Arvutivõrkude ründed ja kaitse (kevad 2007)


Registreerumine: Kursus toimub IKT doktorikooli raames ja on kõigepealt doktorantidele, aga teretulnud on ka magistrandid, samuti infoturbe praktikud. Kursusele registreerumiseks saata meil Tarmo Uustalule aadressil firstname(at)cs.ioc.ee. Tähtaeg: R 30.3.2007. Aine deklareerimine õppeinfosüsteemis on võimalik hiljem.


Kood: ITT9210

Punkte: 2.0 AP

Tunde: 16 tundi loenguid ja harjutusi

Tunniplaan: loengud E 2.4., T 3.4, K 4.4., N 5.4.2007 kl 14-15.30 ja 16-17.30 Küberneetika Maja (Akadeemia tee 21) ruumis B101 (NB! muutunud ruum!)

Kontrollivorm: eksam

Eksam: Eksamihinde saamiseks tuleb lahendada komplekt koduülesandeid/teostada miniprojekt. Tähtaeg E 23.4.2007!

Õppejõud: prof. Igor Kotenko, Alexander Ulanov, Computer Security Group, St. Petersburg Institute for Informatics and Automation of the Russian Academy of Science

Kontakt: Monika Oit, monica(at)cyber.ee


Kursus toimub RAKi Meetme 1.1 IKT doktorikooli projekti raames.


Computer Network Attacks and Defense Mechanisms: Simulation and Analysis

prof. Igor Kotenko, Alexander Ulanov
Computer Security Group
St. Petersburg Institute for Informatics and Automation of the Russian Academy of Science

Abstract

The course is devoted to presenting the state of the art in computer network attacks and defense and the perspective developments in the area of attack and defense modeling and simulation, security policy verification and security analysis. We consider the taxonomies, methods and examples of DDoS attacks and defense implementations, the approaches to their modeling and simulation, the developed software environment for attacks and defense simulation based on OMNeT++ Internet framework, agent-based simulation of DDoS attacks and defense, modeling and simulation of network worms (viruses) and defense against them, policy based approach to computer network security, security policy verification and attack graph based security analysis. The developed software environment for attacks and defense simulation can be characterized by three main peculiarities: agent-oriented approach to simulation, packet-based imitation of network security processes, and open library of attacks and de fense mechanisms. The approach to security evaluation is based on comprehensive simulation of malefactor's actions, construction of attack graphs and computation of different security metrics. The implemented software systems are described, and the examples of experiments are demonstrated.

Course plan

Monday, 2 April: 4 h lectures

Tuesday, 3 April: 4 h lectures

Wednesday, 4 April, 2007: 2 h lectures, 2 h practicals

Thursday 5 April, 2007: 2 h lectures, 2 h practicals

CV of Igor Kotenko

Igor Vitalievich Kotenko, Prof. of Computer Science, Head of Computer Security Research Group, St. Petersburg Institute for Informatics and Automation of the Russian Academy of Science. Graduated with honors from St. Petersburg Academy of Space Engineering (Department of Telecommunication and Computer-Aided Systems) (1983) and St. Petersburg Signal Academy (Department of Computer-Aided systems) (1987), received his PhD degree (1990) and Doctor of Technical Sciences degree (1999) in the area "Telecommunication Systems Control", professor of computer science since 2001. Research interests and main publications are related to the areas of Computer network security, Telecommunication systems, Computer-aided decision support, Artificial intelligence, including multiagent frameworks and systems, agent-based modeling and simulation, soft and evolutionary computing, machine learning, data mining, data and information fusion. He has a high experience in the research on formal methods, multiagent systems, network security and participated in several international projects. For example, he was a project leader in the research projects of EU FP6, US Air Force research department, via its EOARD (European Office of Aerospace Research and Development) branch, the projects sponsored by Intel and HP, etc. He is the author of more than 400 scientific works, including 12 textbooks and monographs. He was a speaker on the multitude of international conferences and workshops, including International Symposium on Recent Advances in Intrusion Detection (RAID), Information Security Conference (ISC), International Conference on Security and Cryptography (SECRYPT), IEEE International Conference on Computer Networks and Mobile Computing, International Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), IEEE/WIC International Conference on Intelligent Agent Technology, International Conference on Information Fusion, European Conference on Modelling and Simulation, etc. He is member of Russian and European Associations of Artificial Intelligence (RAAI, EAAI), IEEE and Computer Societies, ACM, Institute for Systems and Technologies of Information, Control and Communication (INSTICC), International Society of Information Fusion (ISIF). He has served as PC member and chair of several International Conferences, for example in 2006-2007 years he has been a PC member of the 3rd International Workshop on Safety and Security in Multiagent Systems (SASEMAS '06, Hakodate, Japan), the 4th International Workshop on Formal Aspects in Security&Trust (FAST 2006, Hamilton, Ontario, Canada), the International Conference on Hybrid Information Technology (ICHIT 2006, Cheju Island, Korea), the International Conference on Bio-Inspired Computer Science and Applications (BIONETICS, Madonna di Campiglio, Italy), the 3rd Indian International Conference on Artificial Intelligence (IICAI '07, Pune, India), the International Conference "Mathematical Methods, Models and Architectures for Computer Networks Security" (MMMACNS '07, St. Petersburg, Russia), the 3rd International Workshop "Information Fusion and Geographical Information Systems" (IF&GIS '07, St.Petersburg, Russia), etc.

Course material

Software (for Windows XP/2000)


Viimane uuendus 9.4.2007