Intrusion Detection and Prevention
2010-2011 - IMT6031 - 5sp

Anbefalt forkunnskap

IMT4741 Intrusion Detection and Prevention, or equivalent

Forventet læringsutbytte

In the course, the students will acquire:

  • Advanced level of understanding of methods of intrusion detection in modern computer systems and networks
  • Deep understanding of intrusion detection and prevention theory
  • Skills to be capable of critical analysis, evaluation and synthesis of ideas and concepts relating to intrusion detection and prevention.

Emnets temaer

  1. Introduction – definition and classification of IDS, basic elements of attacks against computer hosts/networks and their detection
  2. Misuse-based IDS
  3. Anomaly-based IDS
  4. Testing IDS and measuring their performances
  5. Automata theory and intrusion detection
  6. Information theory and intrusion detection

Pedagogiske metoder


Pedagogiske metoder (fritekst)

  • Lectures
  • Laboratory exercises
  • Problem solving exercises




  • Written exam (alternatively oral exam): 51%
  • Project: 49%
  • Both parts must be passed.


Bestått/Ikke bestått


Evaluated by the lecturer

Utsatt eksamen (tidl. kontinuasjon)

The whole subject must be repeated

Tillatte hjelpemidler (gjelder kun skriftlig eksamen)

Calculator, dictionary

Obligatoriske arbeidskrav




1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.

2. Jack Koziol, Intrusion Detection with SNORT, SAMS, 2003.

3. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.

4. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.

5. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.

Various papers (available on-line)

Supplerende opplysninger

There is room for 50 students for the course.