COSC 7397 Network Intrusion Detection
Fall 2007, Section 06218
- Title: Network Intrusion Detection
- Course Number: COSC 7397
- Section Number: 06218
- Instructor: Stephen Huang,
594-PGH, Email: email@example.com,
- Office Hours: Mon & Wed 2:30-4:00 and by appointment
- Class Room: SEC-203
- Course Website: http://www.cs.uh.edu/~acl/cs7397/
- Prerequisites: Graduate standing with the following courses: network,
data structures and algorithms, operating systems.
Courses in AI, pattern recognition, data mining, and statistics may be helpful.
Concepts of intrusion detection, anomaly detection, signature-based detection,
automated response to attacks, tracing intruders, security policy languages,
network tools for intrusion detection.
- Major topics:
- Stepping Stone Detection
- Anomaly Detection
- Incident Response
- Textbooks and References:
Instructor's notes and journal/conference papers.
A list of reference books is given below.
(1) Edward Amoroso, Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Responses, Intrusion.Net Books, Sparta, New Jersey, 1999.
(2) Stephen Northcutt and Judy Novak, Network Intrusion Detection, 3rd Ed., New Riders, 2003.
(3) Carl Endorf, Eugene Schultz, and Jim Mellander, Intrusion Detection and Prevention, McGraw Hill, 2004.
(4) Jack Koziol, Intrusion Detection with Snort, Sams Publishing, 2003.
(5) Edward Amoroso, Fundamentals of Computer Security Technology, Prentice-Hall, 1994.
- Grading: Presentation and class participation (40%), Homework (20%),
Project and Report (40%).
The project may be (1) a paper on a project exploring some aspect of intrusion
detection sufficient to produce a technical report or conference paper, or
(2) a report on the research and acquisition of an existing intrusion detection
tool, and to modify it to meet a threat for which the tool was not intended to apply.
In either case, the writing must be in the form suitable for publication.