Stochastic Methods for Detecting Intruders in Computer Networks 3.4.KRK.12TY.SMWISK
The objective of this course is to introduce students to stochastic methods of detecting inappropriate, incorrect, or anomalous activities targeted at computers and networking resources. The first part of the course concerns host-based Intrusion Detection (ID) systems - ID systems that operate on a host to detect malicious activity on that host. The second part concerns Network-based ID systems – ID systems that operate on Network data flows. Both parts of the course contain necessary mathematical tools - basics on probability, elements of statistical inference, data smoothing technics, Markov chains and Bayesian methods. The host based ID contains, in particular, methods of detecting masqueraders - method of uniqueness, Bayes one-step Markov, hybrid multi-step Markov, and the method of compression. Network ID contains an overview of supervised and unsupervised network anomaly ID techniques, feature extraction and analysis, method of outliers detection, and portscan detection using sequential hypothesis testing.
Course coordinators
Learning outcomes
After successful completion of this course the student should be able to:
-Describe the basic ideas behind the stochastic approach to ID and the most efficient methods of ID
-Measure user or system behavior and create the profile by introducing some relevant parameters, like intensity of activity, logins, etc.
-Compare the coherence between the current and the stored profile and determine the threshold value for the decision (alarm)
Bibliography
-S. Northcutt – Network Intrusion Detection, New Riders, 1999
(also third ed. 2003)
-E. Amoroso – Intrusion Detection: An Introduction to Internet
Surveillance, Correlation, Trace Back, Traps, and Response, Intrusion Net
Books 1999
-T. Escamilla – Intrusion Detection: Network Security Beyond the Firewall,
Wiley 1998.
- D.J. Marchette – Computer Intrusion Detection and Network Monitoring,
-Nong Ye – Secure Computer and Network Systems. Modeling, Analysis
-articles
-Szmit M., Tomaszewski M., Lisiak D., Politowska I, 13 Najpopularniejszych sieciowych ataków na twój komputer.
Wykrywanie, usuwanie skutków i zapobieganie, Helion, 2008.
Additional information
Additional information (registration calendar, class conductors, localization and schedules of classes), might be available in the USOSweb system: