Intrusion Detection and Prevention
2010-2011
-
IMT6031
- 5sp
Anbefalt forkunnskap
IMT4741 Intrusion Detection and Prevention, or equivalent
Forventet læringsutbytte
In the course, the students will acquire:
- Advanced level of understanding of methods of intrusion detection in modern computer systems and networks
- Deep understanding of intrusion detection and prevention theory
- Skills to be capable of critical analysis, evaluation and synthesis of ideas and concepts relating to intrusion detection and prevention.
Emnets temaer
- Introduction – definition and classification of IDS, basic elements of attacks against computer hosts/networks and their detection
- Misuse-based IDS
- Anomaly-based IDS
- Testing IDS and measuring their performances
- Automata theory and intrusion detection
- Information theory and intrusion detection
Pedagogiske metoder
Forelesninger
Lab.øvelser
Oppgaveløsning
Pedagogiske metoder (fritekst)
- Lectures
- Laboratory exercises
- Problem solving exercises
Vurderingsformer
Annet
Vurderingsformer
- Written exam (alternatively oral exam): 51%
- Project: 49%
- Both parts must be passed.
Karakterskala
Bestått/Ikke bestått
Sensorordning
Evaluated by the lecturer
Utsatt eksamen (tidl. kontinuasjon)
The whole subject must be repeated
Tillatte hjelpemidler (gjelder kun skriftlig eksamen)
Calculator, dictionary
Obligatoriske arbeidskrav
None
Læremidler
Books:
1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.
3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.
4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.
5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.
Various papers (available on-line)
Supplerende opplysninger
There is room for 50 students for the course.