Intrusion detection and prevention
- IMT3741 - 5 ECTS

Expected learning outcomes

After the course, the students should have acquired:
- an understanding of misuse based an anomaly based IDS and their limitations.
- an understanding of basic parameters of IDS/IPS quality assessment.


  • IDS definition and classification
  • Misuse detection systems
  • Anomaly detection systems
  • Basics of IDS/IPS quality assessment

Teaching Methods

Laboratory work
Project work

Form(s) of Assessment

Written exam, 3 hours
Evaluation of Project(s)

Form(s) of Assessment (additional text)

Written Exam, 3 hours (counts 70%, evaluated by lecturer)
Evaluation of Project(s) (counts 30%, evaluated by lecturer)

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Internal examiner

Examination support


Coursework Requirements


Teaching Materials

Obligatory literature:
1. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.

Recommended literature:
1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.