Instructor: | Prof. Justin P. Rohrer |
Office: | Glasgow East 339 |
Office Phone: | 831-656-3196 |
E-mail: | jprohrer@nps.edu (preferred) |
I am happy to answer questions via email and/or in person and you are welcome to drop by my office at any time. I am often out of my office due to teaching or meetings, so recommend scheduling a time to meet if you are going to be making a special trip to my office.
Section 1 | Lecture (GE-122): | MTh 14:00–14:50, W 12:00–12:50 |
Lab (GE-122): | W 13:00–14:50 | |
Section 2 | Lecture (GE-122): | MTTh 11:00–11:50 |
Lab (GE-122): | M 15:00–16:50 | |
Both | Final (GL-122): | W 08:00–09:50 |
Upon successful completion of the course, the student shall be able to state the role of network traffic analysis in network engineering, security, and optimization. The student will be able to enumerate and explain the observable characteristics of networks and network devices and how to use these characteristics as discriminators. Through laboratory reinforcement, students will gain an understanding of defensive and offensive operational traffic analysis techniques including: spatial and temporal anomaly detection, origin-destination traffic matrix estimation, application and workload mix determination, deep-packet inspection, network and device tomography, and intrusion detection. Students will learn tools and techniques appropriate to proactive and reactive situations for either internal or external network traffic analysis. Finally, students will gain an understanding of the basic legal issues associated with network monitoring.
Explores fundamentals of packet-switched network traffic analysis at the network layer and above as applied to problems in traffic engineering, economics, security, etc. Explores the design and integration of analytic tools and techniques into the fabric of the network including: spatial and temporal anomaly detection, origin-destination matrix estimation, application mix determination, deep-packet inspection, fingerprinting, intrusion detection and insider threat mitigation. Finally, the course covers active defense and offensive methods reliant on traffic analysis.
A mix of interactive lectures and problem solving exercises will be used to investigate the topic material in class. Students are responsible for reading the material in the text that supports each topic of discussion prior to its presentation. Supplemental material may be provided as necessary to augment material in the text. Our schedule will evolve over the duration of the quarter; check back frequently as this website is the primary mode of coordination.
None. Use the course website for papers, lectures, and handouts.
Component | Number | Fraction |
---|---|---|
Labs | 5 | 45% |
Midterm | 1 | 20% |
Final | 1 | 20% |
Quizzes | 5 | 10% |
Participation | <∞ | 5% |
Late work accrues a penalty of 10% off per business day.
Academic honesty: abide by the NPS Honor Code, no exceptions.
As this is an applied course on network traffic analysis, there is a strong emphasis on the labs which account for 45% of your grade. Labs will be assigned on the web site and will be worked on both in and out of lab time. During lab time, the professor will be available to assist. Some labs will span multiple weeks: due dates will be posted on the class schedule. You may discuss your lab with others in the class, but your solutions and writeup must be your own. You must list all collaborators.
Labs should be turned in via the CLE website under the assignments section. The writeup should be in PDF format. No other formats accepted.