Intrusion detection and prevention
- IMT4741 - 5 ECTS

Expected learning outcomes

After the course, the students should have acquired:
- the mathematical fundament needed to understand intrusion detection and prevention.
- an understanding of applications of misuse based an anomaly based IDS and their limitations.
- an understanding of how an IDS/IPS quality can be assessed and an ability to carry out the assessing process.


IDS definition and classification
Misuse detection systems
Anomaly detection systems
Metrics and test data sets
Measuring IDS performances

Teaching Methods

Laboratory work
Project work

Form(s) of Assessment

Written exam, 3 hours
Evaluation of Project(s)

Form(s) of Assessment (additional text)

Written Exam, 3 hours (counts 70%, evaluated by lecturer)
Evaluation of Project(s) (counts 30%, evaluated by lecturer)

Grading Scale

Alphabetical Scale, A(best) – F (fail)

Coursework Requirements


Teaching Materials

Obligatory literature:
Recommended literature:
1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.
3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.
4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.
5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.