COMP 5900 E/CSI 5139 IE00 (Fall 2022): Internet Measurements and Security [T, S]


General Course Information


Course Summary

The course covers measurement methodologies for understanding complex Internet phenomena and behaviors including the spread of vulnerabilities, remote network topologies, attack patterns, content popularity, Internet censorship, service quality, adoption of security systems, tools for efficient measurements, large-scale data analysis, stats, reproducibility of results, and ethical considerations.


Grading Scheme

The course has the following grading scheme:

The 20% on reading responses will be distributed across all the papers we discuss in class. The reading response is not a summary of the paper, rather a critical "review". This review includes the paper's strengths and weaknesses, as well as the student's own opinion about the paper's motivation, methodology, evaluation, and findings. The deadline for emailing the reading response is five minutes before the beginning of each class (i.e., Tuesday at 2:30pm), for all eight student-led classes (i.e., Weeks 3, 5, 6, 8, 9, 10, 11, and 12; see outline below).

The 15% of in-class involvement will likewise be distributed across the entire course, 1.88% each class for all eight student-lead classes. You need to be actively involved in the discussions, e.g., asking questions, and commenting on the explanations made by the discussion leader or project presenter. All students are required to read and understand the papers being discussed in class, as illustrated by the above requirement of reading responses.

The 25% paper discussion lead is merited based on the students' qualities of presenting papers. Your presentation needs to be as detailed as possible. The presenter/leader must understand the paper quite well, and prepare a slide deck to present a 30-45 minutes presentation explaining the paper. Make sure to cover clearly the paper's objectives, the aspects it is trying to measure, the evaluations used (if any), precautions the authors have taken to (1) ensure the reproducibility of their findings and/or (2) address ethical considerations. Review this guide to a good presentation (by Professor Püschel, ETH Zürich). Each student is required to sign-up for two papers to present throughout the term. Each presentation is worth 12.5%, which will be commensurate with: the depth of your technical understanding (6%), the quality and professionalism of the presentation (4%), and question handling (2.5%). Selected papers do not have to be on the same day; they could be, but it might be a lot of work for a student to present two papers on one day. The deadline for signing-up to leading two paper discussions is Tuesday, September 20. Papers (in the outline below) under "Additional Readings" are optional, but if you like to choose any of these to discuss as a mainstream paper of a class, let me know.

Finally, the 40% of the project is distributed as follows: 6% planning (including in-class pitch and project proposal), 5% presentation, and 29% on the final report. Every student is required to think about project ideas and discuss them with me. Upon receiving a verbal agreement, students will be required to submit a written 1-page project proposal detailing the project objectives, methodology, and citing relevant literature. The deadline for establishing your project idea, and emailing me the written project proposal is October 11. Note that in order to meet this deadline, students will be required to discuss ideas with me early on before they write a proposal. Start thinking about projects early in the course. Don't leave it to the last minute. To decide on a project topic, you may build-upon security research published in previous IMC venues: 2021, 2020, 2019, 2018, 2017. You can also lookup papers in the last 2-3 years from IEEE S&P (2022, 2021, 2020), USENIX Security Symposium (2022, 2021, 2020), NDSS (2022, 2021, 2020), and ACM CCS (2021, 2020 and 2019). Other venues including: Springer Passive and Active Measurements (PAM), Network Traffic Measurement and Analysis (TMA), and ACM Conference on emerging Networking EXperiments and Technologies (CoNext). There are also several occasional measurements workshops like NDSS MADWeb, FOCI, WPEZ. Everyone must then present an 8-minute project pitch in class, ideally using a single slide, on October 18. Finally, the deadline to email the final project report is December 20, at 11:59pm EST (Ottawa time). You are highly encouraged to use LaTeX to prepare your final report. However, feel free to use any document-generation tool, so long as you email me a PDF of your report. The report should not exceed 15 pages in the standard IEEE double-column conference format.

Summary of deliverables: In summary, over the course of the term, each student will deliver:

All above deadlines are firm. Missing deadlines will be subject to point deductions.



Page Updates




Course Outline


Week Date Topic Material
Week 1 Sep 13 Introduction Case Studies: Additional (optional) Readings:
Week 2 Sep 20 Measurement Tools Tools: Additional (optional) Readings: See also: Datasets and Measurement tools
Week 3 Sep 27 DNS Security Additional (optional) Readings:
Week 4 Oct 4 Class Cancelled (No class)
Week 5 Oct 11 Adoption of Internet Security Systems Additional (optional) Readings:
Week 6 Oct 18 Privacy and Tracking
(and project pitches)
Additional (optional) Readings:
Week 7 Oct 25 Fall Break. (No Class)
Week 8 Nov 1 HTTPS and TLS Additional (optional) Readings:
Week 9 Nov 8 Hate, Harassment, and Online Abuse
Week 10 Nov 15 Internet Censorship
Week 11 Nov 22 Analyzing Attacks Additional (optional) Readings:
Week 12 Nov 29 Internet Core Additional Readings (non-security):
Week 13 Dec 6 Final Project Presentations
Week ∞ Dec 20 Final project report due (No class)