ECS 236: Computer Security: Intrusion Detection Based Approach

ECS 236
Computer Security: Intrusion Detection Based Approach
Effective Term
2016 Spring Quarter
Learning Activities
Lecture - 3.0 hours
Discussion - 1.0 hours
Concepts of intrusion detection, anomaly detection based on machine learning, signature-based detection using pattern matching, automated response to attacks using artificial intelligence planning, tracing intruders based on principal component analysis, security policy languages.
ECS 150; ECS 153 recommended.
Enrollment Restrictions
Pass One and Pass Two open to Graduate Students in Computer Science only.

Summary of Course Content
I. Introduction to computer security

II. Overview of intrusion detection methods

III. The many threats computers and networks are vulnerable to

IV. Anomaly detection

V. Misuse detection

VI. Machine learning methods with application to intrusion detection

VII. Correlation methods to detection multi-stage attacks

VIII. Traceback methods

IX. Automated response

Computer Usage:

Project, primarily to research and acquire an existing intrusion detection tool, and to modify it to meet a threat for which the tool was not intended to apply.

Illustrative Reading
E. Amoroso, Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Responses, Intrusion.Net Books, Sparta, New Jersey, 1999

Potential Course Overlap
ECS 236 is an advanced and specialized class in computer security, emphasizing the new area of intrusion detection which uses concepts from other disciplines, including artificial intelligence, programming languages, statistics, operating systems, networks, and theory of computing. It naturally complements ECS 235, which is a general overview of computer security; ECS 235 provides good background for ECS 236, but not all that is covered in 235 is essential. No other courses constitute a significant overlap.

Course Category