On the basis of
IMT4741 Intrusion Detection and Prevention, or equivalent
Expected learning outcomes
Having completed the course, the student should have:
- Advanced level of understanding of methods of intrusion detection in modern computer systems and networks
- Deep understanding of intrusion detection and prevention theory
- Acquired skills to be capable of critical analysis, evaluation and synthesis of ideas and concepts relating to intrusion detection and prevention.
- Introduction – definition and classification of IDS, basic elements of attacks against computer hosts/networks and their detection
- Misuse-based IDS
- Anomaly-based IDS
- Testing IDS and measuring their performances
- Automata theory and intrusion detection
- Information theory and intrusion detection
Teaching Methods (additional text)
- Laboratory exercises
- Problem solving exercises
Form(s) of Assessment
Form(s) of Assessment (additional text)
- Written exam (alternatively oral exam): 51%
- Project: 49%
- Both parts must be passed.
Alphabetical Scale, A(best) – F (fail)
Evaluated by the lecturer
The whole subject must be repeated
1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.
3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.
4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.
5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.
Various papers (available on-line)
There is room for 50 students for the course.