Intrusion Detection and Prevention
2009-2010 - IMT6031 - 5 ECTS

On the basis of

IMT4741 Intrusion Detection and Prevention, or equivalent

Expected learning outcomes

Having completed the course, the student should have:

  • Advanced level of understanding of methods of intrusion detection in modern computer systems and networks
  • Deep understanding of intrusion detection and prevention theory
  • Acquired skills to be capable of critical analysis, evaluation and synthesis of ideas and concepts relating to intrusion detection and prevention.


  1. Introduction – definition and classification of IDS, basic elements of attacks against computer hosts/networks and their detection
  2. Misuse-based IDS
  3. Anomaly-based IDS
  4. Testing IDS and measuring their performances
  5. Automata theory and intrusion detection
  6. Information theory and intrusion detection

Teaching Methods


Teaching Methods (additional text)

  • Lectures
  • Laboratory exercises
  • Problem solving exercises

Form(s) of Assessment


Form(s) of Assessment (additional text)

  • Written exam (alternatively oral exam): 51%
  • Project: 49%
  • Both parts must be passed.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by the lecturer

Re-sit examination

The whole subject must be repeated

Examination support

Calculator, dictionary

Coursework Requirements


Teaching Materials


1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.

2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.

3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.

4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.

5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.

Various papers (available on-line)

Additional information

There is room for 50 students for the course.