Courses

TECH 58100 Intrusion Detection & Prevention Systems

This course will cover the fundamental concepts and design implications required to develop and implement intrusion detection and prevention systems that address security violations in computer systems. Topics to be covered include: main classes of attacks against computer systems, taxonomy and architecture of intrusion detection and prevention systems, network traffic analysis and feature extraction algorithms, signature and anomaly based techniques, key heuristic based and machine learning based techniques and algorithms for intrusion detection, artificial neural networks (ANNs), and ANN-based embedded systems for intrusion detection. Intrusion detection and prevention systems performance evaluation and issues related to security and defense in depth will also be addressed.

Prerequisites: Programming skills up to data structures and knowledge of statistics will be useful. Basic knowledge of information technology principles and architectures.

Time & Place

6:30pm-9:30pm
Monday
129 Powers

Textbook

Network Intrusion Detection and Prevention: Concepts and Techniques
Ali A. Ghorbani, Wei Lu, Mahbod Tavallaee

Data Mining: Practical Machine Learning Tools and Techniques
Witten, Frank

Instructor

Ricardo A. Calix, Ph.D.
Computer Information Technology and Graphics
Purdue University Calumet
ricardo.calix@purduecal.edu

Office Hours

Tuesday and Thursday (2-4 PM)
279 Gyte

Reading Materials

reading list
 

Assignments

Assignments: There will be 4 individual assignments with informal lab demonstrations plus one final project with a formal in-class presentation. Graduate students will have one additional writing assignment associated with the final project.

The grading of each assignment:

Implementation

To be determined.

Documentation

To be determined.

Demonstration

The live, in-lab demonstration and description of your completed project. Be ready for this.

Lagniappe

Something extra. You are free to enhance your submission in any way you like. Your addition should be creative.

 

Useful Code

Example problems will be provided as required. 

We will use the following software:

  1. MatLab
  2. Python
  3. Seed Ubuntu VM
  4. Weka
  5. Octave

The following libraries may be of use.

  1. Arduino
  2. LibSVM
  3. ANN
  4. Darpa 98 corpus and NSL-KDD corpus

 

Calendar Fall 2013 (Subject to change)

Sun Mon Tue Wed Thu Fri Sat
Aug 18 Aug 19 Aug 20
L1: The IDS System Pipeline
Aug 21


 
Aug 22
Lab 1: The IDS System Pipeline
Aug 23 Aug 24
Aug 25 Aug 26 Aug 27

L2: IDS System Background

Aug 28
 

 
Aug 29

Lab 2: Packet Sniffing and Spoofing

Aug 30 Aug 31
Sept 1 Sept 2
 
Sept 3

 

Sept 4
 

 

Sept 5
 

Sept 6 Sept 7
Sept 8 Sept 9 Sept 10
L4: Detection approaches, sniffers, and IDS architectures
Sept 11
 

 
Sept 12
Lab 4: Packet Sniffing and Spoofing
Sept 13 Sept 14
Sept 15 Sept 16 Sept 17
L5: Machine Learning for Intrusion Detection Systems
 
Sept 18
 
 
Sept 19
Lab 5: WireShark, sniffing, and data collection, Darpa 98 Corpus, Weka  
Sept 20 Sept 21
Sept 22 Sept 23 Sept 24
L6: Optimization and Cost functions
Sept 25
 
 
Sept 26
Lab 6: Weka and Darpa 98 corpus
Sept 27 Sept 28
Sept 29 Sept 30 Oct 1
L7: Machine Learning Usage, Theoretical foundation of detection

Oct 2
 

 

Oct 3
Midterm Exam
Oct 4 Oct 5
Oct 6 Oct 7 Oct 8
 

 

Oct 9

 

Oct 10
 
Oct 11
 
Oct 12
Oct 13 Oct 14 Oct 15
L9: IPSs,  Dimensionality reduction, PCA, feature ranking
Oct 16 Oct 17
Lab 9: Weka Experimenter and dimensionality reduction
Oct 18 Oct 19
Oct 20 Oct 21 Oct 22       L10: Malware and Network Attacks, Anomaly Detection and Gaussian Distributions Oct 23
 
Oct 24

Lab 10:  TCP/IP Attacks

 

Oct 25 Oct 26
Oct 27 Oct 28 Oct 29

L11: Snort

 

Oct 30

Oct 31
Lab 11: Snort and Python, TCP/IP Attacks

Project Prototype Demo

Nov 1 Nov 2
Nov 3 Nov 4 Nov 5
L12: Logistic Regression, Artificial Neural Networks
Nov 6
 

 

Nov 7
Lab 12: Cognimem SDK
Nov 8 Nov 9
Nov 10 Nov 11 Nov 12
L13: Firewalls     
Nov 13 Nov 14
Lab 13: Firewalls   
Nov 15 Nov 16
Nov 17 Nov 18 Nov 19
L14: Evaluation criteria, Alert management and correlation, and Clustering
Nov 20
 

 

Nov 21
Lab 14: K-means clustering and KNN classification
Nov 22
 
Nov 23
Nov 24 Nov 25 Nov 26

L15: Intrusion Response, Hidden Markov Models for IDS Systems

 

Nov 27
 
Nov 28

 

 

Nov 29
 
Nov 30
Dec 1 Dec 2

Concentrated Study

Dec 3
Term Project Presentations
Dec 4

Concentrated Study

Dec 5
Course Wrap-up
Dec 6
Concentrated Study
Dec 7
Dec 8 Dec 9
Finals
Dec 10
Finals
Dec 11
Finals
Dec 12
Finals
Dec 13
Finals
Dec 14