Expected learning outcomes
After the course, the students should acquire:
- Advanced level of understanding of methods of intrusion detection in modern computer systems and networks
- Deep understanding of intrusion detection and prevention theory
1. Definition and classification of IDS systems
2. Basic elements of attacks against data networks and their detection
3. Misuse-based IDS
4. Anomaly-based IDS
5. Testing IDS and measuring their performances
Teaching Methods (additional text)
Form(s) of Assessment
Written exam, 3 hours
Evaluation of Project(s)
Form(s) of Assessment (additional text)
Written Exam, 3 hours (counts 70%, evaluated by lecturer)
Evaluation of Project(s) (counts 30%, evaluated by lecturer)
Alphabetical Scale, A(best) – F (fail)
Evaluated by the lecturer
For the written exam: Ordinary re-sit examnination.
1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.
3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.
4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.
5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.
Replacement course for
IMT5151 Intrusion detection and prevention
In case there will be less than 5 students that will apply for the course, it will be at the discretion of Studieprogramansvarlig whether the course will be offered or not an if yes, in which form.