Course Details
| Course | CSC-537 Systems Attacks and Defenses |
| Meeting Location | 2232 EB3 |
| Meeting Times | Mo/We 1:30PM - 2:45PM |
| Credits | 3 |
| Instructor | Alexandros Kapravelos |
| akaprav at ncsu.edu | |
| Office Hours | By appointment |
Course Resources
You can find the class schedule and all slides from the lectures here.
We will use Discord for our communication.
The recorded lectures will be available here.
Course Prerequisites/Corequisites
The course has the following recommended prerequisites:
CSC246 - Concepts and Facilities of Operating Systems for Computer Scientists
CSC401 - Data and Computer Communications Networks
Informal: You need to understand (1) IP networks, (2) modern operating systems (e.g., Linux), (3) basics of systems theory and implementation (e.g., file systems, distributed systems, networking, operating systems, etc.). If you do not have a basic understanding of these areas, you will have difficulty with the course. If you have questions regarding these prerequisites, please contact the instructor.
Course Overview
This class will explore several aspects of security research with the goal of understanding the attacker’s mindset; help the students to develop a foundation and a well-rounded view of security research; and cover some of the state-of-the-art attack/defense techniques and ongoing research activities in a number of topics in software security, web security, privacy and AI security. In this course, we will discuss the following topics:
- Foundations of Security
- LLM & AI Security
- Capture The Flag competitions and Challenge Design
- Web Application Attacks & Defenses
- Systems & Network Attacks
- Secure Design, Defense Mechanisms & Hardening
Textbooks and Reading Material
This course has no formal textbook. The course readings will come from lectures, research papers and other informative sources.
Student Learning Outcomes
By the end of this course, students will be equipped to recognize and exploit common security vulnerabilities, apply rigorous defensive strategies and secure coding practices, and design creative Capture-the-Flag (CTF) challenges. They will also gain hands-on experience with AI/LLM-based applications, DevSecOps tools, and incident response fundamentals, ensuring a practical and comprehensive view of modern cybersecurity.
Key Outcomes
- Vulnerability Recognition & Exploitation: Understand and exploit web, system, and AI-based security flaws.
- Defensive Techniques & Secure Coding: Implement measures like WAFs, parameterized queries, and DevSecOps pipelines.
- CTF Challenge Design: Create and document realistic challenges that test offensive and defensive cybersecurity skills.
- Incident Response & Forensics: Perform fundamental detection, containment, and forensic analyses during security breaches.
- Emerging Tech & Ethical Implications: Evaluate AI-driven risks, containerization security, and legal/ethical concerns in evolving systems.
Course Structure and Grading
The course will consist of several homework assignments that contribute to the final grade in the following proportions:
| Component | Percentage | Details |
|---|---|---|
| Course Project | 70% | - Project Proposal (5%) |
| - Midterm Progress (10%) | ||
| - Final Implementation (45%) | ||
| - Final Presentation & Report (10%) | ||
| Class Participation | 30% | - In-class Discussion (10%) |
| - Lab Exercises (20%) |
The final letter grade will be based on the final percentage as follows:
A+ <= 97% < A <= 93% < A- <= 90% < B+ <= 87% < B <= 83% < B- <= 80% < C+ <= 77% < C <= 73% < C- <= 70% < D+ <= 67% < D <= 63% < D- <= 60% < F
REG 02.50.03 (Grades and Grade Point Average) describes the grade point interpretation of letter grades.
Course Schedule
See the course schedule. Note that the schedule is subject to change as the semester evolves.
Class Participation
To do well in this course, students must actively participate in discussion and demonstrate comprehension of the reading and lecture themes. Students are required to do the assigned readings every week and provide reviews/reports for them. This will be closely monitored by the instructor, thereby making a student’s ability to demonstrate their comprehension of papers essential to a receiving a passing grade. Students are expected to be active in the discussion of every paper, answering questions that other students have and leading a constructive discussion about the papers.
Late Policy
No late reviews/deliverables will be accepted. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.
Attendance Policy
All lectures will be in person for this class, but they are going to be also available also via Panopto recordings. You need to inform the instructor for any absences before class, since this will affect our discussions.
The university policy on excused absences will be observed (see http://policies.ncsu.edu/regulation/reg-02-20-03).
Ethics Statement
This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class. This is a very serious issue – violations may not just be immoral, they may violate federal laws.
When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.
University Policies
Academic Integrity and Honesty
Students are required to comply with the university policy on academic integrity found in the Code of Student Conduct. Therefore, students are required to uphold the university pledge of honor and exercise honesty in completing any assignment.
Please refer to the Academic Integrity web page for a detailed explanation of the University’s policies on academic integrity and some of the common understandings related to those policies.
Students may be required to disclose personally identifiable information to other students in the course, via electronic tools like email or web-postings, where relevant to the course. Examples include online discussions of class topics and posting of student coursework. All students are expected to respect the privacy of each other by not sharing or using such information outside the course.
Students are responsible for reviewing the NC State University PRR’s which pertains to their course rights and responsibilities:
- Equal Opportunity and Non-Discrimination Policy Statement and additional references
- Code of Student Conduct
- Grades and Grade Point Average
- Credit-Only Courses
- Audits
Students with Disabilities
Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with the Disability Resource Office at Holmes Hall, Suite 304,Campus Box 7509, 919-515-7653 . For more information on NC State’s policy on working with students with disabilities, please see the Academic Accommodations for Students with Disabilities Regulation (REG02.20.01)
Trans-Inclusive Statement
In an effort to affirm and respect the identities of transgender students in the classroom and beyond, please contact me if you wish to be referred to using a name and/or pronouns other than what is listed in the student directory.
Basic Needs Security
Any student who faces challenges securing their food or housing or has other severe adverse experiences and believes this may affect their performance in the course is encouraged to notify the professor if you are comfortable in doing so. Alternatively, you can contact the Division of Academic and Student Affairs to learn more about the Pack Essentials program https://dasa.ncsu.edu/pack-essentials/
Course Evaluation
ClassEval is the end-of-semester survey for students to evaluate the instruction of all university classes. The current survey is administered online and includes 12 closed-ended questions and 3 open-ended questions. Deans, department heads, and instructors may add a limited number of their own questions to these 15 common-core questions. Each semester students’ responses are compiled into a ClassEval report for every instructor and class. Instructors use the evaluations to improve instruction and include them in their promotion and tenure dossiers, while department heads use them in annual reviews. The reports are included in instructors’ personnel files and are considered confidential. Online class evaluations will be available for students to complete during the last two weeks of the semester for full-semester courses and the last week of shorter sessions. Students will receive an email directing them to a website to complete class evaluations. These become unavailable at 8 am on the first day of finals.
- Contact ClassEval Help Desk: [email protected]
- ClassEval website
- More information about ClassEval
Syllabus Modification Statement
Our syllabus represents a flexible agreement. It outlines the topics we will cover and the order we will cover them in. Dates for assignments represent the earliest possible time they would be due. The pace of the class depends on student mastery and interests. Thus minor changes in the syllabus can occur if we need to slow down or speed up the pace of instruction.