled videos from IIS and NS). 90% of your grade are labs and they are ok but highly variable in quality. Some labs are easy the other labs are hard but not in a good way. The instructors sometimes try to insert gotchas so students can distinguish themselves and everyone loses points for lack of clarity. If the entire class misses an objective on a lab I’m pretty sure it wasn’t hard but just ill conceived. For the sake of future students I’m hoping this was due to being the first offering and the labs and content delivery matures. It’s basically the result of Wenke’s IIS and NS class having a baby with Taesoo’s CTF class (binary exploitation). Content and style more like the former (same instructor), emphasis on labs like the latter.