Expected learning outcomes
After the course, the students should have acquired:
- the mathematical fundament needed to understand intrusion detection and prevention.
- an understanding of applications of misuse based an anomaly based IDS and their limitations.
- an understanding of how an IDS/IPS quality can be assessed and an ability to carry out the assessing process.
IDS definition and classification
Misuse detection systems
Anomaly detection systems
Metrics and test data sets
Measuring IDS performances
Form(s) of Assessment
Written exam, 3 hours
Evaluation of Project(s)
Form(s) of Assessment (additional text)
Written Exam, 3 hours (counts 70%, evaluated by lecturer)
Evaluation of Project(s) (counts 30%, evaluated by lecturer)
Alphabetical Scale, A(best) – F (fail)
1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.
3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.
4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.
5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.