Discussion - 1.0 hours
Summary of Course Content
I. Introduction to computer security
II. Overview of intrusion detection methods
III. The many threats computers and networks are vulnerable to
IV. Anomaly detection
V. Misuse detection
VI. Machine learning methods with application to intrusion detection
VII. Correlation methods to detection multi-stage attacks
VIII. Traceback methods
IX. Automated response
Project, primarily to research and acquire an existing intrusion detection tool, and to modify it to meet a threat for which the tool was not intended to apply.
E. Amoroso, Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Responses, Intrusion.Net Books, Sparta, New Jersey, 1999
Potential Course Overlap
ECS 236 is an advanced and specialized class in computer security, emphasizing the new area of intrusion detection which uses concepts from other disciplines, including artificial intelligence, programming languages, statistics, operating systems, networks, and theory of computing. It naturally complements ECS 235, which is a general overview of computer security; ECS 235 provides good background for ECS 236, but not all that is covered in 235 is essential. No other courses constitute a significant overlap.