The poor level of instruction and vague/lazy assignment documentation resulted in 95% frustration and 5% learning - the lowest point out of the 9 classes I've taken. Some highlights: slow VMs, unresponsive TAs (who tell you to not overcomplicate things instead of pointing you in the right direction), and lack of a validation set up to test your rules/code (you better just know how everything is done before taking this class). This one is an OMSCS zero, folks.

This course is a joke and a complete waste of time.

The documentation of the projects is terrible. You will spend more time alt-tabbing between the multiple docs they provide, none of which they created and are instead pulled from other universities like Stanford.

This course is literally a compilation of other people's work, sloppily put together by non-English speaking TAs. And you can expect the same level of "support" when going through the projects. There is nothing to gain from this course, only useless busy work that is far less engaging than Intro to Sec.

To be honest, this course really has me thinking about the quality of education I am receiving from GA Tech and whether or not it is worth it. It is clear that almost no effort went into preparing this course and it has me worried about other courses.

This is my 4th class (maybe last) and I have straight A's. This program may be an entire waste of time, and the only reason I did it is to show people a piece of paper with the word "Master" on it.

I do not feel like a Master after this course.

Long story short, I had a 90% in the end, but after the final Proj 5, I ended up with a C (77.7%)...and that's after getting the 5 extra credit points.

So, yeah, this might be easy if you're really good at coding, but even after the final exam, I was still at an A. Once that final proj rolled through, the TAs decided to point out early on, Proj 5 can be done in like 9-13 hrs, maybe less. No way, not possible for me. I worked on it for days and days and days, way more than 1.5 weeks, sometimes getting like 2 hrs of sleep. Still got a 37/100 on the final project. Know what the problem is? The hardest part worth 60 pts, the last part, is really a go or no-go. I busted my ass on that last part, and no partial credit or anything. So, that very last task in Proj 5 can break you.

Do not sleep on Proj's 2 or 5.

I enjoyed this class, for the most part. I found the topic to be interesting, and definitely came away having learned some critical skills in terms of understanding and being able to pursue network security. The projects are heavily weighted in this class (80% of your grade), and the quizzes are very easy, so long as you have watched/read the lectures. So long as you do well in those 2 segments, you'll be well on your way to an A, or high B, in the class.

I found the projects to be the absolute best part of this class. I would say the average amount of time I spent on each was probably in 10-12 hour ballpark, but with the caveat that one project took me as little as 6 hours, and another probably was closer to 20-30 (Final project is ML, and if you don't have any ML experience, it can be difficult, so be prepared to use the time you have been given).

HOWEVER, with that being said, I have some serious critiques of the course.

1. The lectures are interesting, but I would say, rather short, and don't do a great job explaining the material. I learned a great deal more in this class reading the provided white papers than I did from the lecture, personally. The lectures do a good job setting up the content of the papers, but to really understand the content, I'd say be prepared to read them. (To be clear, this is not necessary to be successful in the class, but if you want to walk away with a good understanding of the material, I'd say take the time to read them.)

2. The projects, as fun/interesting as they are, are not well defined. By this I mean: the projects tend to simply thrust you into the topic/task, without providing a lot of context as to why you are doing them. I found this to be pretty disappointing. Part of the reason you take a course like Network Security is to understand the intent behind the projects. What/how can I use the skills I've gotten from this project to better my own, personal, career and skill set? That isn't really well defined in at least 3/5 of the projects, particularly the final project. Even though I received a 100 on it, in the end, I can't tell you how I'd actually apply the skills I received in doing it outside of that very particular project. It was more "leetcode" than "gain knowledge."

3. There were a fair amount of technical bugs in the course, particularly in regards to the sharing of said White Papers in each module. Some were simply unavailable on the websites we were directed to in order to download them, and others were effectively behind paywalls that GA Tech students couldn't access. I was able to find every paper (except for one) with some Google sleuthing, but it's unfortunate I had to do extra work just to read what I was supposed to.

Overall, the course is definitely interesting if you want to learn more about Network Security. I really couldn't recommend it, otherwise. Even then, I'd say you'll walk away with a basic understanding of the topic, not what I'd personally consider a "Masters-level" understanding.

This class was great, I enjoyed most of the projects. I would say none of them took me more than 10 hours but your YMMV. Some students would take all 2 to 3 weeks working multiple hours a day and still not finish. It really depends on your experience level. Taking IIS before this helped a little bit. TAs are decently responsive on forums but I never needed much help. The class Slack usually has helpful people in it. Lectures were pretty decent too and the quizzes weren't too bad. The prof is non-existent in the class but at least the TAs were there. If you can Google around, this class shouldn't be that hard, very similar to IIS.

This course is overall a decent course for learning many modern network security tools and concepts. Its biggest strengths are the hands-on assignments that provide students a way to actually experience exploiting network vulnerabilities. Generally it was easier to complete each assignment in a single sitting, so workload fluctuates between 1 hr/week to 10 hrs/week. Where this class struggles is the occasional lack of instruction. While the lectures are well made and easy to digest, they do lack some crucial concepts for the assignments, and must be supplemented with by external readings. The assignment instructions themselves also occasionally struggle with a similar issue, many of the instructions are unclear and needed to be clarified. Since the bulk of grade points are allocated to assignments, this course is relatively easy to pass with a bit of effort. If you do well on assignments, it is easy to simply guess on the final exam and still make an A.

Course is heavily weighed upon by class projects. Some of them were very straightforward with inclusive directions and clues in the assignment directions; however, one of them was 100 slides long, which made it very intensive and time consuming. Project 4 for me was the difficult one, as it had little to no direction in capturing malware protocols. A lot of the projects were based on VMs that were laggy and unresponsive. A lot of the tim spent in this course was debugging the project setup issues. There was some leniency in grading and the staff was helpful and responsive.

The course is mostly project-based (for this semester, it was 80% of the total grade), with quizzes throughout the semester, as well as a final. I took IIS the previous semester, and it felt pretty similar.

The quizzes are really easy, and sometimes the questions are word-for-word from the lectures or papers. Just watch through lectures at 1.5x, read the papers, and the quizzes should be pretty straightforward. I even missed a few, and it didn't really affect my grade overall.

The exam covered most of the lectures and had a couple questions about the projects -- I spent maybe a couple hours going over some of the lectures I missed, then ended up just winging it and got an 80%. Based on my grades thus far, plus the fact that it was only worth 10% of my grade, it didn't really make sense to spend days reviewing all of the lectures, but YMMV here.

As I mentioned before, the bulk of the class is the projects. I thought they were pretty interesting for the most part, and as long as you start early and ask questions in the Ed Discussion forums when you get stuck, there's no reason you shouldn't do well on them. I wouldn't recommend this unless you're confident in your coding/debugging/general technical skills, but for the last couple of projects I started on the Saturday before it was due (it was due Sunday evening) and was able to complete them in ~8 hours or so. If you don't have a technical background, I would start them right when they come out to make sure you have ample time to ask questions.

There was also 5% extra credit where you just gave feedback/suggestions about each project, so definitely do this, as it made the difference between needing an 80% and a 10% on the final to keep my A.

All in all, I enjoyed this class, and it felt about on-par with IIS in terms of difficulty if you're looking to take this one as a next step.

This class had some bright moments but was overall pretty underwhelming. The weekly quizzes and the lectures you have to sit through to accomplish them are not good. They are extremely dated videos with statistics and concepts from over ten years ago. Some things in the CS world can stand for ten years but most cannot. I found it frustrating to see statistics from 2013 quoted to me while watching lectures. The lectures never really had any crossover into the projects and the quizzes were short with poor questions being written for them that lead you to have a high potential of missing a question and dropping your quiz grade to an 80. The final exam was the same way with a small number of unnecessarily cryptic questions. It was truly a poor way to cap off the course.

The projects were generally interesting and well-developed with the exception of one or two.

Overall, I think this course would be drastically improved with an overhaul to the quiz/testing portions if not a complete removal.

Fun course that surveys the broad area of Network Security. The assignments were not hard, but gave me a good exposure of different areas like penetration testing to malware behavior. Lecture were not really that engaging but were kept short and too the point, which I appreciated. Quizzes are open notes so very easy to get full score, and the exam was very similar to what you see in the quizzes. Would recommend it as a fairly easy class to anyone with any interest in Network Security.

I really enjoyed this class (I made 100%). It covers a broad set of network security topics and the projects are a fun way to dive into the material. This is a great summer course to get you through the fundamentals.

I won’t go into the details on the projects because other reviews have covered that in detail, but I will cover strategy for doing well. This class graded as 80% projects, 10% weekly homework, and 10% final. You also have the ability to get 5% in extra credit. Prioritize the projects and start early. They make this very clear in the instructions, and yet folks seem to always put this off. Don’t. I made 100% on all projects except project 5 (because I made a couple of silly mistakes, and there isn’t an autograder, no worries though, still make 100%). Do the homeworks each week, don’t sweat it. I made a 90% of the home works with little effort. Watch the videos, read the papers, and you will be fine. I did a speed run on the final without studying. It took my 10 minutes and I made an 84%, I needed something like a 20% to make an A in the class. Last bit of advice: do the extra credit, I was given full credit and this part wasn’t too bad. This made up for the p5 mistake and my final, and it gave me a 100.2% as my final grade.

CS6262 Network Security: Spring 2022

This review isn't overly dissimilar to the one posted on May 3. But I will try to point out a few of the things I feel are important to know about this class.

Class overview

This was my second class in OMSCS. I took CS6035, Introduction to Information Security the previous semester. If you have some background in cybersecurity then you can likely succeed in CS6262 without taking CS6035. There is some overlap between CS6262 and CS6035, but not a huge amount. For me though I am glad I took CS6035 first.

Time Commitment

I did not record my time properly for this class. On weeks where there was a 6 papers to read, a quiz to complete, and a project to work on I was spending around 15-20 hours. On other weeks where all I had to do was skim through 2 or 3 papers, a quiz and I had already finished the project it was more like 5 hours. The time I have given on OMSCentral is a best guess estimate at the average input per week.

Project 1

Project 1 was a lot of fun. I had no previous experience in penetration testing so getting to use tools like Metasploit was enjoyable. If you have a basic understanding of Linux and can follow the instructions in the writeup, which are designed to guide you to success, there's no reason why you shouldn't do well on this priject.

Project 2

Project 2 was probably my favourite as it focused on malware analysis and forced us to go deeper by using reverse engineering and debugging tools. The fact that you have to analyse Windows, Linux and Android malware samples means that you get to try a wider range of tools and techniques. Again the writeup does a lot to guide you on what to do to succeed. This makes sense as malware analysis is difficult and for many this will be their introduction to the process and without guidance I would expect a lot of students getting stuck on this project early on.

Project 3

Project 3 seemed to be the one that a lot of students had the most difficulty with and this is probably because it required some Javascript coding. The project is about launching web attacks against a blog writing website. The environment created for the project feels a bit odd at first because you have to deliver results to a per-student page using requests. Once you get over the hurdle of how to do this properly things get easier. There was also a bit of confusion as the project writeup recommended to launch one of the attacks in one way, but then the project TA recommended on Piazza (or maybe it was in the Bluejeans demo video) to do it another way. This highlights an important point: Read Piazza! (More on that down below). Overall I think this project seems more difficult than it really is, but for anyone who is weak with Javascript I would recommend spending a little time to understand promises to make your life easier.

Project 4

This was probably my least favourite project, and it wasn't that bad. Project 4 was about analysing traffic in Wireshark and then writing Snort rules to detect certain types of attacks. The reason why I didn't like this project was that I felt there was some misdirection in the project writeup on what we were supposed to look for in DDoS traffic. This led me to waste a lot of time going down the wrong path trying to find the solution. I also burned a lot of Gradescope submissions doing this, and submissions were limited to 10 for this project to prevent bruteforcing the solution. To counter this though one of the project TAs, Melissa, went out of her way to help get me back on track with this project. She deserves a medal for dealing with my stream of annoying questions, and for answering some of those questions live during Office Hours (of which I only attended 1 for the semester).

Project 5

This project was about machine learning for intrusion detection and evading an IDS by modifying an attack payload to bypass the IDS. This was a fun project and involved some Python programming. I liked this project because it provided less guidance than the others. It required us to read and understand concepts from a paper and apply them as an algorithm in Python code. To be fair, the most important parts of the paper were distilled into a simpler form in the project writeup, but you still needed to read the paper to understand the different terms required in the algorithm. There was a project in CS6035 that focused on machine learning, but unlike that project, this one really did not require more than the most minimal understanding of what machine learning is. There were parameters for a machine learning model to tune, but unlike in CS6035 they were far better explained, and tuning the model was quite easy and for me there was no frustration over trying to understand how the machine learning model worked which wasn't part of the project anyway. This was a good project to end the semester on.

Papers

The papers were the low point of this class for me. Some of them were interesting, some of them had some historical significance, others were too mired in technical detail for me to get much out of them. Early on in the semester I looked up advice on how to read academic papers and this genuinely transformed how I read the papers and saved me a lot of time. I would recommend this to other students like me who haven't been exposed to a lot of academic papers before this class. I do recommend reading the papers because the quizzes and exam have questions that relate back to them, but don't get caught up in trying to understand every little detail. Only project 5 required reading any papers to understand the project, and even then the more difficult parts of the paper were distilled into a much more usable form in the project writeup, which was hugely appreciated.

Exam

The final exam was 25 questions with a mixture of multiple choice and true/false type questions. The exam is only worth 10% and the effort required to do well in it is low. To prepare for the exam I re-watched the lecture videos that mapped to the topics given in the exam study guide and re-read the assignment writeups. The topics given only covered just over half of the lectures and the remaining topics were related to the projects. I don't regret having spent the time on preparing, but so long as you did well on the quizzes and projects you could walk into the exam and expect to get a decent grade just from your overall understanding of the semester. I only needed around 2% to ensure an A in the class and got 90% in 15 minutes of the allocated hour.

Extra Credit Assignments

The extra credit assignments were 2 separate reviews of projects 1-3 and 4-5. The reviews aren't particularly good because there isn't consistency in the questions asked. They come out at the end of semester which I felt was not a good idea because by that time a lot of the finer details around each project have been forgotten. I would have preferred a review for each project released alongside each project so that I could give feedback as I worked through the projects. I'm not sure how these assignments are graded but they add up to 5% and I am fairly sure that as long as constructive feedback is provided that full marks are given. These assignments are a good way to get you over the line if you are just shy of a better letter grade.

Piazza & TAs

The Piazza discussion forum was active throughout the semester. The TAs were very helpful in answering questions and providing hints to help with the projects. A lot of good information came up in the discussions on Piazza, but other than one or two instances I did not find crucial information buried in Piazza that should have been in the project writeups. Compared to CS6035 I did not feel that the discussion was stifled by the threat of the OSI hammer. TAs and students were more free to provide helpful information rather than constantly trying not to cross a line by providing too detailed of an answer.

Final Result

At the time of writing the final grades haven't been released and the extra credit assignments haven't been graded but I am sitting on 98.7%.

Final Impressions

I enjoyed Network Security. It gave a good overview of a lot of topics and reinforced the fact that I want to take Advanced Malware Analysis and Information Security Lab. I actually found this class easier than its natural precursor, Introduction to Information Security. I think this was in part because this was my second class so I better understood how things work in OMSCS. I also think that the projects were a little more guided, and to some degree built on the concepts introduced in CS6035. I don't remember anything akin to the slog of trying to figure out XSS, CSRF and SQLi in the web attacks project in CS6035. I would recommend this class, and knowing what I know now, I think it could be paired with another class for those looking to get through OMSCS faster.

Network Security OMSCentral Review

Summary

What this class is

This class is a good introduction to network security topics. It also covers a wide range of adjacent academic papers and their theoretical implementations. This class is mainly project based with quizzes and the final exam a small weight of it. Some of the concepts require solid computer network fundamentals and some exposure to security concepts. This class required mild programming in python and JavaScript. The class utilizes Gradescope for all project except project 5, so you know how you are doing as you complete them.

What this class is NOT

This class doesn’t go extremely in depth on topics in the lectures. The depth of the class can occur on topics relating to the projects. This class will not teach you the basics of networking, such as the OSI model and various protocols. That is prior knowledge that is essential to the class.

My Review (Overall Grade: 97%)

Background

Undergrad CS-major with prior experience in cybersecurity/computer networks. I have probably a little too much background for this class. Therefore, take my below time-spent statistics with a grain of salt.

Overview

Here is a link to the syllabus: https://omscs.gatech.edu/sites/default/files/documents/course_page_docs/syllabi/cs_6262_syllabus_and_schedule_2022-1.pdf

I meticulously tracked my time spent on this course and each individual project throughout the semester using a tracking app. The times stated are very accurate (+/- 5%).

Total Hours spent on this course: 63 hours and 32 minutes

Average hours per week: 3 hours and 44 minutes

Max hours spent in a week: ~9 hours (project 4, Snort/Network monitoring and project 3, web based attacks, took up the most time)

Min hours spent in a week: 0 hours

Lectures/Readings

The video lectures are quick and bite-sized chunks relating to the overall topics and sometimes the associated readings. They are easy to get through. The papers associated can be long. I recommend skimming them unless they directly relate to the project (such as the paper on PAYL for project 5). I did not study the lectures/readings very much.

Quizzes

Quizzes are open book, and weighted very low. I would just take them after looking at the lectures and they will be very easy.

Project 1 (4 hours 50 minutes, Grade: 100%)

This project was a good introduction to penetration testing. You fulfill most of the steps of a penetration test such as scanning, enumerating, to escalating privileges and even cracking password hashes. I have prior experience in penetration testing so this was fun and easy. The escalating privilege aspect of the project can be tough without prior experience.

Project 2 (9 hours 6 minutes, Grade: 98%)

Malware analysis. This project touched on some relevant techniques for malware analysis. However, the malware was very old. This project spanned using tools/techniques to analyze various samples of Linux and Windows malware. I had no prior experience in this and found it challenging but doable as long as you start early and read the writeup thoroughly.

Project 3 (14 hours 22 minutes, Grade 100%)

This project took the most time. It is very JavaScript heavy, with things such as Fetch() and Promise() comprising the most important concepts I wish I knew going into it. With zero JavaScript experience, this took me a lot of time of trial and error to get everything correct. However, I did eventually get it and got full points, so don’t get discouraged just keep plugging away. Review Mozilla Web Dev docs to get an idea of the basic concepts necessary.

Project 4 (13 hours 58 minutes, Grade 100%)

This project uses Snort rules and Wireshark to detect types of network attacks. It is an enlightening project that requires some understanding of Wireshark and network protocols to be efficient. Never used Wireshark before? This may be a tough project. Also, there are snort multithreading issues on the VMs given to the students. I spent a long time debugging an actually correct answer because a snort problem said my rule wasn’t working properly. In short, if it’s not working the way you expect, ask a TA in a private post on Piazza. They were helpful.

Project 5 (6 hours 57 minutes, Grade 100%)

This was by far the most rewarding project. It required reading a paper the professor authored on evading PAYL, which is an ML-based network intrusion detection system. In this project YOU are the attacker. In this project you write python code to implement the algorithms and designs from the paper in order to evade the PAYL by “blending” your network attack to look like normal traffic. This was rewarding as it takes an in-depth understanding of the paper, and recreating the results of it. There is no Gradescope for this project, but you can check your end result with a supplied makefile.

Exam

Final Exam: 76%

I did not study for this exam and took it quickly since I needed only a 5% to get an A in the class. If you watch the lectures and read the project writeups before the exam, an A is achievable.

Very good class. The projects were very fun though also challenging. This is my ideal type of class. I hate tons of reading and I hate gotcha style exams/quizzes. The discussion board helped a lot and the grading was quite fair.

If you are interested in security, then this is an interesting course. This course highly depends on projects. There are 5 projects, they are either medium level or hard level. And each project consumes at least 15-20 hours, so if you are not interested in security, then it could be torture. The projects are actually not bad, TAs are helpful, and it could be very painful before you figure out everything. I highly recommend START PROJECT EARLY. Overall, a decent course.

It was easy and well structured course. I took it single in the fall.

I liked that it was project based mostly (80%), quizzes (10%) and final exam (10%). Along with 5% of extra credit. So it is super possible to get an A.

Quizzes (open everything) are easy once you go through the lectures. Content is introductory and those who wanna go in depth, research papers are provided to go through.

Projects (all VM based except one) are like solving puzzles and are very nice, great instructions, excellent TAs and OHs. Start early and you'll be good.

Exam (close everything) I haven't given so far, but it is mentioned that it has the same difficulty as quizzes. If you score all full in projects, quizzes and extra credit, you can avoid giving exam as well.

Would be a nice summer course as well. But I don't think I could do it along with another course in the fall.

Overall, recommended for only those who either wanna go into network security field or it is falling under their specialization. In order to go into depth of each topic you'll have to read research papers on your own, the course doesn't push you to do that.

This was the first class I took in OMSCS. The course is more of a broad/general overview of security concepts in networking rather than going in depth into a particular area. Some of the lecture topics are very interesting, but in general I found it to be dry. The quizzes/exams are fairly easy if you do the readings and watch the lectures. 80% of the grade is projects - most of which are straightforward, all you need to do is follow the instructions. Project 2 is the most time consuming - I would start it as soon as possible, ESPECIALLY if you don't have javascript/web dev experience. The other projects, I started within a week of the due date and comfortably finished in time.

Overally, average to slightly below average difficulty.

Projects are pretty cool -- different side of CS instead of just coding. Lectures are concise, but sometimes difficult to follow. I appreciate the short lecture length, though.

Projects are not that hard, you just have to follow the steps mostly. All in all a good class that I recommend. Good cross between security and networking (obviously).

This is a survey course giving you a broad overview of topics but not going in depth on any single one. The required reading is all papers, and helps give a bit of depth to the course, but just realize this is more an introductory course.

The class is project based, which I liked. 5 projects that introduce you to specifics of the topics covered. Most of them are pretty easy, especially if you have any background in python development. I personally came with 12 years of software developer experience with my python programming experience being mostly hobbies or automation scripts. I found the programming pieces really straight forward and relatively simple. The project instructions will walk you through what you need to do, with very little ambiguity.

The exam isn't too bad even though its cumulative. Jut make sure you give yourself time to review notes and lectures. As mentioned before, concepts are not really repeated since its a survey course, so you'll need time to review stuff from the first lectures since you won't have any exposure to them later on.

Having worked as a backend engineer, it was interesting to explore this area.

The course has interesting material and is very hands-on. The TAs did a great job. Recommended.

Came in as a full-stack web developer with no networking or security background whatsoever. This was my first class in OMSCS. Took it as my only class while working full-time.

CS-6262 is very hands-on and project heavy. The quizzes are easy for the most part if you take notes and do most of the readings, but the bulk of the work/fun are the projects.

Really loved the content and learned so much.

The TA's are great.

This had been 4th course taken, currently I am in a 6th. As with other OMSCS courses Network Security requires continuous dedication to succeed. In general, the course is tilted towards projects with smaller emphasis on exams and theory. Make sure to practice some JavaScript and HTML beforehand to avoid unnecessary pain. Taking Intro to Information Security prior is strongly recommended. Finally, you should like solving puzzles for this one.

This was a solid course. The lecture materials felt relevant, the quizzes were fair (you'll do fine as long as you follow along with the lecture and readings), and the projects were well-designed in that they allowed us to learn some key concepts without being overly difficult.

Similar style to IIS -- a natural follow-on. A couple projects were particularly challenging and sometimes there were bugs, but still quite good overall.

The previous reviews were not indicative of the current state of this course. I thought this was a really good course. The TAs did a great job, but the professor is absent.

To start with my background, I am a software developer working as a full stack developer and have a good amount of hands-on experience. Now coming back to the course, it is overall a great course with good projects.

Also before I proceed further about details, i would like to give a great shout-out to the TA team. TA team is very helpful and also they always made sure they release the grades before any major deadline (sometimes they released within 3-5 days).

I do not have much experience in Networking and security part, so I liked the course overall ( the only improvement would be enhancing the lecture videos to the current topics). The projects are overall great with a decent amount of coding requirement as well ( Project 2 (JavaScript) and Project 5 (Python)).

The course consists of 10 quizzes (10% weightage) , open everything. Not easy to score full marks and some questions will be from related reading papers.

Project 1 (10% weightage) –Easy to Medium difficulty and doable Project 2 (10% weightage) -Medium to High (to very High for some ) – This project has 4 subsections – one of them is creating a chrome extension – needs little hands-on experience. The other one is clickjacking which is updating the DOM of a search result of a shopping store. This needs a decent amount of hands-on in Java Script. And most of the class struggled with this.

Project 3 (20% weightage) – Easy to Medium difficulty – just that you have read a huge write-up, otherwise it is easy to follow the steps kind of work.

Project 4 (20% weightage) – Easy to Medium difficulty – you have to write snort rule – once you understand basic its pretty straight forward

Project 5 (20% weightage) – Medium to High Difficulty – You need to write some amount of Python code after understanding one of the algo in a reading paper.

Final Exam (10% weightage) – Closed everything – Same Difficulty as quizzes – lecture videos and projects understanding in scope ( no additional reading papers).

As I mentioned initially, TA team worked really hard to give provide the grade of Project 5 before the exam date was over( has more than 24 hrs) and this helped as you know how much to score in the exam for your targeted Grade.

Also, there are 2 additional items for feedback on projects which are worth 5% additional weightage.

So overall I liked it and can say if you can score well in projects 2 and 5 , an ‘A’ grade achievable.

Great course with interesting projects.

Project 1 was an introduction to pen testing. If you have experience with Kali Linux tools (e.g. Metasploit) or have done any hack-the-box or CTFs, it's pretty on par with that. The write-up is more of a step-by-step tutorial. Very easy.

Project 2 was a four part web attack project. The first 3 parts are medium difficulty, but I found click-jacking to be difficult and time-consuming. This project took me the longest to complete, but I have no web development experience outside of IIS. Experience with Javascript and HTML will make this much easier for other students. Hard.

Project 3 was malware analysis on Windows, Linux, and Android malware samples. No prior experience needed, just three long write-ups to follow. Medium.

Project 4 was network traffic analysis and intrusion detection using snort. Familiarity with Wireshark is useful here but not required. Easy.

Project 5 was bypassing an ML security IDS. Very interesting project and I learned a lot. Be prepared to code in Python. Medium.

Overall a nice course to introduce you to the various attack scenarios though I wish the project could expand further. That would be another course of course. It is not an easy course like some people suggested, as there are quite a few information you need to familiarize yourself with.

The projects each have their own pros and cons and difficulties. Be prepare to spend a lot of time doing your own researches as you need to craft your own codes specific to the projects, and also familiarizing and using new tools for every project. I would say projects 2 and 5 are the most difficult for people who aren't strong with web programming and python. At one point I was seriously considering dropping the course after project 2 spending countless hours in frustration and because the project was a bit vague and not very helpful. Other projects will also take up a lot of time. If you screw up the projects, you are toast, as they take up a huge chunk of your grade.

Beware there are parts of projects that are very tricky. They might lead you to think you have the correct attack solution, but you actually don't. As the saying goes, security through obscurity. If you think you can spend a lot of time in frustration going through loops trying everything you can think of to craft the right attack code or using the tools correctly, then go for it. Otherwise, I won't recommend you to take this course.

tough but it was alright, good content

The course content is not quite relevant to the project. It only covers the basic concepts without explanations in depth. TAs are not helpful. I have a CS bachelor's degree and work as a software engineer, but no network background. It is difficult to comprehend the materials without any support. I spent time reading papers and googled around to understand the project. It is a waste of time if I did not know where to go. The workload is like sitting for 16 hours in frustration searching and reading. The extra 2 hours is spent on project if I understand it. I dropped the course halfway.

Although this course has many mixed reviews, I'm glad I decided to take the course. The determining factor on how you will feel about this course is your background. If you do not have experience with programming, you will not have a good time in projects 2 and 5.

I would recommend taking IIS to get some understanding of concepts, namely XSS, in order to do well in this class. It is close in difficulty and organization, thus if you did not like IIS, you will likely not care for this course as well. This class is slightly harder than IIS, so if you found it to be very challenging, factor that in to your decision to take this class.

One of the things I loved about the class was the grade distribution. 80% of your grade is based on projects, which is where you will spend most of your time. Each project took me about 10-20 hours to complete.

Projects

Project 1: Penetration testing

You will use various tools to scan for openings and vulnerabilities and take control of a system. Very easy. Follow the write up and you will basically be guaranteed a 100.

Project 2: Advanced Web Security

This was the project most in the class found to be most difficult. If you have experience with web development and manipulating the DOM, this will not be very hard. This project is where IIS and XSS helped out.

Project 3: Advanced Malware Analysis

Possibly the most time consuming due to the massive write up. Not very difficult but really interesting. Follow along with the write up and you will be fine.

Project 4: Network Traffic Analysis

You will use an IDS program called snort to determine which packets are malicious in network traffic. In our term, the TAs opened up the autograder to test your rules which made this project much easier.

Project 5: Machine Learning for Security

You will implement an attack that will bypass machine learning models applied to network packets. Be sure to read and understand the papers that are assigned for this project. You will be implementing the algorithms presented in this paper. This was the most challenging in my opinion, but the most enjoyable.

Quizzes

You will have one quiz each week that is open book/notes. These felt like a chore. My advice is to watch the lectures and scan the papers abstract, results and conclusions to get an idea of where you will need to reference during the quiz. Although I did not read all the papers, there were some very interesting ones that are worth reading.

Final

The final covers the entire class, which was somewhat intimidating, but overall not that bad. One of the saving graces of the final was that it included questions related to the projects, so as long as you understand the concepts the projects are trying to teach, you will pick up some points here.

My first course with OMSCS - took this one up as a challenge to see where I stood. 12 years of IT experience but I was never a full time developer. One thing I came in with was a personal interest in Network Security from my teen days.

Expectation - Professor will participate more.

Outcome - One BlueJeans meeting with both his course participants. He's really done good work I could tell from the his own papers and endeavors. Wish he spent more time with us OMSCS folks.

Expectation - Lectures will be engaging.

Outcome - Dry, best to read the papers per module (a ton of papers) , then the professor's slides, then watch the videos.

Expectation - Projects will be engaging and require team work.

Outcome - No group projects, very good write ups, good and responsive TAs.

Expectation - Quizzes will be tough.

Outcome - Difficulty varied. Even if they are open book, not easy to find answers as the wording is oh so confusing and tricky.

Expectation - Exam - (yes only 1 exam at the end) will be easy. Because hey, I maintained 95%+.

Outcome - Few topics saw more questions, I personally could have done better.

Pro Tips :

1. Go with an open mind. The more you fight the format and the amount of paper reading, the more you will struggle.
2. Start all of the projects early. They tend to creep up on you. Some projects will seem like a guided session, really easy. Some will make you go through the motions of - "Oh this should be easy" to "Why did i take this course" to "Oh god, I'm doomed " to "Okay - that was sort of worth it".
3. If you have never worked with Linux or Javascript or Python, you will find a few projects a little challenging. Nothing you can't overcome though.
4. Extra credit is really easy work. Don't miss it.
5. They say you should ideally have done CS6035, I did not feel the need for it, just was tested in a few quiz questions which is the only time I felt I should have taken that before. Then again quizzes have very small weightage.

At the end of the course I came out thinking - "This was really a well paced course, a ton of reading and note taking but worth it".

And I have a more thorough understanding of the subject - loved the malware and bot analysis part.

My Background: 3 years experience in information security as a penetration tester. The content was all very familiar to me. I was working full time while taking this class.

I think this makes a great starter class if you have some sort of background in information security already. The projects will still take quite a bit of time to accomplish so start early. Most of the final grade is based on open book quizzes and the projects, so it is a direct reflection of effort you put into the course. The closed book exam might be a little more difficult but it was only ~10% of the grade.

Overall I think this was a great introduction to graduate school. The course load is probably less than average of a normal class, maybe closer to average if you don't have any background in information security. (I consider average between 15-20hours /week)

I track my time very closely, this class took a total of 58 hours and 27 minutes. Which averages to 4 hours a week. This class is heavily project based (80%), so most weeks I spent closer to 1 hour. And for the weeks that had a project do I spent more.

There are 5 projects, the 2nd and 5th (web attacks and ML) required some minor coding, if you're already a full time dev the coding sections will be trivial. If you are new to programming then start those on day 1.

Overall I really enjoyed the projects. The weekly quizzes were pretty awful though. While they were open book, the questions were arbitrary and didn't test actual knowledge. The final was similar to the quizzes but closed book.

TL;DR

This is a good introduction to a lot of tools and procedures to dealing with various network attacks/malware, etc. It heavily focuses on projects to that end. Despite this saying 10 hours per week on average workload, the time was more heavily weighed towards one project in particular, while the rest are way less than about 5 hours.

Grading

• Projects (80%)
  • Project 1 - Shellshock vulnerability (10%)
  • Project 2 - Web Application Security (10%)
  • Project 3 - Malware Analysis (20%)
  • Project 4 - Traffic Analysis (20%)
  • Project 5 - ML project (20%)

• Quizzes (10%) - 10 Quizzes, 1% per quiz
• Exam (10%)
• Extra Credit (5%?)

Project Experience

Overall, project 2 and project 5 have the most involvement due to the programming requirements. Project 2 is the most difficult of the 5, as it has the most content and it requires a decent amount of JavaScript programming to get full marks. Project 5 is difficult, but the required programming is simple once you understand what it is asking of you. Projects 1, 3, and 4 I was able to complete in a day or less. I believe that they are revamping it so that each project has an autograder to give you the ability to check where you are at, but I am unsure. We had the autograder for Project 1 and 4, and Project 5 had a "local autograder" included in the VM. Overall, these were pleasant projects, and enjoyed the challenge of some.

Content Experience

I didn't like the video lectures - I believe that they could easily summarize them into a few videos instead of arbitrarily timed ones. The mid video quizzes were distracting. The weekly quizzes were often obscure and will have questions about the papers usually, but they are open book. The final is not, but the final seemed to be less focused on paper and obscure questions and more focused around the projects and some of the more straightforward quiz questions.

Why should you take this?

Take this if: you have an interest in vulnerabilities and attacks on networks and how to mitigate them. The content is interesting for sure, especially if you are like me and don't get a chance in the industry to cross into this side of IT (Back end dev).

Lectures: There's 20 lectures spread out over 13 modules. They provide a high level overview of the topic and can be completed between 30-45 minutes each. The topics are as follows: DDOS, Cybercrimes, Penetration Testing, Browser Security Models, Web Session Management, HTTPS, Security of Internet Protocols, DNS Security, Malware Analysis, Mobile Malware, Cloud Computing & VM Monitoring, Property Preserving Encryption & Oblivious RAM, Botnet Detection, Internet Scale Threat Analysis & Scanning, Domain & Network Reputation, ML for Security, Data Poisoning & Model Evasion, Blockchain & Bitcoin, Alternative Cryptocurrencies, and Attack Tolerant Systems.

Reading Material: Each module has around 3-5 papers that you should read. They provide an in-depth explanation of various topics discussed in the lectures. The papers averaged around 15 pages each and are dull reads but are essential for doing well on the quizzes and learning the topics. There is no required textbook for this class but there is an optional book called the Hackers Playbook. I recommend ordering the second edition if you are interested in learning about penetration testing or bug bounty hunting. The first can be skipped due to it being more of a rough draft to the second edition. The third edition covers red team topics. None are needed for the quizzes.

Quizzes: There are 10 quizzes throughout the course and they cover material discussed in the lectures and reading. They are under 10 questions each and are true/false or multiple choice questions. Some questions are poorly worded. The quizzes total up to 10% of your final grade and are open note.

Final Exam: The exam is closed book, 25 questions and is similar to the quizzes style and format. It's worth 10% of your total grade and covers material from the lectures and projects.

Projects: There are 5 projects worth a total of 80% of your grade. Project 1: Exploiting a web server with Kali, Project 2: Various client side attacks, Project 3: Static and dynamic malware analysis (Linux/Windows/Android), Project 4: Detecting malicious traffic with SNORT, Project 5: Bypassing a ML based IDS with polymorphic blending.

I found the projects to be enjoyable. Each one took 3-5 nights to complete with project 2 being the most difficult due to needing clarification on the write up and fine tuning JavaScript behavior.

Overall: This class is worth taking if you have an interest in cybersecurity. I recommend coming into this course with an introductory level knowledge of computer networks, security, JavaScript and Python. Introduction to Information Security and Computer Networks are possible classes you can take before taking this course if you want to prepare for it. Information Security Lab - System and Network Defenses would be a good follow up course for more practice.

Breakdown

• 10 Quizzes (10%)
• 5 Projects (80%)
• Extra Credit (5%)
• Final Exam (10%)

Quizzes

Open-book, timed. Approximately one every 1-2 weeks. Range of multiple choice, multiple response, and True/False questions. Based on the lectures and reading.

Projects

1. Penetration Testing (network scanning, attacking vulnerable hosts)
2. Web Security (XSS, framebusting, clickjacking)
3. Malware Analysis (windows malware, linux malware, android malware)
4. Traffic Analysis (using snort to identify malicious traffic)
5. Machine Learning (training and exploiting ML security)

Each project can be completed in a weekend, some taking much longer than others. I found Project 3 to be the most time-consuming. Students without web development or JavaScript background likely struggled with Project 2.

By and large, the writeups are enough to get one 80-90% of the way to the finish line, with the remaining 10-20% requiring scouring readings, internet, and Piazza.

Extra Credit

1% awarded for constructive feedback on each project via survey.

Final Exam

Have not yet taken it. Covers all material. It's nice that the course offers the option to secure an A before even taking the final.

I really loved the course content and massive learning opportunities that were present in most projects. As others have said, the lectures are showing their age. They provide a good 30,000 ft view with a bunch of random statistics and quizzes that we could do without.

I spent 95% of my time working on the projects since they comprised 85% of the grade and were unarguably the most enjoyable part of the course. My least favorite project was advanced web security because I'm not a big fan of JS/HTML. With enough sweat and tension, the project was doable (clickjacking be damned!).

The TAs I've dealt with were amazing. Huge shout out to Grant for doing his absolute best to stay on top of things!

This class is good content is super awesome a lot to learn in it but the first lecture kind of sounds like it starts in the middle of another lectuer which is weird but easy to jive with. There are weekly quizzes on lectures and readings (no textbook). Project about Web security is very tricky put me in a hole real quick. The write up needs to be altered and be much more clearer.

Also this project has to do with developing a chrome extension for something and i find it to be very unnecessary the project would be so much it better if it flow together the sections and not do this with one part, then this with another etc... it should all just take place on the 2nd part websites task.

The project that has to do with malware analysis is awesome long pdf document but very clear to follow and understand great exposure to those tools as well.

The project with snort is an interesting one the write up should be modified slightly to illustrate clear deductions and really showcase where the deductions could come from other students had an issue with i didnt thank goodness but easy to get tripped on it Overall this project wasnt bad pretty straight forward.

The project with python that is last is nifty you do some cool stuff in there make sure you read papers and lectures they are there for a reason.

Overall: Class is good lectures are interesting, TAs are okay there are a few that could be swapped out. But the turn around for grades was good.

Lectures: they seem to be from about 2015/2016, and are starting to show their age. They're really just for a high-level overview of topics, with the expectation that you should read the assigned papers to get more depth. Recreating the lectures would also be an opportunity to clean up the "flow"; there are lectures in which Prof. Lee abruptly switches from one topic to another with no attempt at a transition. They're also peppered with fairly useless "knowledge checks" that will quiz you on random statistics you'd have no way of knowing beforehand, or other trivia like vocabulary that hasn't been covered in the lecture.

Projects: the content is good, but the instructions really need to be rewritten completely. They often contained contradictions or ambiguities or broken English, and even references to past semesters' versions of the projects. Nowhere close to enough quality control here.

Project 1 - web exploits. Okay project, but the inclusion of a Chrome extension has nothing to do with security and was seemingly just thrown in to artificially increase the difficulty. Project 2 - advanced malware analysis. Probably the worst offender in terms of poorly-written instructions. Instructions consist of a 110+ page Powerpoint (smh), another 40ish page Powerpoint, and a 15ish page PDF. Project 3 - network traffic analysis and differentiation with Snort. Project 4 - machine learning for security. The first two parts of the project are just parameter tuning, while the third actually involves coding. Extra credit project - Shellshock. By far the shortest project, and should only take you an hour or two to complete.

Quizzes: like in IIS, the quizzes don't require a lot of critical thinking and are just there to make sure you're keeping up with the readings. Better edited questions than in IIS, but they could still be more substantive.

Exam: basically like the quizzes, only covering all the lectures and closed-book.

TAs: decent overall. Fast grading. They could stand to be more responsive on Piazza (fellow students were far more active in answering each other's questions). There were also times where one TA's response would contradict another's on Piazza. Sometimes the TAs had to be pinged repeatedly to answer specific questions.

I learned a lot from the projects. They were challenging. The project write ups definitely need work. Lectures and quizzes were pretty bad. I don't think I learned anything from them. Professor Lee was missing throughout the whole semester except one office hours held towards the end. The TA's were good and very smart.

80% of your grade is from projects. 10% from quizzes. 10% the final exam. 5% extra credit project. Overall, I think this is a great formula. I wasn't stressed out at the end of the semester because I didn't need the final to get an A in the class.

I took this course in the summer and got 101.12% with 5% extra credit added. I took CS6035 before this class, which is very helpful for me to succeed in this class.

I feel this course is not that bad as many comments state below. It seems most people complain the project descriptions are unclear which makes the projects hard to complete. However, personally, I feel all projects are good enough to provide directions and hints for you to proceed. This course relates to network security, so each project is like solving a puzzle or exploiting the code vulnerability as a “hacker”. We should not expect the project description provides all detailed information about what to do.

In addition, the TAs started to hold office hours in BlueJeans (video conference) for each project this semester. They are very helpful too. Many thanks to TAs. They did a great job.

Pros: -interesting projects -most of the grade is based on the projects Cons: -quizzes are unintelligible, random, and artificially difficult. Not worth the time or the stress. -final is just as bad question-wise BUT the exam is cumulative and access to notes is not allowed. -Lecture content and assigned project in a given few weeks are completely irrelevant. Impossible to connect the dots between the two. -Project writeups are poorly written - contain outdated instructions from past semesters. Also, they don't get to the point. A lot of noise on what turns out to be a straight-forward concept adds unnecessary confusion. Projects: -Project 1 takes care of itself -Project 2 is insanely difficult. Clickjacking isn't easy for the average joe. -Project 3 is annoying as hell if you have a slow computer or have firewall restrictions. Very time consuming but the experience with so many tools makes it worth the trouble. -Project 4 is interesting. Need to be accustomed to snort rules, pcaps, python, etc. -Project 5 involves understanding pcap, ML, and Python. Not hard but not trivial.

Overall: Do not take this class unless you're absolutely passionate about network security and have all the time in the world to decipher incoherent instructions and stupid quiz/exam questions.

Wouldn't recommend without a strong CS background. Experience in the network security field only helps with foundational understanding of the topics. Beyond that, the projects felt jarring and unequal in pace/difficulty beyond what a normal progression throughout a semester should be.

While the course title is Network Security, you will be doing very little actual network security. The lectures are OK, the research papers you read are usually something the professor did, and the projects are OK (although some, like Project 2, involved coding stuff an attacker wouldn't do). The one piece of advice to excel in this course: Start the projects early, at least read the write up and make sure the VM is set up correctly the day it's released. The project write ups had old items from prior semesters, bad grammar, and students had to go to Piazza for clarity. Someone mentioned reading Piazza after a project has been released after a few days, definitely do this and use the Slack channel.

TL;DR: If you take this class do not underestimate Project 2.

I took this class in Fall of 2018 and dropped it - mainly over Project 2. At the time I thought it was the worst example of instruction in the history of the world. Since I had to take it in OCY and managed to get past Project 2 this time - I've upgraded my assessment to "Disliked".

Course Structure: Very heavily project based. There are quizzes, but they are open book and not worth a lot. Lectures were probably created around 2016 and are beginning to show their age - as with other classes they do not always align with project work.

Wenke Lee is 100% absent and after taking two of his courses I'm still not convinced that he exists.

Project 2 was slightly rewritten this semester. The first part was changed from filter writing to filter bypass - so you either figured out what they were looking for early on or some students spent 10-30 hours working on this section alone. This led to the web server crashing and an extension being posted. This is the weed-out project - I will say it's incredibly satisifying once you get it but also incredibly frustrating.

Time breakdown:

Project 1: About 5 hours Project 2: 35+ hours easily Project 3: 10 hours Project 4: 10 hours Project 5: 10 hours

Other than Project 2 - it really isn't a bad class. Project 3 is actually pretty fun, Project 4 is not very challenging with Python and Project 5 provided just the right amount of hand holding.

Overall - know what you're getting into it. The TAs were very reasonable and if you can make it through Project 2 you can do well in the class.

FYI: first course in program, "non-traditional" background, still got an A, so I don't have too much salt in my mouth about this course.

Quizzes: Open book, leaned on that aspect a lot to get by on quizzes. Based off the slack chat, my incoming knowledge was bottom tier coming into the class as compared to my classmates, but I scored well on this section.

Projects: 5 of them total. All were interesting and varying in length. This is by far the bulk of my time in this class was spent on. My strategy was to really focus the week that it was due, which didn't kill me here. I agree that sometimes I felt the write ups could have been communicated clearer and had better overall organization, but I can't decide if that's just the nature of graduate level courses. I think I only used javascript and python during these projects, btw. Had to write snort rules in some funky language and i used some obscure language for android malware analysis.

Final: 25 MC and T/F, closed book exam over the entire course. Either you know it or you don't. The TAs did a good job laying out topics to study for.

Extra Credit: Just give feedback to the TAs of ways to improve each project, and they will significantly help your grade.

Overall, a few headaches in delivery of content, but I enjoyed learning the material, especially in a project based course; and was pleased with my result.

I'm glad that I took this course without listening to those bad reviews.

TL;DR: if you are interested in learning and solving the security problems of network, and you have at least some web or network knowledge, you will definitely learn or re-learn a lot through this course.

It's really hard to tell the background of the people who wrote the reviews. In my class, there were people who couldn't even run their VM correctly when reaching the project deadline.

I think this course is not for everyone:

• if you don't have a general idea of what is happening when you type a url and get a web page rendered in your browser.
• if you don't know what javascript is, or you are not OK to write javascript for XSS attack.
• if you don't like to read/exploit code in a programming language you don't know (C or Java).
• if you can't write some python code.
• if you don't like to play in a hacker's mindset, or take experiment-based projects, where a black box type of system is given, and you have to spend hours of trial and error to understand how it works or how to break it.

Again this is a graduate level course about network security. It's better if you know how network works before taking this course, or you should expect to spend more time figuring this out (It is still manageable IMO), or you will end up hating this course a lot.

CS6035 (IIS) might be a better course if you still want to learn some security basis. And CS6250(Computer Networks) is also a good choice to understand how network works.

Overall, I have mixed feelings about this course.

The content and material that you learn is really interesting. The way it's delivered and the pedagogy used is terrible. I give this course a 8/10 on content and a 2/10 on delivery.

This was my first class at OMSCS and I kept finding myself saying: "There must be some mistake - why is the best online CS program in the world offering an experience like this?"

Here's the breakdown:

The lectures: You spend maybe 1/3 of your time viewing lectures. The lectures provide interesting content that's well structured and reasonably delivered. In terms of transmitting knowledge to your brain, these do a pretty good job. My only qualm is about the ungraded quizzes that are sprinkled throughout - these usually quiz you on stuff that wasn't in the lectures. Pretty weird and annoying to test for knowledge you haven't given if you ask me.

The projects: You spend a little less than 2/3 of your time on projects. The subject matter covered by the projects is really interesting. The way that subject matter is delivered is garbage. The projects related to the material in the lectures only in a theoretical sense - you're on your own to learn the specific implementation details - which is tough because the details are 90% of the projects.

Every write up had typos, grammatical errors, and just plain wasn't organized well. Each writeup was also organized differently from the last. I imagine they were all created by separate non-native english speaking graduate students during a semester project. It's fine if English isn't your first language, just get somebody who does speak English natively to proofread you writing!

The projects turned on very small details that were often ambiguously defined in the writeups. I'd say 50-80% of your project time was spent wrestling with the writeups and implementation details (setting up VMs, network tools, etc). Overall, the projects were challenging not because of the material, but because of the way the material was communicated.

The quizzes: The quizzes are short, simple, and trivia based. By trivia, I mean the questions tested specific, rote knowledge rather than meaningful, synthesized knowledge. I personally don't think rote knowledge is very knowledgeable vis-a-vis synthesized knowledge, but that's just me.

The final: The final was much like the quizzes, but covered the all the lectures instead of just one or two. It was even more trivia based and therefore I felt that it didn't test anything meaningful. I basically just reviewed my notes for 20 mins beforehand and got a 70. In order to get a 90 I believe you'd have to put in significantly more time (on the order of 2-6 hours).

FWIW the review given by this student rings very true: https://omscentral.com/review/-LU0sTEzxXfefxpGesJF

This class was my ninth class in OMSCS. I paired it with Graduate Algorithms. I found the beginning of this course to have a lot of overlap with Intro to Info Sec. After the first month or so it the content did branch away from Info Sec. This class is structured very similarly to Info Sec. Mainly project based. Final exam. Quizzes. I found the projects to be pretty easy (usually finished them in a day) but very insightful. I enjoyed learning from the projects. The lectures were harder to learn from. Just like Info Sec the professor tries to teach too much in every video - makes it hard to focus. Plus, I never found a connection between the videos and the projects. The quizzes and videos quickly begin to feel like busy work. I think this class would be better if it had one more project and dropped either the final exam or the quizzes. During the semester I took the class we had a month for the last project. So this would be a good class to pair with another class that has a lot of work towards the end of the semester. I also wish the TAs would have graded things with a little more care. I had to submit regrade requests for every project. Also, the project's instructions were really hard to follow sometimes.

Overall, a good class if you are new to security. Probably easier if you take Info Sec first.

95% of my time was spent on the projects throughout the semester - the final was 10% of the final grade, and if you get the 5% extra credit by providing some suggestions for the projects, then you can kind of view the final as 5% - and yeah I didn't study 1 sec for the final, bombed it and still did okay.

Projects are in general alright - the writeup (instructions) are just awful though - very ambiguous at times, but they require you to be very specific - taking points off if you had a different understanding of the (ambiguous) instructions - Piazza was full of posts asking for clarifications, since people were afraid some stupid misunderstanding would result in lower grades. Also, it is quite obvious the writeup has not been properly proofread - there were several mistakes, straight-up mistakes, not ambiguity, so for later projects I learned to start a bit later, and let the early starters figure out all the mistakes and ambiguities in there...

Great summer course. The projects are challenging but lots of fun. The lectures are very dry and mostly present definitions and lists. Exams were fairly easy if you're familiar with infosec

I have mixed feelings about this course. It's in a subject area that I already enjoyed, so I certainly enjoyed the new things I learned. And I also had the advantage that I was quite familiar from prior experience with many of the techniques we used on the projects, though we went deeper into them. But man, if I didn't already have that background, I can easily see this course being extremely difficult. Every project uses a different base of technology, so you have to learn a ton on the fly, which was often a bit overwhelming.

Projects ranged from extremely simple to grossly challenging. Be prepared to learn the full intricacies of javascript on your own without any attempt at education in project 2

The "instruction" looks like an undergrad left the assignment until the night before it was due and built a quick powerpoint just to check a box.

Frankly it is embarrassing the GaTech allows the class to persist like this. The projects could so easily be modified into a reasonable, challenging, and creative experience if the lectures and examples provided any real clarity for those of us who haven't experienced it before.

Great course

Pros: The five projects were interesting and well-managed. The TAs were helpful and active on Piazza. Extra credit was offered if you provided good, actionable feedback to improve the projects.

Cons: The quiz and exam questions were ambiguous about 10% of the time. Canvas access to the course was revoked prior to the end of the semester with no notice to students and no way to ever get back into it. There was no opportunity to review missed questions on the final exam.

Grading: Grades were 80% from 5 projects, 10% from 10 quizzes, and 10% from 1 final exam. Projects were:

1. Shellshock (10%)
2. Advanced web security (15%)
3. Malware analysis (20%)
4. Network traffic differentiation (15%)
5. ML for security (20%)

Reading: It was nice having no textbook, but reading the papers was tiresome. I did fine by just reading the abstract, introduction, section headings, and conclusion of almost every paper.

I didn't enjoy this course as much as I'd hoped I would. As a summer class it kept me busy, and I spent more time on the class than I'd planned to, especially on some of the more open-ended projects like P2 and P4 where it was difficult to know when you were done.

Summer 2019 I read the reviews before taking this course and anticipated the worst, but it wasn't bad at all.

• Pros: Projects are really interesting. We had 5 projects, some are harder than others, but all doable, projects also are 80% of the grade.
• Cons: Only project related questions are answered by TAs. When I had questions about the slides and videos, there would be no replies. There are a lot of white papers to read. We had 10 quizzes, with multiple choice questions that are deliberately misleading and the final fashioned in the same way.

My strategy for this course was to do very well on the projects and not care too much about quizzes and the final. This strategy landed me an easy B (only 2 points away from A)

The topics discussed in this class were very interesting. I actually enjoyed doing the projects. The projects accounted for most of the grade with the quizes weighing very little. The quizes were hard but were made much easier halfway through the course. One thing about doing the really hard projects is that you will often find yourself guessing on what to do and hoping what you are doing is correct. Countless times I asked the TAs for many questions and they always responded with "yes" or "no" which never answered my question.

Overall, the class topics were very difficult and lacked direction, but it was very interactive, interesting and fun. The TAs were trash.

I would not recommend to take this class unless it is necessary. One of the most frustrating classes in the degree. Second project is extremely difficult unless you have a good HTML background. The Task did finally adjust the quizzes to go with the lectures about half way through the course. The final was extremely hard, highest grade was a low B and the average was below 60%. Several people dropped a letter grade due to it.

I didn't really enjoy the class but wanted to get into GT with a course that was defined as easy. I believe it was a good choice for a first class, however, the topic was pretty shallow, the assignments required to have many different knowledge like database, and web programming and it was swaying the security topic into a race to understand PHP, MySql, and other technologies.

The book recommended is a total waste of money and does not bring anything. It is a class that requires a lot of team communication so the success of your assignments depend a lot with whom you will be matched.

I ended up with a A, and spend between 10 to 15 hours per week. However, I already had good experience with MySQL, PHP, etc. hence I could see people spending 30 hours without a doubt if they do not have prior experience with the technologies.

By far the worse class I have taken during my post high school academic career across 4 different colleges/universities. The course REQUIRES you to have reverse engineering experience and looking at assembly code, have an in depth understanding of server and client side programming in javascript and using ajax calls, AND have experience in analyzing .pcap files. If you have not had any experience in any of these, you will have an extremely hard time in this class. The instructor is completely absent during the semester and the TAs will try to help but there were multiple times when a TA's answer was literally "This is a graduate level class and if you don't put in the time, we can't help you." when students had spent 30+ hours on a single project...

The lectures are not even worth watching because they are 20-25 min that at a 30,000 ft view explain a concept that help you in no way in doing the projects.

I would put the class structure in the following fashion: lectures (20-25 min videos): This is a car. readings(often 3-4 research papers): a car has an engine and a transmission. Projects: There is a malfunction in the V8 engine of this car. find it and fix it using the manual on google.

This class could have been so so much better. It has great content on paper but the videos are bad. One needs to search for other material for almost every topic. Of course, I did not expect to be spoonfed, but there has to be some coherence and structure in the content. I took this class along with Intro to Information Security, another class of Prof Lee. He generally never showed up, except while replying to one or two piazza posts in rare scenarios. TAs ran the class. And it showed in the errors and ambiguities across the projects and Quizz materials. Silly easy to score quizzes were held biweekly, which we open book and 10% of total grade. There was no midterm, only final which was MCQ based and constituted 10% of the total.

Total 5 projects, except project #2, other projects were interesting and offered something to learn. Project #1 was in C and Project # 5 in Python. Project #2 expected one to know Javascript, HTML and if you do not know much of these and do not start early, you will definitely be frame busted. I got 100 in 4 projects, but I did not do well in project #2 and so I ended up with a B.

There is no curved grading and if one does fine on projects, especially project #2, getting A grade is not difficult.

This course is one of the medium difficulty courses with 5 projects. I will highly recommend doing Intro to information security before this subject as there are one or two lessons of that course which is used here.

Every aspect of this class failed to live up to the standards I expect from a GT grad program (online or not).

tldr; Don't take this class unless you have to.

This class is not hard. It is poorly designed and poorly administrated. I averaged 18 hours a week on it and got a B. That should be broken down to 6 hours of productive work and 12 hours of frustration/time wasted. On almost every lab, some requirement was elaborated on in a piazza thread by the instructor in a way that changed the approach to doing the lab.

I'll start with the positives to be fair. This is a very interesting topic. I enjoyed learning about it in spite of the way the course was being run. The scope of the material is ambitious and that is not a bad thing. The slack channel was very helpful and active because nothing brings people together like complaining about the same things.

On the other hand: Weekly quizzes and the final are checking if you can use ctrl+F effectively on slides/papers. Most questions are word for word from a lecture or paper except usually with a trick like one word had been changed. Many questions do not use logically sound English.

Labs requirements aren't well communicated. (One lab's write-up was an 106 page slide deck smh). If you happen to be very familiar with the topic ahead of time you will probably get by. If you are not familiar your best bet is another student walking you through it. The lecture material does not. The lab material was heplful maybe half the time. These topics include python, javascript, chrome extenstions, HTML, CSS, Disassembly code, android architecture, Regex, Machine Learning basics.

The lectures are barely worth mentioning because they do little more than provide a 2 minute version of the topics you'll have to do a whole lab on. They aren't really good or bad. You need to watch them for the final/quizzes which will test how well you can memorize random statements out of them.

I'll give the instructor and TAs the benefit of the doubt that they were doing their best to make a good class, but that was not the result. Poor requirements and incorrect grading created a negative feedback loop on piazza very quickly. Students got angry. The staff got defensive. Nobody had a good time. Learning suffered.

Worst class in the entire program. The professor is absent the entire course. The videos teach nothing, and the assignment instructions are useless. The course is essentially taught by google. By that I mean to learn anything or have any idea how to do the assignment you need to google everything. Then the kicker is the absent TA’s show up just enough to accuse students of plagiarism because they had to google ideas on how to do the assignments. What a joke of a class. Do not take.

This was the worst course I have ever taken across multiple universities and multiple different programs. I have an MS in this field, have worked in this field for years, and literally was not able to complete Project 2 at all. I earned 100% or close to it on all the other projects, but that project has the most absurd set of requirements I have ever seen.

Disregard everything the syllabus or anything else says about the course requirements or prerequisites. You need an expert level knowledge of Python, Javascript, HTML, CSS, Chrome extension development, executable disassembly in Linux and Windows, radare2, ida pro, ANGR, SNORT, Wireshark, and machine learning just to do the projects -- and you won't have time to get it if you don't. Each of the projects would be either a full semester or 1/2 semester course at any other school -- and the course makes absolutely no attempt to teach you any of the things you need to know in order to complete any of them. The teaching philosophy is "go read the papers the professor wrote". The lectures are a high level overview of small pieces of the information you need, but make no attempt to actually get into detail on anything -- they're completely useless. In fact, they remind me of CIS101 type lectures in terms of their depth. Additionally, the projects are so poorly defined that they have to be continually questioned and re-questioned to get some idea of what the TAs are actually looking for.

And the quizzes. Everyone's favorite. If you've ever taken a Comptia test, this is equivalent. Not in difficulty, in the requirement to memorize obscure (and often incorrect) bits of useless information hidden deep in the depths of 10+ year old research papers in order to find the least incorrect answer in the confusing mess of distractors. Each quiz violates every principle of multiple choice exam development, using the most confusing language possible to artificially inflate the difficulty. Every question is a trick question.

The professor and the TAs? Dismissive, don't care, basically tell the students to go jump in a lake any time questions they don't like are raised. That's the only time the absentee professor shows up, in fact, is to berate students whose questions he doesn't like.

Final exam? Well, they pretend it's not exactly a final by omitting two lectures from the lecture list for the final, so that they can make it required outside of the final exam timeframe required by the university. It's the kind of technicality a lawyer would love, I suppose. And they use proctortrack, and they require you to use a mirror to show the rest of the room around you, and threaten to give you a zero on the exam if they can't see your mirror scan well enough -- and you can't re-do the mirror scan, and you can't see the mirror scan in the 1"x1" display in proctortrack, so there's no way to know if you did it well enough. Multiple requests to show the room with the webcam or rotate the laptop around were ignored or answered with "use a mirror". The course is actually more focused on anti-cheating than it is on teaching the material -- which is a shame because the course subject is a very interesting subject, and if taught well this would be a premiere course in this program. ETA: Well, the final is finished and graded. Class-wide, we identified over 20 of the 35 questions as being incorrect, contradictory, or otherwise broken. They didn't publish the class average, but based on the industry professionals in the course, my guess is the average was less than 40%. We'll see what final grades are when they're posted.

This course is a dumpster fire. I would not recommend that anyone ever take it.

Note this is for Fall 2018.

If you want to learn about security, this is a fine place to be. You will be uncertain about your project results, and you may very well get something that you'll need to request a regrade for (and maybe not get it). You will hate the quizzes because they feel like someone wrote them trying to trap you into giving the wrong answer. However, you will see some pretty interesting stuff, and the final is only worth 10% of your grade. You'll (probably unless they change it) work with Linux, python, regex/javascript/css, malware analysis, wireshark and a ML project at the end. I definitely didn't enjoy every part of it, but there were some highlights. I got quick answers when I sent the TAs a note on piazza.

The extra credit was offered after an uproar about unfair grading. There may or may not be a curve. The hardest part of this class was having to know some widely different tools. I had a hard time with having to know javascript and css pretty well for project 2, when I've avoided them my whole career. Others had a hard time with having to know Linux well.

This was my first class in OMSCS. It was a good experience. Lets see if I can summarize my experience in Pros and Cons Pros:

1. Net work security as a subject was interesting. Learned quite a few new terms and concepts. Did not know that the malware creators are becoming so advanced

2. The assignments were good. detailed explained. difficulty level were OK. not too difficult and not too easy. languages used were python and javascipt regular knowledge of Linux and some script was good to have 3)Piazza was active and most TAs were responsive. they even corrected a few incorrectly graded quiz

3. Grading was fair except for Project 2 which was really bad, the median was below 50 Con: 1)The videos on udacity are bad, the quizzes even worse. they come out of nowhere. even before a subject is explained there are bunch of questions asked

4. The quizzes sometimes I feel were not worded properly and were ambiguous causes regrade. 3)As mentioned earlier, Project 2 was very javascript heavy and people like me with no background on front end were struggling . there were also several artificial conditions to be met to get things done which makes things difficult.

This course serves as an introduction to network security. The vast amount of the frustration comes from one project that needs to be upgraded. Specifically, the autograder requires an obsolete approach to be used that makes a solution require 20-30 hours for 25% of the project grade rather than 1-2 hours. No one simply wants to make the effort to upgrade that project and the course to the level of AI or CV. I shared in the frustration but I have experienced the same in SAT so I can't single out this course as being especially awful. The quizzes require careful reading but are pretty easy points. The difficulty of quizzes and tests are exactly like IIS.

I would only recommend this to students who are brand new to network security due to the broad range of topics covered. The depth and projects are nowhere near the cutting edge and won't be helpful to anyone with experience in this field. To those new students, I also recommend a minimum of 8 GB of RAM for the virtual machines that have to be run for the virus analysis. My old 6 GB computer had the absolute minimum required to complete the assignment.

TL;DR: I regret taking this course. There are far better courses available in OMSCS. Warning: The instructor was not engaged in the course. This course is taught by TAs and centered on projects run by TAs. Expect rude responses on piazza.

Read the reviews! I regret not paying heed to the [negative] course reviews. As a veteran of several OMSCS courses, this was the worst. Despite the problems, I learned a lot about Network Security [lectures and readings], and couple of projects were enjoyable and worth the effort.

Network Security has a reputation as being a less challenging course, but difficulty may be normalized. One way to increase difficulty would be to cover material in greater depth or expand covered material. The approach chosen by this course seemed to add work and make project descriptions indecipherable. Many OMSCS students have extensive IT experience, often in the practical tools used in this course. You need to learn Wireshark, Snort, web development, javascript, etc, to be successful.

The course lectures are an overview of the material; lecture notes are provided. Listen to the lectures and review the notes, as they introduce concepts. Most of the course content lies in the readings and the projects.

There were tons of readings between the papers (over 60), and books (penetration testing, bitcoin, etc). Many of these readings were excellent, and clearly conveyed extensive information about security, although a few papers were undecipherable. One can try to discern which readings are important, and which less relevant. Since many readings are not relevant to the projects, quizzes or final, a less motivated student could skip 80% of the papers, avoid much of the knowledge presented in the course, and still earn an A or B.

There were five projects (80% of course grade). The projects were disconnected. Each approached a different aspect of network security. Project descriptions varied in quality, and ranged from clear and understandable (great) to undecipherable (terrible). The general impression is that the projects were a tragic mess.

The hardest part of the course was the struggle to puzzle out what was needed to succeed on the projects. The TAs shared crucial information in office hours and on slack. Follow these channels as well as piazza, as a summary of slack/office hours are not provided on piazza.

One project was composed of two sub-projects. One part used regular expressions (literature consensus repudiates approach) and expected students to guess what patterns to detect. Another used javascript and iframe(s), and many students were unable to guess the trick. Many students did not guess how to perform parts, and the average was ~50%. Do not expect TAs to provide guidance, even after the project is completed.

Another project required students to detect malicious behavior in packet captures, learn snort, and construct rules to detect the patterns. The project seemed more about finding needles in haystacks (malicious packets in captures), than learning how to effectively use snort as an IDS. Half of the points were a summary report from detected packet patterns. The all-or-nothing grading was harsh. Expect to request regrades.

Another project writeup specified one-one or one-many to perform blending attacks, but TAs announced that only one approach would gain full marks. Alternative solutions and critical thinking were not rewarded. The TAs announced rubric changes mid-project (read all piazza posts). Students were graded by different criteria depending upon when project submitted.

Since TAs effectively taught the course, one relied upon TAs to provide a good experience. The tone of the TAs on piazza was generally rude and defiant (bordered on abusive), and the course was an unpleasant experience.

There were ten quizzes, open book & notes, extremely easy, but with specific open & close dates. Grading criteria changed mid-course from multiple attempts to single attempt. The quizzes were busy work and an exercise in time-management.

The final was cumulative, the questions were poorly phrased and tricky, and seemed more like trivia than exam. The result was the class average was an abysmal 67%. No discussion of final exam questions allowed, even though phrasing was poor.

Do not take this course. It is really hard because there is no guidance at all. The videos do not correspond to the projects. The quizzes are awful and everything is hard not because of the topic but because the Tas and the professor think you should learn on your own. This is going to be my first B or C. I took this class in Fall 2018, half of the students dropped.

This course was interesting you get to hack a website, an android app and understand how to find defective code. I recommend this course as it is hard but do able. I took this over the summer and I found it quite aggressive but manageable. The projects are not that simple and from what I understand they have been changed since I took it.

Do the lectures and quizzes work with friends if you can. Points are not that spread out and there is a little bit of a curve but do not count on it. Stay on schedule that is the recommendation I give you.

This review is for Fall 2018. That option was not yet available in the drop down. This course has undergone a significant rework as of Fall 2018, based on the students feedback.

1. Quizzes are predominantly from the required readings and research papers. Not from the lectures only as stated in the previous feedback
2. Projects are significantly tough. Add to the complexity, the wordings and some parts of the projects are frustratingly ambiguous
3. Grading projects takes a LOOONG time. Project 2 grades and feedback didn't come until project 4 is released, making it really hard for students to make a decision on whether to drop it or not.
4. If you get the code completely working, you will get good grades. If it is partially working, expect to get close to nothing.
5. Leaving out some of the instructions like uploading all the files everytime in canvas will result in 0 marks. In contrast, Other courses are okay with just uploading changed files and their autograder works fine.
6. 10 hours per week is a really underestimated efforts. You should have been in the slack channel for project 2 or project 3 to see how many hours students put in. Each of them were well over 40 hours each. This is coming from someone that is half way in the program with a perfect GPA and have done well in many of the courses.
7. Syllabus doesn't do justice to pre-requisites and preparation needed for the course.

Course is easy, but the absence of Professor and TAs make it somewhat headless.

In summer, there were 5 projects & 1 final exam.

The 5 projects descriptions were pretty poorly written, needing a lot to be clarified with TAs - who weren't always readily available.

The final exam was 1 hour everything closed proctortrack exam. There are total 33 questions, worth a total of 100. They are all from the lectures.

This course has a lot of potential, but was one of the least enjoyable for me. The projects are interesting except for project 2 which is a complete nightmare in that the test cases used for grading don’t match the percentage point distribution in the write-up, and there are multiple unrelated components that take a lot of background learning to understand. The final has a large amount of true false questions where you need to pick the answer specified in the lectures even if you can find more accurate and up to date information from other sources in the CS/network security field.

Overall, a course that can teach you a lot if you're willing to learn. It's quite possible to get an A or a B without taking much knowledge out so make sure you put in some extra work to actually grasp the concepts.

Pros

• interesting real world relatable projects with lots of learning potential

Cons

• lectures were not always great and only partly helpful in actual learning
• some of the quizzes and final had random knowledge questions that have pretty little value in actually knowing but fortunately most of the grade is made up of projects
• TA's had a tendency to change project requirements or give extra info towards the end of the projects which caused early birds to be punished. That was quite frustrating

Aside from project 2, projects were manageable and fairly interesting. Exam at the end was hard just due to sheer amount of information contained. Very little interaction from prof and some TA interaction but not a lot. It was still kind of fun though and didn't take up too much time. Not the most worthwhile class but not bad either.

Really. Never, take the course, no extra credit, no curve. And really slow in grading and answering question on piazza. You will regret.

This class is sort of terrible in a lot of ways, but fun as well. I took this summer 2018.

Pros:

• projects are pretty interesting and you learn a lot doing them
• Quizzes are stupidly easy, but they play tricks with wording.
• easy A if you have the time to figure out wtf they want from you

Cons:

• the projects, while interesting, are terrible with defining requirements. Literally awful at it. You will spend so much time figuring out what the projects actually are asking you to do. It is insane how much time was wasted figuring out the project requirements.
• the quizzes I was talking about before are stupidly easy, but they are barely like the exam. There's no practice exam, and the quizzes don't help to study for the final.
• The quizzes are written through a language barrier, which would be fine, but the problem is the questions also sometimes have careful tricks in their wording. This is going to sound confusing, but there will be a lot of times where you'll be wondering about what the question is really intending to convey so that you can answer it correctly. You'll know the concept it's asking about 90% of the time, but you'll get shot in the foot by wording if you're not careful. It's done to a degree that isn't constructive because each quiz might only have like 4-10 questions.
• I frame busted my life dude. project 2 is terrible. seriously.
• There were no office hours. I heard nothing about video conferences either. Totally absent on slack and piazza.
• The TA's are very hard to reach. I only posted twice to them because I knew I wouldn't get an answer, and indeed I didn't. whack. Props to one TA William Lucas though for being quite helpful. And also props to the students who hashed out the requirements on Piazza with the TA's kicking and screaming.
• I also took IIS before this with the same professor. Honestly I have yet to see any actual proof that Professor Lee actually exists. I'm pretty sure he's just a concept used to refer to a loose collective of overworked graduate students that are laundering money through the university for a professor's salary and trying to funnel it into their crappy startup idea preventing ridiculous FERPA violations from happening in American universities.

Pros:

1. broad coverage of network security topics
2. hands on experimental projects

Cons:

1. class videos are shallow
2. overloaded assigned reading which may not be related to course videos or projects
3. requirements of some projects are not clear
4. no guidelines for final exam

I strongly don’t recommend taking this course. For those who want an easy A, it will cost many hours struggling with understanding the project requirements. For those who already have relevant experience and background, it will not extend in-depth knowledge.

I took the course in hope of extending my knowledge in network security due to the strong interest in this topic. Professor Li probably is an excellent researcher and expert in this field, but the course is not well organized and taught. The lecture videos don’t talk about the tools and techniques necessary for completing the projects. This is specifically true for project 2 and I believe many students dropped after finishing project 2.

Pros:

1. A wide range of topics are covered in the lecture videos .
2. Classmates are helpful in both Piazza and Slack.

Cons:

1. The prerequisite for programming background is misleading. It says that prior programming experience with C or Java is recommended. This is not true. The projects use Python, JavaScript and HTML.
2. Videos are completely irrelevant to the projects. It covers a wide range of topics but it’s way too generic and are not helpful for the implementation of the projects. I feel like it’s a waste of time.
3. Recommended readings are over-assigned. 1 out of the 12 lessons is assigned every week. Here are the numbers, the recommended readings are a 358 pages book for lesson 3, 11 papers/webpages for lesson 5, and 6 papers (15 pages on average) for lesson 6. I would say it is more than a full-time PhD candidate’s reading. Most importantly, those reading materials are not relevant to the projects, you must spend extra hours on the projects.
4. The write-ups of the five projects are all full of confusions and errors. During the first several days of the release of each project, students would raise bunch of questions on Piazza and Slack to clarify the requirement and instructions. The TAs also had to change the policy in the middle of the projects several times, which was horribly frustrating, especially for those who started the projects earlier.
5. Prof. Li is entirely absent from the class for the whole semester. Some of the TAs never reply emails.

I really wanted to like this class because I was very interested in network vulnerabilities and zero-day attacks. I watched all the lectures, did all the assignments, and tried my hardest to gain some value from the course, but it was pretty futile. The professor is completely disengaged and unfortunately, the main TA this year was pretty rude and unforgiving to a lot of people who asked questions on Piazza. I would rate this course a Very Hard in terms of understanding what is actually expected of you, but Easy in terms of actual content.

Honestly, the assignments were not challenging as long as you read every single Piazza post, even if there were dozens. Because I did not do that and just did the assignments as outlined on the assignment description (generally taking around 10 hours for each assignment), without fail, I would receive anywhere from 50-70% on every assignment, and then be forced to request a regrade and claw back points. Every regrade gave me 20+ points, so they are definitely worth it, but it is an absolutely ridiculous process if you think about the effort TAs have to put in to basically grade everything twice because they were not explicit in the assignment instructions the first time or their autograder was just wrong.

You would think since this class is so poorly managed, that you would be allowed to ask clarifying questions on Piazza, but after one TA repeatedly responded in a downright rude manner to anyone's innocent questions, I decided to forgo that strategy and just rely on the obnoxious regrading requests to get an accurate grade.

Also don't expect the final to be any less vague or subjective than the quizzes you do all semester. It had many typos, many ambiguous or contentious answers, and was hands-down the worst final I have taken at OMSCS (disclaimer: I have only taken 3 other finals). If you really want to learn network security, just buy the Hacker's Playbook and skip this course.

Fairly good course as far as work load and interesting projects go. The information presented in class doesn't really apply to the projects but they're do-able using google and occasionally TAs for some guidance. The TA was pretty harsh this semester but there were also a lot of ups and downs with students so I sort of get it. Instructor was non-existent. Exam was hard at the end just because it was over ALL class information and was very short the questions felt random and it was easy to feel unprepared. However, I still feel like I took something from the class (especially the projects) and finally at least 50% understand bitcoin. PS - Project 2 sucks, just ride it out, the rest are fine.

The content of the course seemed interesting, and I believe that Dr. Lee probably would be an excellent and knowledgeable resource, if available.

The TAs had poor organization, and frequently provided updates to the project instructions as errors or inconsistencies were found.

The suggested background knowledge (Java / C) was inapplicable, and instead the course required Python and pretty in-depth web programming ( JavaScript / Asynchronous Interactions w/ HTML ) knowledge.

The course policies changed mid-course (e.g., Quizes were 'take as many times as you like' to 'single pass' part way through). The authors of the final exam used vague words (many, often, relative comparitors) for multiple choice and true / false questions which seemed VERY nuanced and specific (e.g., referencing 1 of 20 attacks studied in the course to remember a single facet of that attack) without access to any notes, etc.

Direct questions to the TA (non-complaining) were not answered, projects and grades were generally released late.

Easy if you know basic python. Lectures shallow and don't really cover the material in detail. Projects changed from time of release until deadline.

Still I enjoyed the course since I've got a lot of interest in network security and had very little knowledge of the subject when I started the course.

I liked the class a lot, the projects were really cool, although needing some fine tuning--both in the wording and descriptions, and the resources to figure out. I found myself getting stuck for hours on stupid stuff, instead of spending my time struggling with the real content. The auto grader was rather scary because you literally had no idea if what you submitted would work or not. If this is going to be used, there has to be a system where we can verify our submission. The weekly quizzes were too easy compared to content and had little to do with projects. But, if you learn by doing in projects, this is a good course.

I took this course along with Intro to Operating systems and ML and eventually dropped ML after mid-term. My comments are mixed. First of all this is a graduate course, some topics on computer science are vague and does not have formal algorithms or proofs to learn from, this is one such course. You will apply your computer science skills on this course, so like others mentioned here lecture videos are shallow, skimmed through and covered lot of topics. If you are research oriented, curious to dig through then this course is for you. Its overwhelming to do 10 quizzes, 1 final and 5 projects. If you are new to security you will spend lot of time like me but in the end you will feel that you learned something from projects. Initially i had to juggle 3 courses, so i ended up blowing up on 1 assignment which had a big impact on my grades. TAs were very comfortable on regrade requests and did their best. It appears that materials have changed from past semesters, so if you are new to computer security and expect to learn from course videos and apply it to projects, you are not going to like this course. Its true that professor did not show up but i doubt that it would have made any difference due to the nature of the course. If you have hacking mindset and willing to dig through and learn on your own then you will enjoy this course. Don't assume this course is going to be easy, be prepared to put in solid effort if you care for good grade. In terms of programming language, this course needs some understanding on C, javascript, html, python and firewall rules

Overall, good content, badly run course. Required regrades on 3/5 projects due to autograder being subpar. Professor does not exist. TAs were alright but had to change projects halfway through due to their own mistakes.

Overall needs to be run cleaner and not so harsh. People are here to learn, if you want to make a class tougher, make it so that you are just as passionate as we need to be. Can't check out and then be rude all day.

Some of the students in this class asked terrible questions, it seems to attract students who don't belong in the program.

This was my second course in the program and I took it as a continuation of Computer Networks (which I really liked). I thought that transitioning from CN (which touches on network security) would be beneficial and relatively smooth. My conclusion: This class needs a lot of improvement to be on par with the rest of the quality classes found in the program.

Structure

The class is heavily based on projects (5). Additionally there are weekly quizzes (10), and a final exam.

PROS

• Topics are interesting and relevant to today's "cloud" environments.
• Projects are engaging and provide opportunities to practice hands-on learning.
• Piazza was very active and students were very engaged in discussing the presented topics.
• Helps you appreciate the importance of network security.

CONS

• Professor is completely absent from the class.
• Video lectures were often too shallow to really describe the topics.
• Project descriptions and write-ups are confusing and often contain grammatical and spelling mistakes.
• Only one TA is very actively engaged in the discussions, while the rest are often MIA.
• Grading mistakes were made that required regrade requests.

The saving grace for the class is that the majority of students are smart and experienced technology professionals who are able to provide thoughtful discussions throughout the course. However, as it stands I can't recommend this class. The content of the course is very interesting and worth learning but the delivery leaves a lot to be desired.

This is the worst class that I have taken with OMSCS so far. The lectures are shallow and not explained well. Its clear the professor was just going though the motions to get the material out. The professor was completely absent from the class, not one appearance. The administration of the materials was (poorly) handled by TAs. I gave a medium difficulty rating, but not because the material is hard. The difficulty is navigating the twisted, convoluted and sometimes contradictory information given. I would not recommend this class. GATech needs to redo the class with a prof that cares about the students.

CS-6262 is my first course at GaTech (online), and the course was disheartening. I was very motivated and wanted to excel. I watched every single weekly video and read all suggested materials. I took many notes and was very serious. However, this course is a complete pleasantry. Let me explain.

1. The weekly videos are someone reading the slide without giving any content. The slides are extracted from whitepapers and mostly just the first paragraph of each subject. The videos do not explain; they give outlines of many topics.

2. Each week has too many covered subjects. It's tough to understand everything with the lack of material. Whitepapers are not clear, long to read and a lot of additional web research is required. Videos took me about 1h on average to consume and white papers about 10h. The remaining time was invested in projects.

3. Projects are not related to the lectures. In fact, the projects cover one topic of about 30 discussed in the three weeks the project cover.

4. TAs only answer project answers. Several questions about whitepapers were never answered.

5. Projects are not well constructed. Lots of information are given during the timeframe of the assignment making people working late on the project with a considerable advantage. Some projects requirements were written over +70 PowerPoint slides.

6. Quiz answers are all available on Internet.

7. Final tests are made to trick you. Many questions were related to a subject seen, but the question was touching an area not covered by the lecture. You had to know about the subject deeply to answer. The final exam had many errors (English and structural).

8. Projects worth the most in this course. 5 of them took between 20 to 45 hours to complete. Spread over 2-3 weeks per project it becomes a burden with the whitepapers and videos. The two combined explain why I have an average of about 22 hours per week.

9. Prof Lee is entirely absent from this course. The TAs are doing their best, but they are swamped by assignments questions which prove the lack of cleanliness as well as the disconnect between the material and the projects.

10. They mention buying a book (200 pages). After reading half of it, I realized that it was a waste of time and money. There was a single page that was barely usable for a single project. A student asked about the book and no TA, neither the professor answered about how important was the book was for the class.

It was my first course, and if GaTech is running this way, I'll stop. The quality is deficient of this course, and it is evident that there was no real intention to teach anything else than cramping a lot of subjects in little time to make it hard. I do not see the point. I put the difficulty to hard only because of the lack of cohesion between the assignments, the lectures and the project. The content is not hard per say, but it is built to make you fail.

This is my 2nd class from OMSCS. I agree with a lot of the reviews here. This course is not difficult if you have some programming experience but just very time consuming. The projects are disconnected from the lectures where the lectures cover extremely broad concept whereas the projects are nitpicking on very specific knowledge. You have to self-learn a lot of things to be able to do the projects. Also, the projects are all over the place, not building on top of previous projects' knowledge or experience. I wouldn't recommend this course unless you are REALLY interested in network security.

If you have to major in Networking, then you can stop reading this review. If you don't, this is a very badly run course. Here are the reasons why you shouldn't take this course.

1. The lectures are extremely dry. It's like Prof. Lee has taken a text book and simply read the contents on there.
2. The lectures are simply a mish mash of materials. Just a bunch of concepts thrown in.
3. The TAs are not very active. The ones that are provide confusing and sometimes contradictory answers.
4. The project writeups are mostly poorly written, requiring lots of clarifications from TAs. Almost all projects (except the first) had lots of clarifications, some coming as late as a couple of days before submission. So if you are the early bird types, forget about submitting early.
5. There is no autograder you have access to - no way for you to know if you've made a silly mistake in your project. Given that it's binary grading (you either get all points for a section or lose it all), you simply are out of luck if you made a silly mistake. Especially if you made that mistake early on, you basically get a 0.

My advice is to stay away from this course. I feel like I wasted an entire term and learned very little.

I think the course covers a lot of great materials and some of the projects were insightful but I was disappointed to find that the Projects at times provided no instructions, at times were graded in an arbitrary fashion by TAs and required an awful lot of time (one of the programming projects required nearly 30-40 hours a week if you have beginner or intermediate programming experience). I have to really highlight that NO instructions were provided. For example in one of the projects we were required to utilize a well known security tool and you were graded on your implementation of that tool, but no instructions or examples were given and that left some students wondering why they didn't just invest the money in taking a class to learn that toolset from another provider.

In my case I had to drop because of the time commitments (I work 40+ hours and run a business on the side) and because after getting As on other projects and assignments I received a terrible score on one project and could not recover. Unfortunately, although I had put in 60 hours of work in and I could demonstrate the logic in my code was correct and met stated requirements, the TAs provided no credit on account of how they expected it to function (requirements that were unstated and undocumented). Truthfully I received so little feedback and so few instructions that I withdrew in part because I realized I would learn more with my time and money spent elsewhere (ex: CCNA).

Almost considered dropping the program altogether (I felt the University misrepresented the coursework as something you could maintain with a full time job) but I decided to try another class and see how it goes. I am also considering leaving work for a couple of months and may attempt the class again during that time.

This was my 4th class in the OMSCS program, and I took it as a standalone class this semester. This course is a followup to Info Sec with the same instructor and same style. There were 5 projects, a midterm, and a final. The lectures felt very fast-paced and covered a broad subject at a shallow level, so it was hard to actually learn much from them. I agree with another student that the projects were somewhat disconnected from the lectures. Some of the projects even felt like they really belonged in Info Sec - as if the professor didn't accomplish everything he wanted to in that class, so he's using Network Security as a place to put the overflow. The professor's involvement in the class was minimal - I was active a few times in Slack, and often on Piazza, but I never saw any activity from Prof. Lee in either place, which is disappointing. The class was instead run (somewhat haphazardly) by TAs. The quizzes were poorly or ambiguously worded, sometimes such that there was more than one technically correct answer. Project writeups were often filled with errors or inconsistencies, which had to be resolved on Piazza, and unfortunately made the projects a bit harder to tackle since it was hard to distinguish parts you didn't understand from parts that were just wrong. Project skeleton code had typos that made one wonder if the TAs had actually tried to run the code before publishing it. The autograders were also poorly written, and many students (myself included) had to request regrades for one or more projects due to autograder issues. Overall, could be a good class with interesting material, but feels poorly executed.

I took this course without a security background and did fine. The lectuer quizzes had nothing to do with the taught content presented and required some googling to complete. During my semester, the course was under development and we often had to wait for lectures to be released. Additionally the TAs were disorganized. I found the course assignments interesting.

This is one of the first courses I have taken in OMS. I'm not sure whether I would recommend it as a first course for other students or not (if you have some sec. background it might not be too bad). Most of the project writeups have been quite confusing, and in many cases (for 3 out of 4 projects so far) the TAs have had to make major updates to the projects and/or requirements the while the students were working on them. We have also had some serious issues with autograders this semester that have caused a lot of headaches for students and staff. Fortunately, when issues arise the TAs have been pretty flexible and understanding for the most part. Some TAs have been much more responsive and helpful than others (shout-out to William Lucas for always being helpful on Slack and Piazza!), but overall I get the impression that there isn't a lot of communication amongst all the TAs. The content and the projects are a lot of fun and super interesting though and I have definitely learned a lot!

To preface, I work in netsec. This course is a poor netsec course that feels like an afterthought to the professor/course designer. This may be one of the better "easy" electives to take in the OMSCS program, but it's definitely not one of the best courses in the program.

The lectures are shallow, fast paced, incomplete, and often a waste of time. The full lessons are usually 15-25 minutes long. The professor will introduce a complex topic and spend 1-4 minutes going through it. The pentesting lecture was pathetic, honestly. It's nothing more than some slides name dropping tools with no input on how to use them, and the reading for the section is an entire book on pentesting. And all the lessons are this way. Network monitoring, malware analysis, etc. are all briefly plowed through with no detail or exploration. The lecture quizzes often contain questions that weren't covered in the lectures or the reading, which highlights how thin the actual learning material is.

The projects are annoying. Often times there's a VM you have to download and setup, but they are riddled with errors. Tons of Piazza posts troubleshooting the VMs that launch without the correct updates and are fragile. The projects themselves often require spending a ton of time learning about very specific things to "hack together" the end result the instructors are looking for. The projects and lectures don't work together in any way; the projects require lots of learning of topics that are never taught by the instructors. Several of the projects were also very specific and not really accurate to real world situations.

This class is a shotgun scattershot of topics with poor instruction. The professor isn't engaged at all. The projects aren't hard, just frustrating and annoyingly time consuming for trivial things. If you'd really like to understand netsec, take 6035 and read Hackers' Playbook, Web App Hackers' Handbook, and Hacking: Art of Exploitation. Don't pay tuition for this course.

Let me start with the good. I will admit that I learned a good bit in this course about a wide variety of different topics.

Unfortunately, I had to teach most of this to myself. This, in my mind, made the course very stressful because the skills needed to complete the projects were not taught in the course. There was a lot of "here's the manual, here's a paper, learn this new technology, complete the project. " Some of the project write-ups were downright terrible and did not include nearly enough information for someone inexperienced with that particular system to complete it on their own, certainly not within the given time frame. Thank goodness for Piazza. Wouldn't have been able to finish the class without it.

Another thing which really bugged me: each project had a separate VM, and NONE of them were ready to go out of the box. Each required re-configuring, setup, or installations which were time consuming and error prone. On more than one project I spent more time setting up the environment than I did completing actual work.

Final thoughts: don't take this in the summer, and brush up on Linux, Virtual Box, port scanning, Snort, and JavaScript first. Go in with the expectation that this is a self-taught course, and expect to spend a LOT of time on Piazza. Start projects as soon as they become available and set aside plenty of time to work on them each day.

I would strongly agree with one of the other comments here "Projects didn't tie in much with the lectures and lacked a lot of clarity, but were enjoyable". This nicely sums up my experience with this course. The projects were well balanced between being exciting, very cool and the same time posed a little bit of challenge once in a while. The course work along with the projects took a good 10hrs per week which included a quiz that was posted every friday covering the lecture material for that week. The weekly quiz ensured that we were also up-to-date on the lectures so if you planning to take a week off during the course, you might need to plan that a bit. Overall the exams and the quizes were easy, but. the exam being a closed book covering the entire semester, posted quite a bit of challenge getting though all the material before the exam.

I really enjoyed this class. As someone who entered with no background in security except for CS 6035, this class was very challenging but also very rewarding. I really hope additional security classes and a specialization can be developed before I graduate. For new students prepare by knowing python. You will also be using a Virtual machine so knowing how to setup file transfer between host and guest, basic Linux commands and bash will save you time. The negatives were

1. There was no word from the assigned professor the entire semester.
2. All but one TA was consistently responsive.

It was a great course in fact. I got exposed to several varieties of projects starting from browser security to network level, which I would not have come across in my 20 year career in IT development field. I became hands on in Python, especially in Data Structures. Course was pretty hectic with 6 projects, 10 Quizzes open book and 1 final all closed exam. TAs were very active through out the course. I meant literally they were very responsive to every question that I have posted. Coming to preparation part, I went through all the videos twice. There were many papers to read. Best part was each of those important papers were precisely explained in Udacity videos except Professor's dialect :) I listened to the videos and read the papers. Quizzes require reading. Projects were really awesome. I did all the projects very well. I was able to relate the practical aspect of the Network Security via projects. One project was really challenging one. I had to scan the whole world wide Internet using university supported infrastructure and processes. The last project was really cool. I had to read the research paper and implement the python code to evade the Intrusion detection itself. I also got good reading material for Bit coins. On down side, auto grading kept me in tension till l last minute.. Also, many fellow students were appeared to be super smart. They were also very helpful. I needed to be on Piazza & Slack up to date. At the end, I realized, Security was really mindset. Overall, TAs helped me to complete the course successfully. Now, I am looking forward to the next course.

The professor's lack of involvement was a bit disappointing. Projects didn't tie in much with the lectures and lacked a lot of clarity, but were enjoyable. Wish there was more information in regards to how to defend against cyberattacks.

The course material is interesting but the instructor was basically nonexistent. I probably watched 30% of the lectures but read all of the course slides and that turned out to be enough. The quizzes provided in the lectures are the worst I've ever seen. Some had intended answers not yet covered. Others had you ordering exploits by how common they are or ordering some other set of things with some other metric, also without prior coverage. To summarize, many of the lecture quizzes don't evaluate what you've learned from previous lecture material or the readings for that matter. So you just end up skipping to the answer and learning what you were supposed to answer. The projects were also interesting but had unspecified requirements that had to be clarified by the TAs constantly in Piazza and during office hours. If you don't pay attention to Piazza, then you are quite likely to lose 10+ points on a project you implemented according to the project's specifications, so pay close attention to Piazza. At least once, there was a detail provided during office hours that required many students to refactor their code even though the justification for this change was unfounded. The TAs were generally very helpful and patient in Piazza, which somewhat makes up for the instructor being completely absent. Several students who clearly just didn't do the work or started projects too late and did poorly, begged for a curve at the end despite the vast majority of the class getting As. The lesson here is just do the work and start early on the projects. They are not extremely difficult but they do take time so don't underestimate them. I would break my workload estimate down to ~6 hours of project work and 2 hours of viewing lectures and reading papers.

Professor don't appear in course. You have to study yourself if you want to understand things.

TLDR: Expect to teach yourself the material and comb through Piazza\Slack looking for answers to questions; but was generally an interesting class. Assignments not hard just confusing.

Prep: Have good familiarity with different variants of linux, and be familiar enough to have to deal with VMs without UIs. Having a basic understanding of python, network\programming basics, and android development.

My expectations for the class were to lean about network security and ways to prevent attacks or make it harder for attacks to happen. After the course I would say some of these expectations were met.

The course feels like a great overview of some of the security vulnerabilities in the existing structure of networks and the internet. It provides a nice way to experience being a white hacker to test your defenses and learn how to improve them.

The course was not well thought out, and assignment issues caused students to have their access revoked due to not following GT IT policies. The majority of the assignments were hard to understand and much clarification was needed due to not being fully vetted. Many times the instructors told students to start early, and then those who did were penalized because they had to redo assignments based on the erratas that were released later, often a week into or days before the due date. Be prepared to monitor ALL Piazza and slack communications daily, even after you submit assignments in case the requirements change for what needs to be submitted.

Overall, the course had great potential and learning opportunities, but was dulled by the inconsistencies, errors, and lack of communication from the instructors.

The Professor must have been too involved in his research to even care about his students or class. He did not even post a single comment and was not involved in the class at all.

The TAs lead this class completely, with one TA standing way above all the rest. And he wasn’t even the head TA.

Taking this class in the summer might be a different experience from regular semesters. The class is run by the TAs, most of them very engaged with the assignments on Piazza and Slack. The content is interesting and timely, we were studying malware by the time wannaCry was released!, The assignments are not complex but some will challenge you and will ask you to think​ in more creative ways to achieve results. As constructive feedback, this class needs a better video format, it's basically the professor reading the slides, and make the auto-graders a little smart, you get a lot of deductions that will weight in your final grade, because of trivial problems like file names and spelling.

I wanted to take an easy course to boost my GPA. This I thought would be course and I took it in the summer. I was partially wrong! The course is not intense from a material point of you. The subject matter is relatively straight forward and dry. Get as many points as you can from the quizzes. The projects are pretty interesting but take a lot of time. They are not simple or straightforward you need to invest time indoing it!

I thought this course would be easy and an A since I really needed one. But I was wrong I took this in the summer so there are naturally less points available to score. This class is a lot of work the material is not particularly hard or complex but it will take time to complete the projects and they are not straightforward.

A useful course that builds upon ICS, but one with its faults. As mentioned in other reviews, the Professor was completely absent this Summer semester. Fortunately, the TA's were engaged and helpful, but that's not a full replacement. The lectures themselves are pretty barebones with all kinds of discontinuities, jumps, and quizzes that don't always make sense, but the lectures do adequately cover the core materials. The assignments are relevant and I found them doable (but then I lucked out and found an easy solution for the infamous "frame buster"). I enjoyed playing the "black hat" and defeating machine-learning intrusion detection systems and aggressively probing network hosts.

There are few things more important in practical CS than network security, and so this course is something of a missed opportunity. You'll learn here, but not as much as you could.

The course is interesting, but the projects are very frustrating.

The course is completely led by the TAs, other than the pre-recorded videos I don't think the professor contributed anything on Piazza etc. In some classes this can work, but not so well in this case as there was a lack of clear guidance when there was an anomaly.

I did learn quite a bit and what I did learn was interesting. The assignments were painful in terms of having to work through incorrect or ambiguous instructions. In some projects then there would be a comment in Piazza that clarified something or corrected an error but that would be late into the project and in some cases meant repeating the project. It also meant that you had to spend a lot of time on Piazza, not just reading every post once but going back to see if an instructor had added a comment at a later date. I spent a lot of time re-working the projects which I feel was time wasted. For one of the projects it is still ambiguous as to why we had to do something a particular way and it has not been explained despite several attempts at asking.

In addition one project involving zmap Internet scanning resulted in many students being flagged by the IT department as performing unauthorized Internet scanning. This is something that should have been cleared with them in advance by the professor. It left students unable to complete the assignment, although they were given an alternative quiz afterwards it was very poorly handled.

In summary it is an interesting course and I did learn a lot from it, but the projects were very poorly handled in terms of incorrect instructions and ambiguities.

The projects were intriguing and they complimented the professor's video lectures and research papers very well. As long as you read the papers and watch video lectures prior to reading and coding the assignment, you should do well. It's definitely an informative class that opens security awareness. Topics like malware detection evasion and botnet infrastructures and takedowns are very important for the security community to pick up on.

This class was executed so poorly. I agree with what a lot of people said previously. The professor didn't make 1 appearance in Piazza. TAs ran the class, poorly. Some projects were easy, some really hard.

*Poorly written assignments *Strict auto-grader *Slow project grading *Horrible communication skills with TAs about projects, especially the 4th and 5th project

in fall 2016 there were no exams and the projects were super interesting. there wasn't a lot of additional reading other than for the completing the projects.

Awful class. Assignments were terrible and were incredibly difficult to figure out what on earth was going on. Like the other commenters posted, I didn't learn anything at all. Based on reviews prior to Summer, I would assume this course has been revamped quite a bit, as it sounds like it used to be an effective course. I can assure you that this is no longer the case.

I am bitter because this class was an laughable waste of time. I dont have much time, and I am actually taking these courses because I want to learn and grow - the TAs absolutely did not care if you learned or not. They did not care to teach, or even fix their own issues on their assignments. Many times, questions students had were usually responded with "read the writeup again" (that was NOT clear at ALL, hence the flood of questions) or even in one case "do not ask questions or you will get a honor code violation".

I was not active on the slack channel, but I can assure you that the professor never commented once in Piazza. I just did a search to be sure, and NOTHING showed up. Just frustrating.

TAs and Professor did not show any sort of enthusiasm or care at all as to the learning outcomes of this class. i would have learned more if i just read a few articles on wikipedia about security for 10 minutes than i had this entire course.

This is the 3rd course I've taken (after IOS and AOS) and it was abysmal. As some other reviews have said, the professor was nowhere to be seen. The class felt like it was just run by TAs who (mostly) had no clue. The was really only one exception, which just wasn't enough to save this course. However, my complaints about this course are as follow:

1. ) The lectures were mostly terrible. On occasion, there was an OK lecture, but by and large they were far too shallow to be useful.

2. ) The projects were riddled with problems. Very often, issues with the projects would be figured out deep in the comments of Piazza and there would never be an update or an announcement to the class that the problem was found, so if you didn't read /everything/ in Piazza, you were probably running in circles.

3. ) The professor delegated nearly everything to the TAs and the TAs were /terrible/

4. ) Grading was cryptic and ridiculous. Forgot the "www. " on a URL even though you verified it wasn't in the packet? Doesn't matter, that's 1% of your final course grade. Got the solution working 90% of the way? Oh, that's a 0 because nowhere did it say it was all or nothing, which translates to 5% of your final course grade. TAs had to regrade nearly every project and it was like pulling teeth to get them to realize their mistakes. As well, they never released the answers, so we just have to trust them after all their fumbles.

5. ) I learned nothing. I think the longest project took me 6 hours and the shortest about 2 hours and it would've been very easy to do each one without watching the lectures or reading the papers.

This class has great potential, but in its current form it's absolutely terrible. In hindsight, I wish I had taken anything else or nothing at all. Steer clear, if you can. If you can't, try to take this in the fall or spring. I feel like doing this over the summer semester made all of this class' shortcomings more obvious.

I am nearly done with the program, and this is by far the absolute worst class I have taken. I strongly recommend you stay away.

To be honest - I have learned NOTHING. Nothing at all. The assignments take a lot of time, and you follow weird cryptic instructions and make the program output whatever its supposed to, but I don't know WHAT is really going on in any of the assignments. It's seriously unreal.

With the exception of 1 - the TAs are atrocious. They do not help students understand what is to be done. Many of the assignments had huge errors in the provided skeleton code, and TAs dont even address it, other than commenting 10 threads deep as a response to other students proposed solutions. If they cant get their assignments together, how can they expect students to complete them?

The professor didn't leave a single - not one - email or announcement or comment or anything. He could be mythical for all I know.

If you actually want to learn something, i suggest staying far, far away. This class is a complete joke and should be either completely revamped or removed from the program. A total waste of my summer that i could have spent in another course that is positively learning oriented,

This course has great potential, but awful execution. The material isn't difficult, but the course itself was an exercise in frustration. The only reasons I'm giving two stars are because the material is interesting and because one of the TAs actually did make an effort to engage with the students. If you are looking for a class where you can have meaningful discussions and really dig into the material, definitely pass on this course for now.

Professor Lee never communicated with students a single time. When a project was shut down when students got emails from GA Tech Cyber Security telling them they were violating institute policy and potentially federal law, there was silence. When the final project was based around a paper he authored and questions were posted regarding both practical and theoretical application of the concepts, there was silence. The instructor could have been listed as "Mickey Mouse" and the student experience would have been the same.

Other instructors were not much help either. If you have a question about something in a project writeup, be prepared to be told to re-read the writeup ad nauseum or to literally beg for clarification on Piazza and then get ignored. Expect cryptic or poorly-worded responses from instructors buried in random threads with no further clarifications provided, and private posts to go unresolved for entire project windows. One TA did hold weekly office hours and actively participated in Slack and Piazza, but it just wasn't enough.

Students were also limited in their ability to help each other, despite the lack of instructor participation. Trying to give hints or troubleshoot led to one occasion of instructors threatening students with honor code violations. Solutions to past projects were also deemed off-limits due to the fear of withdrawn students hiding on Piazza to learn the solutions. If you didn't figure it out yourself, too bad.

Still on track for an A, though the 10% extra credit exam is no longer EC.

Not easy. Not very difficult. Interesting projects. Definitely not just 5 hours a week. Twice that. Advice: Practice python, and get used to Virtual box (sharing drives, resizing disk spaces, etc. - Ubuntu, Debian)

This course is pretty interesting. It's hard too. All projects are based off of research papers. So you essentially have 2 weeks to read and digest the material and finish the assignment. Lectures covered most topics tangentially - which were helpful for quizes but not for projects. On an average, I spent 12 hours or more per week on this course

How are people thinking this class was easy? I didn't rate it very hard because I save that rating for 6505 exclusively, and my idea of medium was 6310. Easy for me were 6440 and 6300. It took a considerable amount of time to do this classwork each week, and I get why we are given two weeks to do the assignments. It's not easy, don't let the 2. 4 rating fool you. The topics many of us may know tangentially are covered through application in these assignments, so two weeks to learn theory and apply it at a mastery level isn't much. I don't mean the theory they're teaching, I mean the theory required to complete the assignments, which is completely different from Network Security.

Also unlike some other posts, I liked this class. While it isn't a difficult class, I thought is was challenging enough and really required you to learn a wide variety of topics related to security. It is a lab/project driven class, so you will spend a lot of time working on projects. If you complete all the assignments and take the extra credit test, you should get a good grade. The lectures are simple and short, but it you really want to learn a topic you will need to complete the readings. While it did suffer some "new class" organization issues (it is only the second semester offered), it looks like the professor and TA's are really working to clean up these issues. Overall I think it is a good class to take, especially if you are looking for hands on experience in the network security area.

The topics are interesting when you start looking at them, but the projects just make most of the people lose focus on the content and instead turn to fixing installations and errors that will prevent you from actually understanding them. You will have to learn a lot of things and technologies you won't likely be familiar with before actually starting your projects and understand what could be wrong when you get errors or not the proper result. It would be nice if topics or projects had some connection as you are just finishing understanding one of the topics when you are already into a totally different project (and topic) where only a couple of people will be aware and help others on Piazza. Expect long times when requesting regrades. Instructions for the projects are sometimes not so clear and if the instructions say something like: "Write down a multiple of 2 (i. e. 4)" and you write 8, they will be expecting a 4, not an 8, so read the instructions very carefully.

Unlike others who posted comments here, I liked this course. Yes the lectures can get boring sometimes due to the nature of the material. But, the readings are great if you have time to read them. The topics are relevant to today's cyber security environment and also covers recent research in this area. Some papers go really in depth in the topic like how DNS works, etc. You also learn to use machine learning to check for network anomaly and then to bypass it which is cool. Assignments can be annoying since they require specific answers to the questions. Some assignments took more than 40+ hours to complete due to this. I suggest instructors to make the assignment more flexible and grading flexible too. If you want to learn in this course you will (provided you do the readings and assignments) and if you want to just pass it you can (but may not learn much!)

Some unorganized bullet points:

• I think the class is very chaotic and is not ready at this time but has huge potential.
• Most assignments are superficial and I don't think that I learned a lot. I took it because they mentioned Bitcoins and Machne Learning security in course description but bitcoins were just incidentally mentioned and Machine Learning part was just to update basic python script.
• I spent 30 hours on one assignment and like 80% of this time was chasing the Instructor to clarify what they meant and fixing environment because it simply doesn't work. Provided assignment instructions were not really helpful. In our internet traffic assignment, they provided instructions to use deprecated API that simply never worked so I don't know if they actually tried to implement it themselves. Students had to figure out on our own how to set up everything and solve the problem the other way.
• Instructors provided little to no guidance but most TAs were very helpful.

Despite getting an A, this was really unpleasant and stressful experience. I would not recommend this class at this time.

I think this class has high ratings because it's pretty easy, but I personally don't think it was a very good class.

To be fair: it's clear that Dr. Lee is an expert in security, and the instructor and TAs all did a fine job organizing Piazza etc. And, on the plus side, the class is purely project-based, and the projects are almost entirely "color by the numbers, " so if you can just follow the detailed instructions you are given you should be able to finish each project eventually and even get an A.

Be prepared, though, the projects are very concrete and steps you need to follow very clear, but that doesn't mean it's easy. Some of the projects can be huge time sucks while you basically guess and check to find an acceptable answer.

On the negative side, I found the lectures very poor, like watching a video of someone reading flash cards. They contain frequent "quizzes" where the quiz itself is the instructional material. These aren't recaps of anything that is covered elsewhere, it's guess-and-check until you can match a bunch of terms (which you may never have heard of) to their definition, or the exact short answer they want to a vague and open-ended question. The next segment of the video will of course, not discuss the terms you just learned, but move on to something else. It's basically like having wikipedia read to you.

Too often this class felt like going on a tour of the chocolate factory, being quickly rushed from room to room and being told briefly what the machines are called, then having the warning labels read out loud to you. When it was time for a project, it was like being sat at the controls for one of the giant mixers or something, told to push the red button, and write down how much chocolate comes out.

I scored over a 100 (due to extra credit), but still I wish I could have a do-over and take something else instead.

This is definitely not an easy class, and takes more than 4-5 hours/week of effort. The projects were interesting; some of them were challenging, and some were straightforward. A few of the projects could be huge time sinks, and could easily take 40 hours. The lectures were excellent, but to truly appreciate them, you need to at least skim the suggested readings. I personally loved reading the papers; they're entertaining, like war stories between the good people and the malicious hackers. The quizzes and the optional final exam were straightforward. I had no problems with the grading, and thought the TAs were patient, helpful, and fair.

However, some of the students in the class were some of the most entitled I have found in the program. These students complained and demanded a lot. There were numerous requests for due date extensions with the given excuse of having full time jobs and families.... The problem is that probably 90% of us were in the same situation, and yet we still got the projects done on time. A few students missed the final exam, and blamed the instructors for the "non-standard" exam window. Are we in a graduate school here? Piazza was extremely noisy, and a lot of students offered opinions that caused much confusion. Academic integrity violations were rampant: students shared (partial) solutions on Piazza, discussed solutions and included code in their postings, or provided hints that reveal way too much information. TAs had to delete code from some posts, but it's not clear if the students were disciplined or not.

If you take notes during lectures, do the readings, and work on the projects carefully and independently, this class takes about 15 hours/week. But, if you don't, and simply post on Piazza asking for hand holding on every single difficulty that you run into, or wait until last minute and simply follow the "walkthrough" that would be inevitably built up on Piazza, then yes, this would be an easy class that would take 4-5 hours/week.

This was a course with a ton of potential, and a topic that I was interested in, but poor professor and TA instructions made it more aggravating than anything. Pretty sure the professor never actually showed up on the forums, and I really question what he actually did, though I am pretty sure the answer is nothing at all.

TAs outside of 1 or 2 were pretty useless. They seemed absolutely lost when concerning projects and really all guidance on what to do / etc was handled by a few students who everyone else more or less followed. Grading was pretty poor. They would state deadlines then blow right past them. You went into the last week not knowing almost half of your grade.

The class consisted of 10 open note quizzes, that were easy if you used Google. Lectures are pretty much worthless for the quizzes. There are 5 projects, though one is split into two parts. Most of the projects themselves are easy, but I found myself spending hours, if not days trying to get their VMs to work, each of which seemed to be just thrown together at the last second. There was an extra credit exam as well, which was very helpful.

I learned a fair amount in this class, but I agree with others that it was fairly easy. You could probably do all the quizzes without even watching the videos. The homework assignments weren't too difficult, and pretty interesting. I didn't take the Intro To Info Sec class as a prereq, and had no problem with this class (for those that might consider doing the same thing). I thought the piazza interaction was good as well, and grading turnaround was pretty good.

I don't know why so many people rated this class easy. It was not. It took significant work effort. If you have a fulltime job (60 hours per week) and a family with children, this is about all you can take in a class. I had to drop my second class. That said, what you learn is tremendous. This is totally worth the effort. Recommend you take Computer Networks and Intro to Info Security first so you have the right background.

Although the course was quite easy, I liked it a lot. All the projects were very interesting, well put together. I loved the fact that the exam was optional and the focus was more on practice. My advice to the course creators: do not make those optional projects optional. I am sure, GT students would be able to handle all 6 of them during the single semester. Also, the experience of breaking into metasploitable is definitely a great takeaway!

Network Security was great!! I think that of all the OMSCS classes that I have taken this one is the most important for those who work in any form of capacity with networks or web applications. It covers a good number of the bases. Plenty of decent reading for students and you are free to make it as difficult and thorough as you would like to. It could be very challenging though for those without much experience in the areas of network or web application security.

Very easy class. 4 required assignments, all were pretty easy to complete. Additionally there was multiple opportunities to get extra credit.

I ended up with a A without doing any extra credit or watching the lectures. While it was a nice break, I'm a little disappointed I didn't learn more.

This class was way too easy. I am in the network security industry, so this review may be biased. The 4 projects took about 10 hours.. total. I did not watch any of the lectures. I ended up with over 100% in the class. This class seriously needs to be re-vamped to make it more difficult.

I am a full time Senior Network engineer and do security work on the side so this class was right up my alley. It was one of the easiest out of the 7 classes I have taken so far. Only a few hours of work a week.

Like others mentioned there are only 4 projects that make up your grade. They are not too difficult and do not take up much time. The first is doing a frame busting exploit and creating a Chrome extension/exploit with Javascript. I have never used Javascript before and found it easy to Google what I needed. Youtube videos helped with creating the Chrome extension.

The second project involved doing malware analysis using some command line tools and Wireshark while running malware in a VM. If you have not used Wireshark you can find some how to Youtube videos to show you how to find data in packets.

The third was doing some more packet analysis with Wireshark and writing firewall rules using IP Tables. This project along with the first two took less than 10 hours each.

The fourth was implementing an exploit in an IDS by modifying some Python code. This one took me the longest to do of the four (about 15 hours total) but ended up only being less than 20 lines of Python. Most of it was trying to make sense of what the exploit was doing from reading a couple white papers and figuring out how to code it.

We had the option to either take an optional final exam or complete and extra assignment for 10% extra credit! You could choose 1 of 3 projects. I chose one that was an extension of the second official project in the class and only took me an hour and about 4 lines of Python code. Another one that looked interesting involved doing a port scan of the entire IPv4 address space for vulnerabilities.

If you liked the IT Security class you will like this one. The professor and TA’s were very helpful. It is very similar in workload and content and very easy. I haven’t got my final grade but I would guess ending up near 105% with the extra credit.

This class had some issues for a first run, but ultimately was a positive experience, especially for those pursuing computing systems specializations. The problems were mainly with pacing of the course and specifics with the project details. There were many dead spots throughout the semester and the projects had evolving instructions / descriptions. I expect these issues to be worked out in subsequent semesters. For those who have taken InfoSec, This course is VERY similar.

Lots of opportunities for extra credit, some of the projects are reminiscent of Info Sec as well. The class was project based, with each of 4 projects worth 25% of the grade. Up to 10% extra credit was available through an additional project or PT exam. Overall fairly easy to score very well provided you don't biff more than one project.

Projects focused on web security (similar to InfoSec, JavaScript), network based malware analysis (also similar to InfoSec), Network Monitoring (used Snort and Wireshark) and using ML techniques for anomalous traffic detection (no previous ML experience required, Python).

The slack study group and other students were particularly helpful on Piazza, and the Teaching staff did what they could to help students and generally were responsive and helpful. As is becoming the norm, the Professor was less present as Prof. Lee now has multiple classes running here in OMS as well as the terrestrial requirements at GT. This did not present a problem.

There is no required textbook, but taking InfoSec first is listed as a pseudo requirement. While it will make your life here very very easy to take Info Sec first, you can probably get through it without doing that if you have a CS background and have ever dealt with security in a job.

Overall I would recommend taking the class. Well done, and plays well with other classes (in its current incarnation).

This class consists of 4 assignments, each worth 25% of the total class grade each. As a bonus, there is an optional project and final exam worth 10% each, but only one of them counts towards your grade. There is not currently much reason to watch the lectures exept to prepare for the final exam, however I personally think they may add some tests/quizzes to future runs of the course.

The 4 assignments that are all very different.

The first targets "advanced web security". You write code to exploit a fictitious website and also write a Chrome plugin to guard against certain exploits. I found this assignment quite fun.

The second assignment involves running malware on a VM and examining how it behaves. The entire assignment can probably be done in a single (multi-hour) session. It was quite easy and somewhat interesting.

The third assignment involves writing IPS/IDS rules using snort to classify network traffic as malicious or benign. This asignment was the most difficult for me and it seemed to cause issues for others as well. Writing snort rules was not particularly hard, but the way the assignment was presented was pretty vague. After prodding the TA we were given some, but not enough in my opinion, additional information. In particular, we were asked to write rules "with a long shelf life". There was some comedy here when some of the "benign" traffic that was sampled included browsing an adult e-commerce store. Somebody complained and they issued alternate traffic to analyze for those who were offended.

The last assignment was somewhere between the first and second in terms of effort and required using an ML toolkit to analyze network traffic. Most of the code was provide to us, but it does take some time to figure out how things are setup. The most difficult part of this assignment was implementing an algorithm that was laid out in an academic paper.

This class is a decent option to fill a Computing Systems concentration requirement.