Course Websites

Subject offerings of new and developing areas of knowledge in computer science intended to augment the existing curriculum. See Class Schedule or departmental course information for topics and prerequisites. Course Information: May be repeated in the same or separate terms if topics vary.

This course provides an in-depth examination of how attackers are audited, detected, and investigated on endpoint systems. Auditing is a foundational concept in operating system security, but has only recently come into its own as an area of active study. We will be studying research, both past and present, on the design of audit frameworks that permit the detection of security violations. Topics will include event logging in commodity operating systems, data provenance analysis, threat investigation, and threat detection. Selected seminal and current papers in the field will also aid in providing context and further understanding of the area. For up-to-date information about CS course restrictions, please view the following link for restrictions and release dates: http://go.cs.illinois.edu/csregister.