Hide menu

Intrusion detection systems

FDA172, 2004HT

Status Archive
School Computer and Information Science (CIS)
Division ADIT
Owner Nahid Shahmehri

  Log in  

Course plan

No of lectures

Recommended for

PhD students whose research topic is closely related to information security. Participants are expected to have passed basic security course and have insight in ongoing research in information security.

The course was last given

First time the course is given.


- Exposure to theory and practice of Intrusion Detection Systems (IDS)
- Insight into the recent research.
- Gaining practical experience with intrusion detection methods and systems.


PhD students in computer science with prior knowledge of computer security.


The course is organized as a combination of lectures and study circle, and it consists of two parts.

Part one will start with an introduction into theory and practice of operation for Intrusion Detection Systems. Afterwards, participants will in turn present recent research on this topic. Each presentation is followed by discussion about the merits and issues with the particular research. A final session gives the participants opportunity to express their own areas of interest, and preliminary ideas therein.

Part two will focus on individual projects. Each participant will choose (or suggest) a project which is research related. The projects will end with a written report and presentation.


1- RAID 2003
Detecting Anomalous Network Traffic with Self-Organizing Maps
Manikantan Ramadas, Shawn Ostermann, and Brett Tjaden
Ohio University and James Madison University, USA

2- RAID 2003
Modeling Computer Attacks: An Ontology for Intrusion Detection
Jeffrey Undercoffer, Anupam Joshi, and John Pinkston
University of Maryland, USA

3-RAID 2003
Using Decision Trees to Improve Signature-based Intrusion Detection
Christopher Kruegel and Thomas Toth
University of California, Santa Barbara, USA, and Technical University
Vienna, Austria

4-RAID 2002
Evaluation of the Diagnostic Capabilities of Commercial Intrusion Detection Systems
Herve Debar, Benjamin Morin (France Telecom R&D, France)
Lecture Notes in Computer Science - Vol. 2516 / 2002 Chapter: pp. 177 - 198
[get from local library]

5- CCS 2003
Intrusion detection: Enhancing byte-level network intrusion detection
signatures with context
Robin Sommer, Vern Paxson
Proceedings of the 10th ACM conference on Computer and communication security

6- Pacific Rim International Symposium on Dependable Computing (PRDC 2004
Honeypots: Practical Means to Validate Malicious Fault Assumptions
Marc Dacier, Fabien Pouget, Hervé Debar

7- snort.org 1998
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
Thomas H. Ptacek , Timothy N. Newsham

Threat Management Systems The State of Intrusion Detection
Steven J. Scott
+ SNORT as a product / IDS solution!

9- Networking, IEEE/ACM Transactions on , Volume: 12 , Issue: 2 , April 2004
Protocol Scrubbing: Network Security Through Transparent Flow Modification
Watson, D.; Smart, M.; Malan, G.R.; Jahanian, F.;

Wireless Communications, IEEE Volume: 11 , Issue: 1 , Feb. 2004, Pages:48 - 60
Intrusion detection in wireless ad hoc networks
Mishra, A.; Nadkarni, K.; Patcha, A.;

2003 ACM workshop on Rapid Malcode
Defensive technology: Detection of injected, dynamically generated, and
obfuscated malicious code
Jesse C. Rabek, Roger I. Khazan, Scott M. Lewandowski, Robert K. Cunningham

2003 ACM Trans. on Information and System Security (TISSEC),Volume 6 Issue 2
BlueBoX: A policy-driven, host-based intrusion detection system
Suresh N. Chari, Pau-Chen Cheng

2002 conference on Computer and communications security
Intrusion detection: Mimicry attacks on host-based intrusion detection systems
David Wagner, Paolo Soto

Discuss the role of LIDS in the context of Intrusion Detection /
Intrusion Prevention. Material on www.lids.rg, e.g.


Any of the following books is fine. If you already have one of these books, just use the one. The course will follow Amoroso's book.

1) ISBN 1578701856, Rebecca Gurley Bace, Dec. 1999
2) ISBN 0966670078, Edward G. Amoroso, Feb 1999.

There is also a list of articles to be studied. See a prel. list as specified in the course content.


To be determined.


Nahid Shahmehri and Germano Caronni


Part one: actiive participation, and presentation.

Part two: reading materials, project, project report, and presentation.


7 credits.


Page responsible: Director of Graduate Studies
Last updated: 2012-05-03