| Instructor: | Prof. Justin P. Rohrer |
| Office: | Glasgow East 118 |
| Office Phone: | +1 831 656 3196 |
| E-mail: | jprohrer@nps.edu (preferred) |
Under normal circumstances I would be happy to answer questions in person and you are welcome to drop by my office at any time, however with maximum telework in effect this quarter we will be relying primarily on the Sakai Forums for answering questions.
CS4558 Network Traffic Analysis (3-2) explores fundamentals of packet-switched network traffic analysis at the network layer and above as applied to problems in traffic engineering, economics, security, etc. Explores the design and integration of analytic tools and techniques into the fabric of the network including: spatial and temporal anomaly detection, origin-destination matrix estimation, application mix determination, deep-packet inspection, fingerprinting, intrusion detection and insider threat mitigation. Finally, the course covers active defense and offensive methods reliant on traffic analysis.
Upon successful completion of the course, the student shall be able to state the role of network traffic analysis in network engineering, security, and optimization. The student will be able to enumerate and explain the observable characteristics of networks and network devices and how to use these characteristics as discriminators. Through laboratory reinforcement, students will gain an understanding of defensive and offensive operational traffic analysis techniques including: spatial and temporal anomaly detection, origin-destination traffic matrix estimation, application and workload mix determination, deep-packet inspection, network and device tomography, and intrusion detection. Students will learn tools and techniques appropriate to proactive and reactive situations for either internal or external network traffic analysis. Finally, students will gain an understanding of the basic legal issues associated with network monitoring.
A mix of interactive lectures and problem solving exercises will be used to investigate the topic material in class. Students are responsible for reading the material in the text that supports each topic of discussion prior to its presentation. Supplemental material may be provided as necessary to augment material in the text. Our schedule will evolve over the duration of the quarter; check back frequently as this website is the primary mode of coordination.
The Computer Science Department has provided a 1-page documents to establish guidelines for participation in distance-learning classes, and it is available on Sakai named DL Norms and Expectations.pdf under “Resources”. The goal of providing this is to maintain the quality of the learning environment to be as close as possible to in-person class periods.
None. Use the course website for papers, lectures, and handouts.
| Component | Number | Fraction |
|---|---|---|
| Labs | 5 | 50% |
| Midterm | 1 | 20% |
| Final | 1 | 20% |
| Quizzes | 5 | 10% |
Late work accrues a penalty of 10% off per day.
Academic honesty: abide by the NPS Honor Code, no exceptions.
As this is an applied course on network traffic analysis, there is a strong emphasis on the labs which account for a significant portion of your grade. Labs will be assigned on the web site and will be worked on both in and out of lab time. During lab time, the professor will be available to assist. Some labs may span multiple weeks: due dates will be posted on the class schedule. You may discuss your lab with others in the class, but your solutions and writeup must be your own. You must list all collaborators.
Labs should be turned in via the CLE website under the assignments section. The writeup should be in PDF format. No other formats accepted.
We will have one midterm exam during a regularly-scheduled lab period, and one final exam during the final week of class. At the discretion of the instructor, exams may be delivered online via the Sakai website.
Abide by the NPS Honor Code, no exceptions.
As stated in the NPS Student Information Handbook and Academic Honor Code, all students are expected to complete their own work, understand and avoid plagiarism, and follow NPS policy on academic integrity and honesty. Anyone found violating these standards will be punished. Simply put: Give others credit for their ideas and do not misrepresent others work, words, or creations as your own. If you have any questions, ask before you submit your papers!
NPS uses Chicago notes-bibliography style for citing. Proper citing is a requirement for academic papers and good practice for writing your thesis. For reference please see http://libguides.nps.edu/citation/chicagonb.
Use of the GWC is optional, but highly recommended if tech- nical writing is not your strong suit. Consultation could involve anything from brainstorming, dissecting readings, outlining, organization, argumentation, grammar, punctuation, citing, or paraphrasing. See https://my.nps.edu/web/gwc/meet-with-a-writing-coach. The Graduate Writing Center (GWC), located on the first floor of the Dudley Knox Library and at https://my.nps.edu/web/gwc, is a resource for all NPS students, regardless of their comfort or proficiency with academic writing. The center offers one-to-one coaching, hands- on workshops, and online and hard-copy reference materials to support students throughout their time at NPS.
Any student who feels he or she may need an accommodation based on the negative impact of a disability on their work should contact their program officer and professor to discuss specific needs. Please see https://my.nps.edu/web/gwc/special-needs-reasonable-accommodation for more information.