On the basis of
It is desirable to possess basic knowledge about the TCP/IP protocol stack.
Expected learning outcomes
- Possesses advanced knowledge in detection/prevention of intrusions in computer systems and networks, in particular: application of advanced search algorithms in intrusion detection, unsupervised and supervised learning methods used in these systems, computational complexity-theoretic modeling, information-theoretic modeling of intrusion detection/prevention systems, and intrusion detection in virtual networks.
- Possesses thorough knowledge about theory and scientific methods relevant for intrusion detection.
- Is capable of applying his/her knowledge in design and analysis of intrusion detection/prevention systems.
- Is capable of analyzing existing theories, methods and interpretations in the field of intrusion detection and working independently on solving theoretical and practical problems.
- Can use relevant scientific methods in independent research and development in intrusion detection.
- Is capable of performing critical analysis of various literature sources and applying them in structuring and formulating scientific reasoning in the field of intrusion detection and prevention.
- Is capable of carrying out an independent limited research or development project in intrusion detection under supervision, following the applicable ethical rules.
- Is capable of analyzing relevant professional and research ethical problems in the field of intrusion detection.
- Is capable of applying his/her knowledge and skills in new fields, in order to accomplish advanced tasks and projects.
- Can work independently and is familiar with terminology in the field of intrusion detection and prevention.
- Is capable of discussing professional problems in the field of intrusion detection and prevention, both with specialists and with general audience.
- Is capable of contributing to innovation and innovation processes.
- IDS/IPS definition and classification
- Basic elements of attacks and their detection
- Misuse detection systems (search algorithms and applications in IDS)
- Anomaly detection systems (learning, intelligence, and machine learning basics: principles, measures, performance evaluation, method combinations, basics of artificial neural networks, clustering (hierarchical and partitional) and supervised learning in IDS)
- Testing IDS and measuring their performances
- Computational complexity-theoretic and information-theoretic IDS models and quality criteria
- Intrusion detection in virtual networks.
Teaching Methods (additional text)
The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through the learning management system.
Form(s) of Assessment
Written exam, 5 hours
Alphabetical Scale, A(best) – F (fail)
Internal examiner. External examiner is used every 5 years, next time in 2020.
Ordinary re-sit examination in August.
Code D: No printed or hand-written support material is allowed. A specific basic calculator is allowed.
Read more about permitted examination aids.
Various papers, uploaded in the learning management system.
Books on intrusion detection and prevention, such as
1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.
3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.
4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.
5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.
Replacement course for
IMT4741 Intrusion Detection and Prevention