Course Details
Subject {L-T-P / C} : CS6306 : Intrusion Detection Systems { 3-0-0 / 3}
Subject Nature : Theory
Coordinator : Prof.(Ms.) Sujata Mohanty
Syllabus
Detailed syllabus
Introduction:(8 hours)
Basic Concepts of Security, Introduction to Intrusions, Need of Intrusion Detection, Classification of Intrusion Detection Systems, Sources of Vulnerabilities, Attacks against various security objectives, countermeasures of attacks.
Intrusion Detection and Prevention Technologies: (10hours)
Host-based intrusion detection system (HIDS), Network-based IDS, Information Sources for IDS, Host and Network Vulnerabilities and Countermeasures. Intrusion detection techniques, misuse detection: pattern matching, rule-based and state-based anomaly detection: statistical based, machine learning based, data mining based hybrid detection.
IDS and IPS Architecture:(10 hours)
Tiered architectures, Single-tiered, Multi-tiered, Peer-to-Peer. Sensor: sensor functions, sensor deployment and security. Agents: agent functions, agent deployment and security. Manager component: manager functions, manager deployment and security. Information flow in IDS and IPS, defending IDS/IPS, Case study on commercial and open-source IDS.
Alert Management and Correlation Data fusion: (8hours)
Alert correlation, Pre-process, Correlation Techniques, Post-process, Alert Correlation architectures. Cooperative Intrusion Detection, Cooperative Discovery of Intrusion chain, Abstraction-based Intrusion Detection, Interest-based communication and cooperation, agent-based cooperation.
Course Objectives
- • To evaluate the security of an organization and appropriately apply Intrusion Detection tools and techniques in order to improve their security posture.
- • To identify and describe appropriate situations and scenarios where intrusion detection may be applied to achieve an increased level of situational awareness and information assurance.
- • Apply the knowledge to the architecture, configuration, and analysis of specific intrusion detection systems
Course Outcomes
• Understand modern concepts related to Intrusion Detection System. <br />• Compare alternative tools and approaches for Intrusion Detection through quantitative analysis to determine the best tool or approach to reduce risk from intrusion <br />• Identify and describe the parts of all intrusion detection systems and characterize new and emerging IDS technologies according to the basic capabilities all intrusion detection systems share.
Essential Reading
- C. Endorf, E. Schultz and J. Mellander, Intrusion Detection & Prevention, McGraw-Hill/Osborne , 2004
- Ali A. Ghorbani, Network intrusion detection and prevention concepts and techniques, Springer, 2010
Supplementary Reading
- J. M. Kizza, Computer Network Security, Springer, 2005.
- Chris Sanders and Jason Smith, Applied Network Security Monitoring: Collection, Detection, and Analysis, Syngress, 2013