Course at a Glance
Class Logistics
- Day and time: Saturdays from 9 AM to 12 PM Eastern.
- Class meeting dates: May 16, 23, 30; Jun. 6, 13, 20, 27; Jul. 4 (asynch), 11, 18, 25; Aug. 1, 8, 15 (final exam).
- Attendance is expected at all sessions. If an absence is needed because of a family, medical, or work-related emergency, students must contact the instructor in advance.
- Online classes are conducted via Zoom. Links are provided in Blackboard.
- Office-hours Zoom link: https://gwu-edu.zoom.us/my/mallarapu
Required Materials
Learning Objectives
Matching the right analytical method to each pipeline stage.
Working with the full range of security telemetry.
Federated learning, RL agents, anomaly detection.
End-to-end from descriptive discovery to autonomous remediation.
Formal methods, digital-twin simulation, and what-if analysis to prove properties and measure impact before deploying changes.
Class Schedule and Assignments
Approved schedule from the Summer 2026 doctoral syllabus. Homework deadlines are shown separately from exams and milestones.
ARP cache harvesting, fping/masscan sweeps, mDNS/SSDP multicast, TCP connect probing with pilot probe, producer-consumer pipeline architecture.
Concurrent multi-protocol probing, nmap service detection, HTTP/TLS/JARM inspection, RTSP/ONVIF probing, MAC OUI lookup, CPE construction, confidence scoring.
CPE-to-CVE pipeline, OpenVAS/GVM integration, Nuclei template scanning, default credential checking, firmware integrity, protocol grammar inference, LLM-guided mutation fuzzing.
NetworkX graph construction, Yen's k-shortest paths, BRS composite formula, what-if simulation, MITRE ATT&CK ICS mapping, STIX 2.1 export, behavioral baselines, threat intelligence integration.
MDP environment design, rule-based agent, PPO agent with hierarchical policy, safety controller (simulation/shadow / controlled / autonomous), campaign orchestration, SHA-256 evidence chains, reward shaping.
Twin builder (scan data -> Docker containers), scenario engine (attack/pentest replay), remediation simulator with checkpoint rollback, cascading failure detection, traffic replay, IEC / NIST compliance.
Two-hour closed-book exam administered on Blackboard during class meeting time.
Shor/Grover algorithms, NIST PQC standards (ML-KEM, ML-DSA, SLH-DSA), TLS cipher suite classification, HNDL risk modelling (Mosca's inequality), Grover oracle simulation, PQ migration planning.
Federated learning paradigm, differential privacy (Gaussian mechanism, Renyi DP), SCAFFOLD algorithm, Transformer-based IDS with INT8 quantisation, Byzantine poisoning defence (Multi-Krum), causal attribution (do-calculus).
SBOM parsing (SPDX/CycloneDX), transitive vulnerability DAGs, multi-signal counterfeit detection, vendor trust scorecards, EU CRA compliance, firmware phylogenetics, SLSA provenance verification.
Honeypot theory and interaction levels, Q-learning RL agent for adaptive behaviour, SHA-256 hash chain session recording, MITRE ATT&CK TTP mapping, Bayesian attacker modelling, honeypot placement optimisation, Merkle tree evidence.
Applied Pi Calculus, Dolev-Yao attacker model, bounded model checking (BFS state exploration), six security property classes (secrecy, authentication, forward secrecy, key freshness, replay protection, sequence integrity), protocol downgrade detection, NL-to-temporal-logic translation.
HYDRA stream aggregation, Pareto multi-objective optimisation, 5-stage safety pipeline (simulate -> verify -> approve -> execute -> health-check), micro-segmentation policy generation (iptables, Palo Alto, AWS SG), IEC 62443 / NIST 800-82 / EU CRA compliance, rollback checkpoints, self-healing loop.
Two-hour closed-book exam administered on Blackboard during class meeting time.
Instructional Time
Over 14 weeks, there will be 12 sessions of 3 hours each and 2 exam sessions of 2 hours each, for a total of 40 hours of direct instruction.
Homework and out-of-class reading are estimated at 7 hours per week, with an additional 6 hours of preparation for each exam. The total course workload is 150 hours.
Course Recordings
Downloadable recordings of each class session will be available within about 2 hours of the conclusion of class meetings and will remain available for the duration of the course.
Recordings are exclusively for registered students in that class for private use. Releasing these recordings is strictly prohibited.
Grading
Grades are determined by weighted average values and based on a standard curve relative to the class average. No late homework submission will be accepted.
Exam Requirements
A side camera is required for all exams. Failure to use a side camera will result in a 20-point deduction out of 100.
Students must remain connected to the Zoom session for the entire duration of the exam. Failure to do so will result in a 10-point deduction out of 100.
Exam Administration
- There will be a 2-hour mid-term and a 2-hour final exam.
- Both exams are closed book and administered on Blackboard during the class meeting time.
- Exams are proctored by Honorlock, which records the examinee's webcam, audio, and desktop.
- Certified reviewers confirm that the student adheres to institutional and faculty policies.
- Honorlock information: https://online.engineering.gwu.edu/student-resources/
Honorlock System Requirements
- Operating system: Windows 10+, MacOSX 10.15+, Chrome OS.
- Browser: Google Chrome version 128+.
- Internet speed: 1.5 Mbps download, 750 Kbps upload.
- E-meet C960 1080p external webcam with microphone and tripod side camera.
- Honorlock is currently incompatible with iPads.
- Use one computer monitor only; multi-monitors are not permitted.
Exam Rules
- Students should join and remain logged into the regular Zoom class meeting while taking the midterm and final exams.
- You will have two contiguous hours from the start time of class to complete the exam. Late entry does not provide additional time.
- Your entire desk, hands, face, keyboard, and screen must be visible to the side-view camera throughout the exam.
- Exam is closed book. One 8.5 x 11 inch sheet of notes with both sides used, plus one blank 8.5 x 11 inch scratch paper sheet, are allowed.
- If approved by the instructor, Microsoft Excel desktop app only, not the web app, and the calculator native to your operating system are permitted.
- Show your photo ID and both sides of the reference and scratch paper sheets to the camera before beginning the exam.
Test Environment Requirements
- Sit at a clean desk or table, not on a bed or couch.
- Ensure lighting is bright enough to be considered daylight quality. Overhead lighting is preferred; the light source should not face the camera.
- No writing on the desk or walls, and no notes or writing saved as the computer desktop background.
- No software or web applications other than Honorlock and Blackboard should be open unless otherwise permitted.
- Close all other programs and windows on the testing computer before logging in to the proctored test environment.
- Do not have a radio or television playing in the background.
- Do not talk to anyone else; communication with others by any means is not permitted.
- No other person except the test-taker is permitted in the room during testing.
- Dress as if in a public setting.
- No cell phones, headsets, ear plugs, or similar audio devices are permitted.
Test Policy Violations
Minor Violations
- Background distractions, such as radio or TV noise or another person entering the room.
- Improper testing environment, such as sitting on a couch or bed or poor lighting.
- Camera issues, including improper side-view setup.
- Unauthorized items visible but inactive, such as a powered-off second monitor.
- Wearing non-permitted accessories, such as headphones, hats, or sunglasses.
Major Violations
- Use of a phone or any unauthorized electronic device.
- Accessing non-permitted websites or applications.
- Use of additional screens or monitors.
- Face not visible on camera for more than 5 minutes.
- Communicating with another individual by any means during the exam.
Penalties and Integrity
- Any violation may result in a penalty of at least 20% of the exam score.
- Major violations or suspected academic misconduct may be referred to the Academic Integrity Council.
- The recommended minimum sanction for confirmed violations is a grade of zero on the exam.
- Any plagiarized material will receive a grade of 0.
- Any submission must comply with the Academic Integrity Policy of The George Washington University.
University Policies
Students may drop from courses through the day after the second class meeting without any academic or financial penalty. After that time, students may withdraw through the day after the tenth class meeting and will receive a designation of W and are responsible for full tuition.
Students who cannot complete a course due to deployment overseas, being called to active military duty, death in the immediate family, or debilitating illness may seek an incomplete with proper documentation.
Students should notify faculty during the first week of the semester of their intention to be absent from class on their day(s) of religious observance.
Students needing an accommodation based on the potential impact of a disability should contact Disability Support Services at 202-994-8250.
GW offers 24/7 assistance and referral for students needing crisis and emergency mental consultations, confidential assessment, and counseling services. Phone: 202-994-5300.
In case of emergency, students will be notified on Blackboard.
Academic dishonesty is defined as cheating of any kind, including misrepresenting one's own work, taking credit for the work of others without crediting them and without appropriate authorization, and fabricating information. All academic work is subject to GW University and SEAS Online Programs policy and may be scrutinized electronically.