IMT4741 Intrusion Detection and Prevention, or equivalent
Having completed the course, the student should have:
- Advanced level of understanding of methods of intrusion detection in modern computer systems and networks
- Deep understanding of intrusion detection and prevention theory
- Acquired skills to be capable of critical analysis, evaluation and synthesis of ideas and concepts relating to intrusion detection and prevention.
- Introduction – definition and classification of IDS, basic elements of attacks against computer hosts/networks and their detection
- Misuse-based IDS
- Anomaly-based IDS
- Testing IDS and measuring their performances
- Automata theory and intrusion detection
- Information theory and intrusion detection
Pedagogiske metoder (fritekst)
- Laboratory exercises
- Problem solving exercises
- Written exam (alternatively oral exam): 51%
- Project: 49%
- Both parts must be passed.
Bokstavkarakterer, A (best) - F (ikke bestått)
Evaluated by the lecturer
Utsatt eksamen (tidl. kontinuasjon)
The whole subject must be repeated
Tillatte hjelpemidler (gjelder kun skriftlig eksamen)
1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.
3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.
4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.
5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.
Various papers (available on-line)
There is room for 50 students for the course.