Intrusion detection and prevention
2009-2010 - IMT4741 - 5 ECTS

Expected learning outcomes

After the course, the students should acquire:

- Advanced level of understanding of methods of intrusion detection in modern computer systems and networks

- Deep understanding of intrusion detection and prevention theory


1. Definition and classification of IDS systems

2. Basic elements of attacks against data networks and their detection

3. Misuse-based IDS

4. Anomaly-based IDS

5. Testing IDS and measuring their performances

Teaching Methods

Laboratory work
Project work

Teaching Methods (additional text)


Laboratory exercises

Project work

Form(s) of Assessment

Written exam, 3 hours
Evaluation of Project(s)

Form(s) of Assessment (additional text)

Written Exam, 3 hours (counts 70%, evaluated by lecturer)
Evaluation of Project(s) (counts 30%, evaluated by lecturer)

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by the lecturer

Re-sit examination

For the written exam: Ordinary re-sit examnination.

Examination support

Calculator, dictionary

Coursework Requirements


Teaching Materials

Obligatory literature:
Recommended literature:
1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.
3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.
4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.
5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.

Replacement course for

IMT5151 Intrusion detection and prevention

Additional information

In case there will be less than 5 students that will apply for the course, it will be at the discretion of Studieprogramansvarlig whether the course will be offered or not an if yes, in which form.