This course explores the use of intrusion detection systems (IDS) as part of an organization's overall security posture. A variety of approaches, models, and algorithms along with the practical concerns of deploying IDS in an enterprise environment will be discussed. Topics include the history of IDS, anomaly and misuse detection for both host and network environments, and policy and legal issues surrounding the use of IDS. The use of ROC (receiver operating characteristic) curves to discuss false positives and missed detection tradeoffs as well as discussion of current research topics will provide a comprehensive understanding of when and how IDS can complement host and network security. TCPDump and Snort will be used in student assignments to collect and analyze potential attacks.
605.202 Data Structures; 605.101 Introduction to Python or knowledge of Python.