Teaching Network Security With IP Darkspace Data

This paper presents a network security laboratory project for teaching network traffic anomaly detection methods to electrical engineering students. The project design follows a research-oriented teaching principle, enabling students to make their own discoveries in real network traffic, using data captured from a large IP darkspace monitor operated at the University of California, San Diego (UCSD). Although darkspace traffic does not include bidirectional conversations (only attempts to initiate them), it contains traffic related to or actually perpetrating a variety of network attacks originating from millions of Internet addresses around the world. This breadth of coverage makes this darkspace data an excellent choice for a hands-on study of Internet attack detection techniques. In addition, darkspace data is less privacy-critical than other network traces, because it contains only unwanted network traffic and no legitimate communication. In the lab exercises presented, students learn about network security challenges, search for suspicious anomalies in network traffic, and gain experience in presenting and interpreting their own findings. They acquire not only security-specific technical skills but also general knowledge in statistical data analysis and data mining techniques. They are also encouraged to discover new phenomena in the data, which helps to ignite their general interest in science and engineering research. The Vienna University of Technology, Austria, first implemented this laboratory during the summer semester 2014, with a class of 41 students. With the help of the Center for Applied Internet Data Analysis (CAIDA) at UCSD, all exercises and IP darkspace data are publicly available.

[1]  Fuad E. Alsaadi,et al.  Resource Allocation for Multiple Access Channel With Conferencing Links and Shared Renewable Energy Sources , 2015, IEEE Journal on Selected Areas in Communications.

[2]  Ivan Marsá-Maestre,et al.  Using a scenario generation framework for education on system and internet security , 2012, Proceedings of the 2012 IEEE Global Engineering Education Conference (EDUCON).

[3]  Nirwan Ansari,et al.  On Optimizing Green Energy Utilization for Cellular Networks with Hybrid Energy Supplies , 2013, IEEE Transactions on Wireless Communications.

[4]  Moshe Zukerman,et al.  Energy-Efficient Base-Stations Sleep-Mode Techniques in Green Cellular Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[5]  Tiankui Zhang,et al.  Optimal user association for delay-power tradeoffs in HetNets with hybrid energy sources , 2014, 2014 IEEE 25th Annual International Symposium on Personal, Indoor, and Mobile Radio Communication (PIMRC).

[6]  Kimberly C. Claffy,et al.  The Day after Patch Tuesday: Effects Observable in IP Darkspace Traffic , 2013, PAM.

[7]  Paul J. Wagner,et al.  Designing and implementing a cyberwar laboratory exercise for a computer security course , 2004, SIGCSE '04.

[8]  Vijay Bhuse,et al.  Incorporating lab experience into computer security courses , 2013, 2013 World Congress on Computer and Information Technology (WCCIT).

[9]  Mary Micco,et al.  Building a cyberwar lab: lessons learned: teaching cybersecurity principles to undergraduates , 2002, SIGCSE '02.

[10]  Walid Saad,et al.  A college admissions game for uplink user association in wireless small cell networks , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[11]  Hiroshi Nakano,et al.  NVLab, a Networking Virtual Web-Based Laboratory that Implements Virtualization and Virtual Network Computing Technologies , 2010, IEEE Transactions on Learning Technologies.

[12]  Eitan Altman,et al.  A game theoretic approach for the association problem in two-tier HetNets , 2013, Proceedings of the 2013 25th International Teletraffic Congress (ITC).

[13]  Henry L. Owen,et al.  Georgia tech information security center hands-on network security laboratory , 2006, IEEE Transactions on Education.

[14]  Mostafa H. Ammar,et al.  Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme , 2004, Comput. Networks.

[15]  Marco Chiesa,et al.  Analysis of country-wide internet outages caused by censorship , 2011, IMC '11.

[16]  Zhi-Quan Luo,et al.  Distributed Linear Precoder Optimization and Base Station Selection for an Uplink Heterogeneous Network , 2012, IEEE Transactions on Signal Processing.

[17]  J. Gosby,et al.  Research and Teaching: Beyond the Divide , 2007 .

[18]  John A. Copeland,et al.  The Design of NetSecLab: A Small Competition-Based Network Security Lab , 2011, IEEE Transactions on Education.

[19]  Tanja Zseby,et al.  A Network Steganography Lab on Detecting TCP/IP Covert Channels , 2016, IEEE Transactions on Education.