Intrusion Detection and Prevention
2009-2010
-
IMT6031
- 5 ECTS
On the basis of
IMT4741 Intrusion Detection and Prevention, or equivalent
Expected learning outcomes
Having completed the course, the student should have:
- Advanced level of understanding of methods of intrusion detection in modern computer systems and networks
- Deep understanding of intrusion detection and prevention theory
- Acquired skills to be capable of critical analysis, evaluation and synthesis of ideas and concepts relating to intrusion detection and prevention.
Topic(s)
- Introduction – definition and classification of IDS, basic elements of attacks against computer hosts/networks and their detection
- Misuse-based IDS
- Anomaly-based IDS
- Testing IDS and measuring their performances
- Automata theory and intrusion detection
- Information theory and intrusion detection
Teaching Methods
Other
Teaching Methods (additional text)
- Lectures
- Laboratory exercises
- Problem solving exercises
Form(s) of Assessment
Other
Form(s) of Assessment (additional text)
- Written exam (alternatively oral exam): 51%
- Project: 49%
- Both parts must be passed.
Grading Scale
Alphabetical Scale, A(best) – F (fail)
External/internal examiner
Evaluated by the lecturer
Re-sit examination
The whole subject must be repeated
Examination support
Calculator, dictionary
Coursework Requirements
None
Teaching Materials
Books:
1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.
3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.
4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.
5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.
Various papers (available on-line)
Additional information
There is room for 50 students for the course.