This course explores the use of network and host based intrusion detection systems (IDS) as part of an organization’s overall security posture. A variety of approaches, models, analyzes, and algorithms along with the practical concerns of deploying IDS in an enterprise environment will be discussed. Topics include the products, architectures, and components of IDS, host and network based IDS, network analysis, IDS technologies, Machine Learning, Linux Firewall IPTables, and Tor Networking. The use of ROC (receiver operating characteristic/curves) to discuss false positives, false negatives, precision recall graphs, and missed detection trade – offs as well as discussions of current research topics will provide a comprehensive understanding of when and how IDS can complement host and network security. A variety of IDS tools will be used to collect and analyze potential attacks to include; OSSEC, Tripwire, Snort, Suricata, Neo4j, Zeek (new name Bro), Keras, and Rapid Miner. The course will use virtual machines in labs and assignments to provide hands-on experience with IDS including using test data to quantitatively compare different IDS’s. Exploration & attack labs are conducted to learn the value of incident respone.
01/22/2024 - 05/07/2024