Intrusion Detection and Prevention
2010-2011 - IMT6031 - 5 ECTS

On the basis of

IMT4741 Intrusion Detection and Prevention, or equivalent

Expected learning outcomes

In the course, the student will acquire:

  • Advanced level of understanding of methods of intrusion detection in modern computer systems and networks
  • Deep understanding of intrusion detection and prevention theory
  • Skills to be capable of critical analysis, evaluation and synthesis of ideas and concepts relating to intrusion detection and prevention.

Topic(s)

  1. Introduction – definition and classification of IDS, basic elements of attacks against computer hosts/networks and their detection
  2. Misuse-based IDS
  3. Anomaly-based IDS
  4. Testing IDS and measuring their performances
  5. Automata theory and intrusion detection
  6. Information theory and intrusion detection

Teaching Methods

Lectures
Laboratory work
Exercises

Teaching Methods (additional text)

  • Lectures
  • Laboratory exercises
  • Problem solving exercises

Form(s) of Assessment

Other

Form(s) of Assessment (additional text)

  • Written exam (alternatively oral exam): 51%
  • Project: 49%
  • Both parts must be passed.

Grading Scale

Pass/Failure

External/internal examiner

Evaluated by the lecturer

Re-sit examination

The whole subject must be repeated

Examination support

Calculator, dictionary

Coursework Requirements

None

Teaching Materials

Books:

1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.

2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.

3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.

4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.

5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.

Various papers (available on-line)

Additional information

There is room for 50 students for the course.