The course provides students with insight on common cyber-attacks and the techniques for identifying, detecting and defending against cybersecurity threats. The course will cover firewalls, intrusion detection/prevention, authentication,
ciphers, cryptography, etc. The course presents emerging technologies such as virtualization, Cloud computing, and multimedia protocols. This course also discusses critical infrastructures and how to protect them. Prerequisite: CSSS 2410 Cybersecurity and Internet architecture
The course contents as of 2018:
Advanced Persistent Threats (APT) and response. Case study with in-depth analysis of Indicators of Compromise (IoC), data gathering-transforming-correlating, “threat hunting” and isolation, reporting and communication.
Studying cybersecurity incident phases, OODA loop, and cyber kill chain.
Zero-day malware as APT attack vector – identification, collection, analysis, classification, reporting, signature definition. Introduction to MISP open-source threat intelligence platform.
Zero-day malware code analysis – sandbox static and dynamic scanning with practical hands-on using Cuckoo open-source automated malware analysis system.
Distributed Denial-of-Service (DDoS) Attacks and countermeasures with focus on massive Internet of Things (IoT) based botnets. Practical hands-on for identification of vulnerable IoTs using Shodan search engine.
Analysis of the state of the art DDoS mitigation techniques such as fast packet drop with BGP, uRPF, and Exa-BGP.
Intrusion detection and honeypots with practical hands-on exercises using intrusion deception system MazeRunner community edition.
In-class review of market reports on intrusion detection systems (IDS) and security incident and event management (SIEM) systems. Comparison of systems.
How intrusion detection/prevention systems evolved into complex data analysis and decision support systems and related processes. Practical demo of Apache Metron open-source advanced security data analytics system leveraging Apache Hadoop
Advanced Firewalls and Intrusion Prevention Systems leveraging machine learning techniques. Practical demo of Apache Spot open-source system for detection of intruders’ lateral movement.
Analysis of Cloud Security risk planning with focus on Internet of Things (IoT) security.
Using Kali linux to test cybersecurity systems.
Introduction to Security Operation Center activities and related business processes.
Cybercrime and Computer crime. In-class review of Annual Europol report on cybercrime.
Examples and case studies on detecting crypto-miners.
Final exam and presenting individual term-projects.