Title
Computer Security: Intrusion Detection Based Approach
Effective Term
2016 Spring Quarter
Learning Activities
Lecture - 3.0 hours
Discussion - 1.0 hours
Description
Concepts of intrusion detection, anomaly detection based on machine learning, signature-based detection using pattern matching, automated response to attacks using artificial intelligence planning, tracing intruders based on principal component analysis, security policy languages.
Prerequisites
ECS 150; ECS 153 recommended.
Enrollment Restrictions
Pass One and Pass Two open to Graduate Students in Computer Science only.
Summary of Course Content
I. Introduction to computer security
II. Overview of intrusion detection methods
III. The many threats computers and networks are vulnerable to
IV. Anomaly detection
V. Misuse detection
VI. Machine learning methods with application to intrusion detection
VII. Correlation methods to detection multi-stage attacks
VIII. Traceback methods
IX. Automated response
Computer Usage:
Project, primarily to research and acquire an existing intrusion detection tool, and to modify it to meet a threat for which the tool was not intended to apply.
Illustrative Reading
E. Amoroso, Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Responses, Intrusion.Net Books, Sparta, New Jersey, 1999
Potential Course Overlap
ECS 236 is an advanced and specialized class in computer security, emphasizing the new area of intrusion detection which uses concepts from other disciplines, including artificial intelligence, programming languages, statistics, operating systems, networks, and theory of computing. It naturally complements ECS 235, which is a general overview of computer security; ECS 235 provides good background for ECS 236, but not all that is covered in 235 is essential. No other courses constitute a significant overlap.
Course Category
