Examination arrangement

Course content

IDS/IPS definition and classification -Basic elements of attacks and their detection

Misuse detection systems (search algorithms and applications in IDS)

Anomaly detection systems (machine learning basics: principles, measures, performance evaluation, method combinations, basics of artificial neural networks, clustering (hierarchical and partitional) and supervised learning in IDS)

Testing IDS and measuring their performances

Computational complexity-theoretic and information-theoretic IDS models and quality criteria

Intrusion detection in virtual networks.

Learning outcome

Knowledge -The candidate possesses knowledge at the most advanced frontier in the field of intrusion detection and prevention. The candidate has mastered academic theory and scientific methods in intrusion detection and prevention. -The candidate is capable of considering suitability and use of different methods and processes in research in the field of intrusion detection and prevention. -The candidate is capable of contributing to development of new knowledge, theories, methods, interpretations and forms of documentation in the field of intrusion detection and prevention.

Skills -The candidate is capable of formulating problems, planning and completing research projects in the field of intrusion detection and prevention. -The candidate is capable of doing research and development at a high international level. -The candidate is capable of handling complex academic tasks. The candidate can challenge established knowledge and practice in the field of intrusion detection and prevention.

General competence -The candidate is capable of identifying relevant - and possibly new - ethical problems and exercising research in the field of intrusion detection and prevention with academic integrity. -The candidate is capable of managing complex interdisciplinary tasks and projects. -The candidate is capable of disseminating the results of research and development in the field of intrusion detection and prevention through approved national and international publication channels. -The candidate is capable of taking part in debates in international forums within the field of intrusion detection and prevention. -The candidate is capable of considering the need for, taking initiative to and engaging in innovation in the field of intrusion detection and prevention.

The course addresses the following UN Sustainable Development Goals (SDG):

Goal 7, target 7.3, also related to the goal 12, target 2 - double the global rate of improvement in energy efficiency / achieve the sustainable management and efficient use of natural resources - by designing fast and efficient big data processing algorithms, we reduce the energy consumption ensuring at the same time reliability and security of network communications.

Goal 9, target 9.5 - Enhance scientific research, upgrade the technological capabilities of industrial sectors in all countries - studying the algorithms for host and network intrusion detection, the students improve their skills and competence in many research fields, such as computer science, mathematics, statistics, etc. This contributes to taking the quality of research and development in their countries of origin to a higher level.

Learning methods and activities

-Lectures -Lab.work -Assignments -Project work

Compulsory requirements: None

The course is taught on the individual basis - reading the literature and consulting the teacher.

Further on evaluation

Re-sit / Utfyllende om kontinuasjon: The part of the exam that has not been passed must be repeated.

Assessment forms / Vurderingsformer: Oral exam Project evaluation

Specific conditions

Required previous knowledge

N/A

Course materials

Compulsory literature:

- S. Petrović, A Course in Intrusion Detection and Prevention, Akademika, Oslo, 2023.

- Various papers uploaded in the Learning Management System (Blackboard)

Recommended literature:

Books:

1. Rebecca Gurley Bace, Intrusion Detection, Macmillan, 2000.
2. David J. Marchette, Computer Intrusion Detection and Network Monitoring - A Statistical Viewpoint, Springer Verlag, 2001.
3. Richard Bejtlich, Extrusion Detection - Security Monitoring for Internal Intrusions, Addison-Wesley, 2005.
4. Stephen Northcutt, Judy Novak, Network Intrusion Detection, 3rd edition, New Riders, 2003.Various papers (available on-line)