Intrusion detection systemsFDA172, 2004HTFull
|
|
Course plan
No of lectures
Recommended for
PhD students whose research topic is closely related to information security. Participants are expected to have passed basic security course and have insight in ongoing research in information security.
The course was last given
First time the course is given.
Goals
- Exposure to theory and practice of Intrusion Detection Systems (IDS)
- Insight into the recent research.
- Gaining practical experience with intrusion detection methods and systems.
Prerequisites
PhD students in computer science with prior knowledge of computer security.
Organization
The course is organized as a combination of lectures and study circle, and it
consists of two parts.
Part one will start with an introduction into theory and practice of operation
for Intrusion Detection Systems. Afterwards, participants will in turn present
recent research on this topic. Each presentation is followed by discussion
about the merits and issues with the particular research. A final session gives
the participants opportunity to express their own areas of interest, and
preliminary ideas therein.
Part two will focus on individual projects. Each participant will choose (or
suggest) a project which is research related. The projects will end with a
written report and presentation.
Contents
1- RAID 2003
Detecting Anomalous Network Traffic with Self-Organizing Maps
Manikantan Ramadas, Shawn Ostermann, and Brett Tjaden
Ohio University and James Madison University, USA
http://www.cs.fit.edu/~pkc/id/related/ramadas03raid.ps.gz
2- RAID 2003
Modeling Computer Attacks: An Ontology for Intrusion Detection
Jeffrey Undercoffer, Anupam Joshi, and John Pinkston
University of Maryland, USA
http://www.csee.umbc.edu/cadip/2002Symposium/Ont-for-IDS.pdf
http://www.cs.vu.nl/~heiner/IJCAI-03/Papers/Undercoffer.pdf
3-RAID 2003
Using Decision Trees to Improve Signature-based Intrusion Detection
Christopher Kruegel and Thomas Toth
University of California, Santa Barbara, USA, and Technical University
Vienna, Austria
http://www.infosys.tuwien.ac.at/Staff/chris/doc/2003_03.ps
4-RAID 2002
Evaluation of the Diagnostic Capabilities of Commercial Intrusion Detection
Systems
Herve Debar, Benjamin Morin (France Telecom R&D, France)
http://www.rd.francetelecom.com/fr/conseil/mento20/chapitre4.pdf?PHPSESSID=e64bcf4fc4e34a4ab96c152948c77acb
Lecture Notes in Computer Science - Vol. 2516 / 2002 Chapter: pp. 177 - 198
[get from local library]
5- CCS 2003
Intrusion detection: Enhancing byte-level network intrusion detection
signatures with context
Robin Sommer, Vern Paxson
Proceedings of the 10th ACM conference on Computer and communication security
http://portal.acm.org/ft_gateway.cfm?id=948145&type=pdf&coll=portal&dl=ACM&CFID=20587703&CFTOKEN=67367469
6- Pacific Rim International Symposium on Dependable Computing (PRDC 2004
Honeypots: Practical Means to Validate Malicious Fault Assumptions
Marc Dacier, Fabien Pouget, Hervé Debar
http://ieeexplore.ieee.org/iel5/8995/28541/01276594.pdf?isNumber=28541&arnumber=1276594&prod=CNF&arSt=+383&ared=+388&arAuthor=+Dacier%2C+M.%3B++Pouget%2C+F.%3B++Debar%2C+H.
7- snort.org 1998
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
Thomas H. Ptacek , Timothy N. Newsham
http://www.snort.org/docs/idspaper/
8-
2002
Threat Management Systems The State of Intrusion Detection
Steven J. Scott
http://www.snort.org/docs/threatmanagement.pdf
+ SNORT as a product / IDS solution!
9- Networking, IEEE/ACM Transactions on , Volume: 12 , Issue: 2 , April 2004
Protocol Scrubbing: Network Security Through Transparent Flow Modification
Watson, D.; Smart, M.; Malan, G.R.; Jahanian, F.;
http://ieeexplore.ieee.org/iel5/90/28714/01288131.pdf?tp=&arnumber=1288131&isnumber=28714
A
Wireless Communications, IEEE Volume: 11 , Issue: 1 , Feb. 2004, Pages:48 - 60
Intrusion detection in wireless ad hoc networks
Mishra, A.; Nadkarni, K.; Patcha, A.;
http://ieeexplore.ieee.org/iel5/7742/28409/01269717.pdf?tp=&arnumber=1269717&isnumber=28409
B
2003 ACM workshop on Rapid Malcode
Defensive technology: Detection of injected, dynamically generated, and
obfuscated malicious code
Jesse C. Rabek, Roger I. Khazan, Scott M. Lewandowski, Robert K. Cunningham
http://portal.acm.org/ft_gateway.cfm?id=948201&type=pdf&coll=portal&dl=ACM&CFID=20709989&CFTOKEN=60080505
C
2003 ACM Trans. on Information and System Security (TISSEC),Volume 6 Issue 2
BlueBoX: A policy-driven, host-based intrusion detection system
Suresh N. Chari, Pau-Chen Cheng
http://portal.acm.org/ft_gateway.cfm?id=762477&type=pdf&coll=portal&dl=ACM&CFID=20709989&CFTOKEN=60080505
D
2002 conference on Computer and communications security
Intrusion detection: Mimicry attacks on host-based intrusion detection systems
David Wagner, Paolo Soto
http://portal.acm.org/ft_gateway.cfm?id=586145&type=pdf&coll=portal&dl=ACM&CFID=20709989&CFTOKEN=60080505
E
Discuss the role of LIDS in the context of Intrusion Detection /
Intrusion Prevention. Material on www.lids.rg, e.g.
http://www.lids.org/document/fosdem-ksec.pdf
Literature
Any of the following books is fine. If you already have one of these books,
just use the one. The course will follow Amoroso's book.
1) ISBN 1578701856, Rebecca Gurley Bace, Dec. 1999
2) ISBN 0966670078, Edward G. Amoroso, Feb 1999.
There is also a list of articles to be studied. See a prel. list as specified
in the course content.
Lecturers
To be determined.
Examiner
Nahid Shahmehri and Germano Caronni
Examination
Part one: actiive participation, and presentation.
Part two: reading materials, project, project report, and presentation.
Credit
7 credits.
Comments
Page responsible: Anne Moe