CS 697 - Directed Reading : Intrusion Detection

This course was an Independent Study approved by Dr. Lein Harn.
Find my Presentation Slides at the bottom of this page.

Syllabus

Introduction.

  • What Is Intrusion Detection?
  • Network- vs. Host-based Intrusion Detection.
  • Anatomy of an Intrusion Detection System.
  • Anatomy of an Intrusion Detection Process.
  • Traditional Audit versus Intrusion Detection.
  • Conceptual View of Misuse Detection.

Network-Based Intrusion Detection Systems.

  • Network-based Detection.
  • Architecture.
  • Distributed Network-Node Architecture.
  • The Network Intrusion Detection Engine.
  • Operational Concept.
  • Benefits of Network-based Intrusion Detection.
  • Challenges for Network-based Technologies.

Host-Based Intrusion Detection Systems.

  • Host-based Detection.
  • Architecture.
  • Operational Concept.
  • Policy Management.
  • Benefits of Host-based Intrusion Detection.
  • Challenges for Host-based Technologies.

Detection Technology and Techniques.

  • Network Detection Mechanisms.
  • Packet Content Signatures.
  • Packet Header (Traffic) Analysis.
  • Host-based Signatures.
  • Single Event Signatures.
  • Multi-event Signatures.
  • Multi-host Signatures.
  • Enterprise Signatures.
  • Compound (Network and Host) Signatures.
  • Signature Detection Mechanisms.
  • Embedded.
  • Programmable.
  • Expert System.
  • Statistical Analysis.
  • Meta-language.
  • Artificial Intelligence (Artificial Neural Network)

Intrusion Detection Myths.

  • The Network Intrusion Detection Myth.
  • The False-Positive Myth.
  • The Automated Anomaly Detection Myth.
  • The Real-time Requirement Myth.
  • Inside the Firewall equals Insider Threat Detection.
  • The Automated Response Myth.
  • The Artificial Intelligence Myth.

Effective Use.

  • Detecting Outsider Misuse (Hackers).
  • Detecting Insider Misuse.
  • Attack Anticipation (Extended Attacks).
  • Surveillance.
  • Policy Compliance Monitoring.
  • Damage Assessment.

Behavioral Data Forensics in Intrusion Detection.

  • Data Mining.
  • Real-World Examples of Behavioral Data Forensics.
  • Data Mining Techniques.

Operational Use.

  • Background Operation.
  • On-demand Operation.
  • Scheduled Operation.
  • Real-time Operation.
  • Incident Response.

Intrusion Detection Project Lifecycle.

  • Project Phases.
  • Resource Estimates.
  • Calculating Total Cost of Ownership.
  • Project Planning/requirements Analysis.
  • Acquisition.
  • Pilot Phase.
  • Deployment Phase.
  • Tuning.
  • Deployment Issues.
  • Policy Management.
  • Maintenance.

Commercial Intrusion Detection Tools.

Legal Issues.

Presentation slides

[set 1]  [set 2]  [set 3]   [set 4]

 

My grade:    A