Course - Intrusion Detection in Physical and Virtual Networks - IMT4204
IMT4204 - Intrusion Detection in Physical and Virtual Networks
About
Examination arrangement
Examination arrangement: School exam
Grade: Letter grades
| Evaluation | Weighting | Duration | Grade deviation | Examination aids |
|---|---|---|---|---|
| School exam | 100/100 | 5 hours | D |
Course content
IDS/IPS definition and classification -Basic elements of attacks and their detection
Misuse detection systems (search algorithms and applications in IDS)
Anomaly detection systems (machine learning basics: principles, measures, performance evaluation, method combinations, basics of artificial neural networks, clustering (hierarchical and partitional) and supervised learning in IDS)
Testing IDS and measuring their performances
Computational complexity-theoretic and information-theoretic IDS models and quality criteria
Intrusion detection in virtual networks.
Learning outcome
Knowledge: -Possesses advanced knowledge in detection/prevention of intrusions in computer systems and networks, in particular: application of advanced search algorithms in intrusion detection, unsupervised and supervised learning methods used in these systems, computational complexity-theoretic modeling, information-theoretic modeling of intrusion detection/prevention systems, and intrusion detection in virtual networks. -Possesses thorough knowledge about theory and scientific methods relevant for intrusion detection. -Is capable of applying his/her knowledge in design and analysis of intrusion detection/prevention systems.
Skills: -Is capable of analyzing existing theories, methods and interpretations in the field of intrusion detection and working independently on solving theoretical and practical problems. -Can use relevant scientific methods in independent research and development in intrusion detection. -Is capable of performing critical analysis of various literature sources and applying them in structuring and formulating scientific reasoning in the field of intrusion detection and prevention. -Is capable of carrying out an independent limited research or development project in intrusion detection under supervision, following the applicable ethical rules.
General competence: -Is capable of analyzing relevant professional and research ethical problems in the field of intrusion detection. -Is capable of applying his/her knowledge and skills in new fields, in order to accomplish advanced tasks and projects. -Can work independently and is familiar with terminology in the field of intrusion detection and prevention. -Is capable of discussing professional problems in the field of intrusion detection and prevention, both with specialists and with general audience. -Is capable of contributing to innovation and innovation processes.
The course addresses the following UN Sustainable Development Goals (SDG):
Goal 7, target 7.3, also related to the goal 12, target 2 - double the global rate of improvement in energy efficiency / achieve the sustainable management and efficient use of natural resources - by designing fast and efficient big data processing algorithms, we reduce the energy consumption ensuring at the same time reliability and security of network communications.
Goal 9, target 9.5 - Enhance scientific research, upgrade the technological capabilities of industrial sectors in all countries - studying the algorithms for host and network intrusion detection, the students improve their skills and competence in many research fields, such as computer science, mathematics, statistics, etc. This contributes to taking the quality of research and development in their countries of origin to a higher level.
Learning methods and activities
-Lectures -Lab work -Numerical exercises
Additional information: -The course will be made accessible for both campus (Gjøvik/Trondheim) and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirements. The lectures in the course will be given on campus Gjøvik and are open for both categories of students. All the lectures will also be available on Internet through the learning management system.
Compulsory requirements: None.
Further on evaluation
The written 5-hours' exam counts 100% of the final mark.
Ordinary re-sit examination in August.
The written exam will be given both on campus Gjøvik and campus Trondheim.
Specific conditions
Admission to a programme of study is required:
Cyber Security and Data Communication (MTKOM)
Digital Infrastructure and Cyber Security (MSTCNNS)
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)
Security and Cloud Computing (MSSECCLO)
Recommended previous knowledge
It is desirable to possess basic knowledge about the TCP/IP protocol stack.
Required previous knowledge
N/A
Course materials
Compulsory literature:
- S. Petrović, A Course in Intrusion Detection and Prevention, Akademika, Oslo, 2023.
- Various papers, uploaded in the learning management system.
Recommended literature: Books on intrusion detection and prevention, such as
- Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
- David J. Marchette, Computer Intrusion Detection and Network Monitoring, A Statistical Viewpoint, Springer Verlag, 2001.
- Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.
- Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.
Credit reductions
| Course code | Reduction | From | To |
|---|---|---|---|
| IMT4741 | 5.0 | AUTUMN 2017 |
Version: 1
Credits:
7.5 SP
Study level: Second degree level
Term no.: 1
Teaching semester: AUTUMN 2024
Language of instruction: English
Location: Gjøvik , Trondheim
- Computer and Information Science
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination arrangement: School exam
- Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
- Autumn ORD School exam 100/100 D 2024-11-29 09:00 INSPERA
-
Room Building Number of candidates M433-Eksamensrom 4.etg Mustad, Inngang A 9 SL311 brun sone Sluppenvegen 14 10 SL311 grønn sone Sluppenvegen 14 18 - Summer UTS School exam 100/100 D INSPERA
-
Room Building Number of candidates
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"