Home Research Education Publications Activities Resources About Me

Advanced Network Security 2020

Contents: | Introduction | Goals | Topics | Schedule | Additional information |

This is the main web site for the Advanced Network Security (NWI-IMC050) of the TRU/e security master.

For information about last year's (2019) course, see here.

This is the last year this course will be taught in this form. Starting 2021, the course will be taught with different teachers and likely change content as a result.


The Advanced Network Security course builds on the bachelor course on Network Security. Where the bachelor course is quite hands on, this master course is of a more theoretical nature.

The course is split in two quite separate and independent parts.

The first part covers a more theoretical approach towards protecting availability in distributed systems, based on the theory of distributed algorithms. We explore two approaches to fault tolerance as a means to increase the robustness and hence the availability of the overall distributed system. The second part covers more advanced, traditional network security topics.


The course code is NWI-IMC050.

The teachers are Jaap-Henk Hoepman and Harald Vranken.


After the course the student will


The course covers the following topics.

Schedule (spring 2020)

Lectures take place from 13:30 to 15:15 on Monday. From February 3 to March 16 in HG 00.071. From April 13 to June 8 in room HG 00.062. (Note the room changes)

Slides of presentations that are available are linked from here. The links are released after the lecture. The same goes for the take home exercises.

Below you find a (tentative) schedule of the course.

Date Topic Literature Assignments and solutions
February 3 Introduction to distributed algorithms : slides Papers:
- L. Lamport, "Time, Clocks, and the Ordering of Events in a Distributed System." Communications of the Association for Computing Machinery 21, no. 7 (July 1978): 558-565. (upto the section called "Physical clocks")
February 10 'Prevention' and 'Intrusion detection systems and netflows: slides Papers:
- Rick Hofstede, Pavel Čeleda, Brian Trammell, Idilio Drago, Ramin Sadre, Anna Sperotto, Aiko Pras, "Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX", IEEE Communications Surveys & Tutorials (Volume: 16, Issue: 4, Fourthquarter 2014).
Additional, optional, reading::
- Rick Hofstede, Vaclav Bartos, Anna Sperotto, Aiko Pras: Towards real-time intrusion detection for NetFlow and IPFIX. Proceedings 9th International Conference on Network and Service Management (CNSM), 2013
- Rick Hofstede, Luuk Hendriks, Anna Sperotto, Aiko Pras: SSH Compromise Detection using NetFlow/IPFIX. ACM SIGCOMM Computer Communication Review archive, Volume 44, Issue 5, Oct. 2014, p. 20-26
- Anna Sperotto, Ramin Sadre, Pieter-Tjerk de Boer, and Aiko Pras: Hidden Markov Model Modeling of SSH Brute-Force Attacks. Lecture Notes in Computer Science, vol. 5841, 2009, Springer, p. 164-176
- Laurens Hellemons, Luuk Hendriks, Rick Hofstede, Anna Sperotto, Ramin Sadre and Aiko Pras: SSHCure: A Flow-Based SSH Intrusion Detection System Lecture Notes in Computer Science, vol. 7279, 2012, Springer, p. 86-97.
February 17 Economics/governance of network security: slides Papers:
- Why information security is hard ‐ an economic perspective Ross Anderson Proceedings 17th Annual Computer Security Applications Conference (ACSAC), 2001
- So long, and no thanks for the externalities: the rational rejection of security advice by users Cormac Herley Proceedings of the 2009 workshop on New security paradigms workshop (NSPW)  
Additional, optional, reading::
- ‘Hacks, sticks and carrots’ by prof.dr. Michel van Eeten
- Economics of fighting botnets: lessons from a decade of mitigation H. Asghari, M.J.G. van Eeten, J.M. Bauer IEEE Security & Privacy, September/October 2015, 16‐23
- Cybersecurity: Stakeholder incentives, externalities, and policy options J.M.Bauer & M.J.G. van Eeten Telecommunications Policy 33(2009):706–719
February 24 (no lecture)
March 2 Distributed Algorithms: Leader Election: slides Papers:
- G.L. Peterson, "An O(n log n) unidirectional algorithm for the circular extrema problem". ACM TOPLAS 4 (1982), 758–762.
March 9 Distributed Algorithms: Mutual Exclusion: slides Papers:
- L. Lamport, "A new solution of Dijkstra’s concurrent programming problem." Commun. ACM 18, 8 (1974), 453–455.
March 16 Wifi security slides
Note: this course will be taught online, see announcement in Brightspace.
- S. Brenza, A. Pawlowski, and C. Pöpper: A Practical Investigation of Identity Theft Vulnerabilities in Eduroam Proceedings 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 2015
- M. Vanhoef and F. Piessens: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Proceedings 24th ACM Conference on Computer and Communication Security, 2017 (Note: you may skip sections 4, 5, and 7)
March 23 (no lecture)
March 30 (no lecture)
April 6 (no lecture)
April 13 (no lecture)
April 20 Self-Stabilisation: slides Papers:
- E.W. Dijkstra, "Self-Stabilizing Systems in Spite of Distributed Control." Communications of the Association for Computing Machinery 17, no. 11 (November 1974): 643-644.
April 27 (no lecture)
May 4 Joeri de Ruiter, "Routing security: BGP and future internet architecture" slides Papers:
The SCION Internet Architecture - An Internet Architecture for the 21st Century David Barrera, Laurent Chuat, Adrian Perrig, Raphael M. Reischuk, Pawel Szalachowski Communications of the ACM 60 (6), June 2017
May 11 Agreement and consensus I: concepts and protocols for crash failures: slides Papers:
- M. Pease, R. Shostak, L. Lamport. "Reaching Agreement in the Presence of Faults" (PDF). Journal of the ACM. 27 (2): 228–234, April 1980.
May 18 Agreement and consensus II: handling Byzantine failures: slides Papers:
- L. Lamport, R. Shostak, M. Pease, "The Byzantine Generals Problem", ACM TOPLAS 4(3), pp. 382-401, July 1982.
May 25 Botnets slides Papers:
- Sheharbano Khattak, Naurin Rasheed Ramay, Kamran Riaz Khan, Affan A. Syed, and Syed Ali Khayam: "A Taxonomy of Botnet Behavior, Detection, and Defense"
June 1 (no lecture)
June 8 Fabian v.d. Broek "Mobile telephony security" slides Papers:
Chapters 2 and 3 of "Mobile communicaton security", Fabian van den Broek, PhD thesis, 2016


Exams for 2020 are scheduled as follows:

Example exams:

Additional information

The course will consist of traditional lectures, supplemented with take home exercises. There is a final written exam.  

Last Version -
(Note: changeover from CVS to dotless svn version numbers on Jan 19, 2008, and changeover to GIT versioning on May 30, 2013.)
Maintained by Jaap-Henk Hoepman
Email: jhh@cs.ru.nl