Intrusion Detection and Prevention
2009-2010 - IMT6031 - 5sp

Anbefalt forkunnskap

IMT4741 Intrusion Detection and Prevention, or equivalent

Forventet læringsutbytte

Having completed the course, the student should have:

  • Advanced level of understanding of methods of intrusion detection in modern computer systems and networks
  • Deep understanding of intrusion detection and prevention theory
  • Acquired skills to be capable of critical analysis, evaluation and synthesis of ideas and concepts relating to intrusion detection and prevention.

Emnets temaer

  1. Introduction – definition and classification of IDS, basic elements of attacks against computer hosts/networks and their detection
  2. Misuse-based IDS
  3. Anomaly-based IDS
  4. Testing IDS and measuring their performances
  5. Automata theory and intrusion detection
  6. Information theory and intrusion detection

Pedagogiske metoder

Annet

Pedagogiske metoder (fritekst)

  • Lectures
  • Laboratory exercises
  • Problem solving exercises

Vurderingsformer

Annet

Vurderingsformer

  • Written exam (alternatively oral exam): 51%
  • Project: 49%
  • Both parts must be passed.

Karakterskala

Bokstavkarakterer, A (best) - F (ikke bestått)

Sensorordning

Evaluated by the lecturer

Utsatt eksamen (tidl. kontinuasjon)

The whole subject must be repeated

Tillatte hjelpemidler (gjelder kun skriftlig eksamen)

Calculator, dictionary

Obligatoriske arbeidskrav

None

Læremidler

Books:

1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.

2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.

3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.

4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.

5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.

Various papers (available on-line)

Supplerende opplysninger

There is room for 50 students for the course.