On the basis of
IMT4741 Intrusion Detection and Prevention, or equivalent
Expected learning outcomes
The candidate possesses knowledge at the most advanced frontier in the field of intrusion detection and prevention. The candidate has mastered academic theory and scientific methods in intrusion detection and prevention.
The candidate is capable of considering suitability and use of different methods and processes in research in the field of intrusion detection and prevention.
The candidate is capable of contributing to development of new knowledge, theories, methods, interpretations and forms of documentation in the field of intrusion detection and prevention.
The candidate is capable of formulating problems, planning and completing research projects in the field of intrusion detection and prevention.
The candidate is capable of doing research and development at a high international level.
The candidate is capable of handling complex academic tasks. The candidate can challenge established knowledge and practice in the field of intrusion detection and prevention.
The candidate is capable of identifying relevant – and possibly new - ethical problems and exercising research in the field of intrusion detection and prevention with academic integrity.
The candidate is capable of managing complex interdisciplinary tasks and projects.
The candidate is capable of disseminating the results of research and development in the field of intrusion detection and prevention through approved national and international publication channels.
The candidate is capable of taking part in debates in international forums within the field of intrusion detection and prevention.
The candidate is capable of considering the need for, taking initiative to and engaging in innovation in the field of intrusion detection and prevention.
- Introduction – definition and classification of IDS, basic elements of attacks against computer hosts/networks and their detection
- Misuse-based IDS
- Anomaly-based IDS
- Testing IDS and measuring their performances
- Automata theory and intrusion detection
- Information theory and intrusion detection
Teaching Methods (additional text)
Form(s) of Assessment
Written exam, 3 hours
Evaluation of Project(s)
Form(s) of Assessment (additional text)
Written exam, 3 hours (alternatively oral exam)
Both parts must be passed.
Evaluated by the lecturer. Every 4th year, an external examiner is used, next time in 2015.
The whole subject must be repeated
1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.
3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.
4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.
5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.
Various papers (available on-line)
There is room for 50 students for the course.