Teaching at University: CSSS 2510 Cyber Attacks and Defense (2018)

Webster University undergraduate catalog description:

The course provides students with insight on common cyber-attacks and the techniques for identifying, detecting and defending against cybersecurity threats. The course will cover firewalls, intrusion detection/prevention, authentication,
ciphers, cryptography, etc. The course presents emerging technologies such as virtualization, Cloud computing, and multimedia protocols. This course also discusses critical infrastructures and how to protect them. Prerequisite: CSSS 2410 Cybersecurity and Internet architecture

The course contents as of 2018:

Week 1

Advanced Persistent Threats (APT) and response. Case study with in-depth analysis of Indicators of Compromise (IoC), data gathering-transforming-correlating, “threat hunting” and isolation, reporting and communication.

Studying cybersecurity incident phases, OODA loop, and cyber kill chain.

Zero-day malware as APT attack vector – identification, collection, analysis, classification, reporting, signature definition. Introduction to MISP open-source threat intelligence platform.

Zero-day malware code analysis – sandbox static and dynamic scanning with practical hands-on using Cuckoo open-source automated malware analysis system.

Week 2

Distributed Denial-of-Service (DDoS) Attacks and countermeasures with focus on massive Internet of Things (IoT) based botnets. Practical hands-on for identification of vulnerable IoTs using Shodan search engine.

Analysis of the state of the art DDoS mitigation techniques such as fast packet drop with BGP, uRPF, and Exa-BGP.

Week 3

Intrusion detection and honeypots with practical hands-on exercises using intrusion deception system MazeRunner  community edition.

In-class review of market reports on intrusion detection systems (IDS) and security incident and event management (SIEM) systems. Comparison of systems.

How intrusion detection/prevention systems evolved into complex data analysis and decision support systems and related processes. Practical demo of Apache Metron open-source advanced security data analytics system leveraging Apache Hadoop

Week 4

Advanced Firewalls and Intrusion Prevention Systems leveraging machine learning techniques. Practical demo of Apache Spot open-source system for detection of intruders’ lateral movement.


Week 5

Critical infrastructure security and Internet of Things (IoT) security with case study on cyber risks for smart cities/nations initiatives: Singapore and Dubai.

Analysis of  Cloud Security risk planning with focus on Internet of Things (IoT) security.

Week 6

Using Kali linux to test cybersecurity systems.

Introduction to Security Operation Center activities and related business processes.

Week 7

Cybercrime and Computer crime. In-class review of Annual Europol report on cybercrime.


Examples and case studies on detecting crypto-miners.

Week 8

Final exam and presenting individual term-projects.