This course will cover the fundamental concepts and design implications required to develop and implement intrusion detection and prevention systems that address security violations in computer systems. Topics to be covered include: main classes of attacks against computer systems, taxonomy and architecture of intrusion detection and prevention systems, network traffic analysis and feature extraction algorithms, signature and anomaly based techniques, key heuristic based and machine learning based techniques and algorithms for intrusion detection, artificial neural networks (ANNs), and ANN-based embedded systems for intrusion detection. Intrusion detection and prevention systems performance evaluation and issues related to security and defense in depth will also be addressed.
Prerequisites: Programming skills up to data structures and knowledge of statistics will be useful. Basic knowledge of information technology principles and architectures.
Network Intrusion Detection and Prevention: Concepts and Techniques
Ali A. Ghorbani, Wei Lu, Mahbod Tavallaee
Data Mining: Practical Machine Learning Tools and Techniques
Ricardo A. Calix, Ph.D.
Computer Information Technology and Graphics
Purdue University Calumet
Tuesday and Thursday (2-4 PM)
Assignments: There will be 4 individual assignments with informal lab demonstrations plus one final project with a formal in-class presentation. Graduate students will have one additional writing assignment associated with the final project.
The grading of each assignment:
To be determined.
To be determined.
The live, in-lab demonstration and description of your completed project. Be ready for this.
Something extra. You are free to enhance your submission in any way you like. Your addition should be creative.
Example problems will be provided as required.
We will use the following software:
The following libraries may be of use.
|Aug 18||Aug 19||Aug 20
L1: The IDS System Pipeline
Lab 1: The IDS System Pipeline
|Aug 23||Aug 24|
|Aug 25||Aug 26||Aug 27||Aug 28
||Aug 29||Aug 30||Aug 31|
|Sept 1||Sept 2
|Sept 6||Sept 7|
|Sept 8||Sept 9||Sept 10
L4: Detection approaches, sniffers, and IDS architectures
Lab 4: Packet Sniffing and Spoofing
|Sept 13||Sept 14|
|Sept 15||Sept 16||Sept 17
L5: Machine Learning for Intrusion Detection Systems
Lab 5: WireShark, sniffing, and data collection, Darpa 98 Corpus, Weka
|Sept 20||Sept 21|
|Sept 22||Sept 23||Sept 24
L6: Optimization and Cost functions
Lab 6: Weka and Darpa 98 corpus
|Sept 27||Sept 28|
|Sept 29||Sept 30||Oct 1
L7: Machine Learning Usage, Theoretical foundation of detection
|Oct 4||Oct 5|
|Oct 6||Oct 7||Oct 8
|Oct 13||Oct 14||Oct 15
L9: IPSs, Dimensionality reduction, PCA, feature ranking
|Oct 16||Oct 17
Lab 9: Weka Experimenter and dimensionality reduction
|Oct 18||Oct 19|
|Oct 20||Oct 21||Oct 22 L10: Malware and Network Attacks, Anomaly Detection and Gaussian Distributions||Oct 23
|Oct 25||Oct 26|
|Oct 27||Oct 28||Oct 29
Lab 11: Snort and Python, TCP/IP Attacks
|Nov 1||Nov 2|
|Nov 3||Nov 4||Nov 5
L12: Logistic Regression, Artificial Neural Networks
Lab 12: Cognimem SDK
|Nov 8||Nov 9|
|Nov 10||Nov 11||Nov 12
|Nov 13||Nov 14
Lab 13: Firewalls
|Nov 15||Nov 16|
|Nov 17||Nov 18||Nov 19
L14: Evaluation criteria, Alert management and correlation, and Clustering
Lab 14: K-means clustering and KNN classification
|Nov 24||Nov 25||Nov 26
|Dec 1||Dec 2
Term Project Presentations
|Dec 8||Dec 9