EECS4080

User Tools

Site Tools

You are here: EECS 4080.03 » Previous projects
Trace:
ongoing

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
ongoing [2013/04/19 20:29] mbongoing [2014/12/04 21:28] (current) – Added assigned projects stevenc
Line 1: Line 1:
 ====== Previous projects ====== ====== Previous projects ======
 +
 +
 +====== Hunting for Bugs in Logging: applying JPF to log4j ======
 +
 +**Supervisor:** Franck van Breugel
 +
 +Description:
 +Java PathFinder (JPF) is a tool that can detect bugs in Java code.
 +The Java library Apache log4j allows developers to control which log
 +statements are output.  In the past, Dickey et al. [1] have attempted
 +to detect bugs in log4j by means of JPF with very limited succes.
 +
 +Recently, in collaboration with Shafiei (NASA) we have developed
 +an extension of JPF called jpf-nhandler.  The aim of this project
 +is to apply this extension to log4j.
 +
 +[1] David A. Dickey, B. Sinem Dorter, J. Michael German, Benjamin D. Madore, Mark W. Piper, Gabriel L. Zenarosa. "Evaluating Java PathFinder on Log4J."  2011.
 +
 +**Required Background:** General CSE408x prerequisites
 +
 +
 +
 +====== DDoS Attack using Google-bots ======
 +
 +**Supervisor**: Ntalija Vlajic
 +
 +**Recommended Background**: CSE 3213 or CSE 3214, CSE 3482
 +
 +Not long ago, botnets - networks of compromised computers - were seen as
 +the most effective (if not the only) means of conducting Distributed Denial
 +of Service (DDoS) attacks. However, with the growing popularity and prevalence
 +of application-layer over other types of DDoS attacks, the DDoS execution
 +landscape is becoming increasingly more diverse. An especially interesting
 +new trend is the execution of application-layer DDoS attacks by means of
 +skillfully manipulated Web-crawlers, such as Google-bots.
 +The goal of this project is to design, implement and test a real-world
 +framework consisting of the following: a) the attacker's web-accessible
 +domain specially designed to attract Google-bots and then manipulate them
 +into generating attack traffic towards the target/victim site; b) the
 +victim's Web site set up in Amazon S3 cloud. In addition to the hands-on
 +component, the project will also look into the statistical/numerical
 +estimation of the framework's anticipated 'attack potential' relative
 +to an actual (real-world) target/victim site.
 +
  
  
ongoing.1366403394.txt.gz · Last modified: by mb