Bygger på

IMT4741 Intrusion Detection and Prevention, or equivalent

Forventet læringsutbytte

Knowledge

The candidate possesses knowledge at the most advanced frontier in the field of intrusion detection and prevention. The candidate has mastered academic theory and scientific methods in intrusion detection and prevention.

The candidate is capable of considering suitability and use of different methods and processes in research in the field of intrusion detection and prevention.

The candidate is capable of contributing to development of new knowledge, theories, methods, interpretations and forms of documentation in the field of intrusion detection and prevention.

Skills

The candidate is capable of formulating problems, planning and completing research projects in the field of intrusion detection and prevention.

The candidate is capable of doing research and development at a high international level.

The candidate is capable of handling complex academic tasks. The candidate can challenge established knowledge and practice in the field of intrusion detection and prevention.

General competence

The candidate is capable of identifying relevant – and possibly new - ethical problems and exercising research in the field of intrusion detection and prevention with academic integrity.

The candidate is capable of managing complex interdisciplinary tasks and projects.

The candidate is capable of disseminating the results of research and development in the field of intrusion detection and prevention through approved national and international publication channels.

The candidate is capable of taking part in debates in international forums within the field of intrusion detection and prevention.

The candidate is capable of considering the need for, taking initiative to and engaging in innovation in the field of intrusion detection and prevention.

Emnets temaer

1.  Introduction – definition and classification of IDS, basic elements of attacks against computer hosts/networks and their detection
2.  Misuse-based IDS
3.  Anomaly-based IDS
4.  Testing IDS and measuring their performances
5.  Automata theory and intrusion detection
6.  Information theory and intrusion detection

Pedagogiske metoder

Forelesninger
Lab.øvelser
Oppgaveløsning
Prosjektarbeid

Pedagogiske metoder (fritekst)

Lectures

Laboratory exercises

Numerical exercises

Project work

Vurderingsformer

Skriftlig eksamen, 3 timer
Vurdering av prosjekt(er)

Vurderingsformer

Written exam, 3 hours (alternatively oral exam) (counts 51% of the final mark)

Project evaluation (counts 49% of the final mark)

Both parts must be passed.

Karakterskala

Bestått/Ikke bestått

Sensorordning

Evaluated by the lecturer

Gjennomføring av kontinuasjon

The whole subject must be repeated

Tillatte hjelpemidler (gjelder kun skriftlig eksamen)

Calculator, dictionary

Obligatoriske arbeidskrav

None

Læremidler

Books:

1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.

2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.

3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.

4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.

5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.

Various papers (available on-line)

Supplerende opplysninger

There is room for 50 students for the course.