COMP 5900 E/CSI 5139 IF00 (Fall 2021): Internet Measurements and Security [T, S]

General Course Information

Course Summary

The course covers measurement methodologies for understanding complex Internet phenomena and behaviors including the spread of vulnerabilities, remote network topologies, attack patterns, content popularity, Internet censorship, service quality, adoption of security systems, tools for efficient measurements, large-scale data analysis, stats, reproducibility of results, and ethical considerations.

Grading Scheme

The course has the following grading scheme:

The 20% on reading responses will be distributed across all the papers we discuss in class. The reading response is not a summary of the paper, rather a critical "review". This review includes the paper's strengths and weaknesses, as well as the student's own opinion about the paper's motivation, methodology, evaluation, and findings. The deadline for emailing the reading response is five minutes before the beginning of each class (i.e., Wednesday at 2:30pm), for all nine student-lead classes (i.e., Weeks 3 — 7 and 9 — 12; see outline below).

The 15% of in-class involvement will likewise be distributed across the entire course, 1.67% each class for all nine student-lead classes. You need to be actively involved in the discussions, e.g., asking questions, and commenting on the explanations made by the discussion leader or project presenter. All students are required to read and understand the papers being discussed in class, as illustrated by the above requirement of reading responses.

The 25% paper discussion lead is merited based on the students' qualities of presenting papers. Your presentation needs to be as detailed as possible. The presenter/leader must understand the paper quite well, and prepare a slide deck to present a 30-45 minutes presentation explaining the paper. Make sure to cover clearly the paper's objectives, the aspects it is trying to measure, the evaluations used (if any), precautions the authors have taken to (1) ensure the reproducibility of their findings and/or (2) address ethical considerations. Review this guide to a good presentation (by Professor Püschel, ETH Zürich). Each student is required to sign-up for two papers to present throughout the term. Each presentation is worth 12.5%, which will be commensurate with: the depth of your technical understanding (6%), the quality and professionalism of the presentation (4%), and question handling (2.5%). Selected papers do not have to be on the same day; they could be, but it might be a lot of work for a student to present two papers on one day. The deadline for signing-up to leading two paper discussions is Wednesday, September 15. Papers (in the outline below) under "Additional Readings" are optional, but if you like to choose any of these to discuss as a mainstream paper of a class, let me know.

Finally, the 40% of the project is distributed as follows: 6% planning (including in-class pitch and project proposal), 5% presentation, and 29% on the final report. Every student is required to think about project ideas and discuss them with me. Upon receiving a verbal agreement, students will be required to submit a written 1-page project proposal detailing the project objectives, methodology, and citing relevant literature. The deadline for establishing your project idea, and emailing me the written project proposal is October 6. Note that in order to meet this deadline, students will be required to discuss ideas with me early on before they write a proposal. Start thinking about projects early in the course. Don't leave it to the last minute. To decide on a project topic, you may build-upon security research published in previous IMC venues: 2020, 2019, 2018, 2017, 2016. You can also lookup papers in the last 2-3 years from IEEE S&P (2021, 2020, 2019), USENIX Security Symposium (2021, 2020, 2019), NDSS (2021, 2020, 2019), and ACM CCS (2020, 2019 and 2018). Other venues including: Springer Passive and Active Measurements (PAM), Network Traffic Measurement and Analysis (TMA), and ACM Conference on emerging Networking EXperiments and Technologies (CoNext). There are also several occasional measurements workshops like NDSS MADWeb, FOCI, WPEZ. Everyone must then present an 8-minute project pitch in class, ideally using a single slide, on October 13. Finally, the deadline to email the final project report is December 17, at 11:59pm EST (Ottawa time). You are highly encouraged to use LaTeX to prepare your final report. However, feel free to use any document-generation tool, so long as you email me a PDF of your report. The report should not exceed 15 pages in the standard IEEE double-column conference format.

Summary of deliverables: In summary, over the course of the term, each student will deliver:

All above deadlines are firm. Missing deadlines will be subject to point deductions.

Page Updates and Action Items

Course Outline

Week Date Topic Material
Week 1 Sep 8 Introduction Case Studies: Additional Readings:
Week 2 Sep 15 Measurement Tools Tools: Additional Readings: See also: Twitter's random tweets API, Alexa's top 1M sites (and relevant snallygaster tool) and Tranco list, RIPE Atlas, Caida Ark, Shodan, Luminati, ProxyRack, Infatica, Internetwache, Selenium browser,, Certs databse, thingful, OpenIntel (for DNS measurements).
Week 3 Sep 22 DNS Security Additional Readings:
Week 4 Sep 29 Internet Vulnerability Analysis Additional Readings:
Week 5 Oct 6 Adoption of Internet Security Systems Additional Readings:
Week 6 Oct 13 Privacy and Tracking
(and project pitches)
Week 7 Oct 20 HTTPS and TLS Additional Readings:
Week 8 Oct 27 Fall Break. (No Class)
Week 9 Nov 3 Internet Measurements for Social, Security, and Economic Analysis
Week 10 Nov 10 Internet Censorship See also:
Week 11 Nov 17 Analyzing Attacks
Week 12 Nov 24 Internet Core Additional Readings (non-security):
Week 13 Dec 1 Final Project Presentations
  • [Felipe] The Impact of COVID-19 on Phishing Campaigns
  • [Payam] An Investigation of Vulnerabilities in IoT Devices Using Shodan
  • [Vathsan] Automated Measurement of Two-factor Authentication Support in Banking Sites
Week 14 Dec 8 Final Project Presentations
  • [Abdul Aziz] Measuring the Relationship Between Tweets and Trends: An Empirical Study
  • [William] Characterizing the Adoption of Security.txt Files and their Applications to Vulnerability Notification
  • [Conner] Inconsistencies and Vulnerabilities of IoT Software Update Servers
Week ∞ Dec 17 Final project report due (No class)

School of Computer Science Policies

Undergraduate Academic Advisor The Undergraduate Advisor for the School of Computer Science is available in Room 5302C HP; by telephone at 520-2600, ext. 4364; or by email at The undergraduate advisor can assist with information about prerequisites and preclusions, course substitutions/equivalencies, understanding your academic audit and the remaining requirements for graduation. The undergraduate advisor will also refer students to appropriate resources such as the Science Student Success Centre, Learning Support Services and Writing Tutorial Services.

SCS Computer Laboratory. SCS students can access one of the designated labs for your course. The lab schedule can be found at: All SCS computer lab and technical support information can be found at: Technical support is available in room HP5161 Monday to Friday from 9:00 until 17:00 or by emailing

Faculty of Science Policies

Academic Integrity violations within the Faculty of Science. Students found in violation of the Student Academic Integrity Policy (below) in Computer Science (COMP) courses are subject to severe penalties, as detailed at the Office of the Dean of Science (ODS) page. If you are unsure of the expectations regarding academic integrity (how to use and cite references, how much collaboration with lab- or class-mates is appropriate), ASK your instructor or the head TA for your labs. Sharing assignment or quiz specifications or posting them online (to sites such as Chegg, CourseHero, OneClass) is considered academic misconduct. You are never permitted to post, share, or upload course materials without explicit permission from your instructor.

University Policies

For information about Carleton's academic year, including registration and withdrawal dates, see Carleton' Calendar.

Pregnancy Obligation. Please contact your instructor with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to exist. For more details, visit Equity Services.

Religious Obligation. Please contact your instructor with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to exist. For more details, visit Religious/Spiritual Observances.

Academic Accommodations for Students with Disabilities. If you have a documented disability requiring academic accommodations in this course, please contact the Paul Menton Centre for Students with Disabilities (PMC) at 613-520-6608 or for a formal evaluation or contact your PMC coordinator to send your instructor your Letter of Accommodation at the beginning of the term. You must also contact the PMC no later than two weeks before the first in-class scheduled test or exam requiring accommodation (if applicable). After requesting accommodation from PMC, meet with your instructor as soon as possible to ensure accommodation arrangements are made.

Survivors of Sexual Violence. As a community, Carleton University is committed to maintaining a positive learning, working and living environment where sexual violence will not be tolerated, and survivors are supported through academic accommodations as per Carleton's Sexual Violence Policy. For more information about the services available at the university and to obtain information about sexual violence and/or support, visit this page.

Accommodation for Student Activities. Carleton University recognizes the substantial benefits, both to the individual student and for the university, that result from a student participating in activities beyond the classroom experience. Reasonable accommodation must be provided to students who compete or perform at the national or international level. Please contact your instructor with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to exist. More information can be found here.

Medical Certificate. Please use the official medical certificate form for the deferral of assignments due to medical reasons.

Student Academic Integrity Policy. Every student should be familiar with the Carleton University student academic integrity policy. A student found in violation of academic integrity standards may be awarded penalties which range from a reprimand to receiving a grade of F in the course or even being expelled from the program or University. Some examples of punishable offences include: plagiarism and unauthorized co-operation or collaboration. Information on this policy may be found here.

Plagiarism. As defined by Senate, "plagiarism is presenting, whether intentional or not, the ideas, expression of ideas or work of others as one's own". Such reported offences will be reviewed by the office of the Dean of Science. First offence, first-year students (< 4.0 cr): Final grade reduction of one full grade (e.g., A- becomes a B-, if that results in an F, so be it). First offence (everyone else): F in the course. Second offence: One-year suspension from program. Third offence: Expulsion from the University. Note: these are minimum penalties. More-severe penalties will be applied in cases of egregious offences (e.g., a first-year student accessing Brightspace from their phone during an exam will be given an F in the course; bribing a faculty member for a better grade would be grounds for suspension, etc.)

Unauthorized Co-operation or Collaboration. Senate policy states that "to ensure fairness and equity in assessment of term work, students shall not co-operate or collaborate in the completion of an academic assignment, in whole or in part, when the instructor has indicated that the assignment is to be completed on an individual basis". Please refer to the course outline statement or the instructor concerning this issue.