Intrusion detection and prevention
2009-2010 - IMT4741 - 5sp

Forventet læringsutbytte

After the course, the students should acquire:

- Advanced level of understanding of methods of intrusion detection in modern computer systems and networks

- Deep understanding of intrusion detection and prevention theory

Emnets temaer

1. Definition and classification of IDS systems

2. Basic elements of attacks against computer networks and their detection

3. Misuse-based IDS

4. Anomaly-based IDS

5. Testing IDS and measuring their performances

Pedagogiske metoder

Forelesninger
Lab.øvelser
Prosjektarbeid

Vurderingsformer

Skriftlig eksamen, 3 timer
Vurdering av prosjekt(er)

Vurderingsformer

Skriftlig eksamen, 3 timer (teller 70%, evalueres av faglærer)
Vurdering av prosjekt(er) (teller 30%, evalueres av faglærer)

Karakterskala

Bokstavkarakterer, A (best) - F (ikke bestått)

Sensorordning

Rettes av emnelærer

Utsatt eksamen (tidl. kontinuasjon)

Ordinær kontinuasjon for skriftlig eksamen.

Tillatte hjelpemidler (gjelder kun skriftlig eksamen)

Kalkulator, ordbok

Obligatoriske arbeidskrav

Ingen

Læremidler

Obligatory literature:
None.

Recommended literature:

1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.
3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.
4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.
5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.

Erstatter

IMT5151 - Intrusion detection and prevention

Supplerende opplysninger

In case there will be less than 5 students that will apply for the course, it will be at the discretion of Studieprogramansvarlig whether the course will be offered or not an if yes, in which form.