This course provides students with an overview of analysis as it applies to information assurance. Analysis is a fundamental part of the information assurance process, and effective analysis informs policy, software development, network operations, and criminal investigations. To enable students to perform effective analysis, the focus of the course is on the analysis process and approach rather than on specific tools. Topics include the collection, use, and presentation of data from a variety of sources (e.g., raw network traffic data, traffic summary records, and log data collected from servers and firewalls). These data are used by a variety of analytical techniques, such as collection approach evaluation, population estimation, hypothesis testing, experiment construction and evaluation, and constructing evidence chains for forensic analysis. Students will construct and critique an analytical architecture, construct security experiments, and retroactively analyze events. The course will also cover selected non-technical ramifications of data collection and analysis, including anonymity, privacy, and legal constraints.
695.601 Foundations of Information Assurance. Familiarity with basic statistical analysis. 695.642 Intrusion Detection or 695.611 Embedded Computer Systems-Vulnerabilities, Intrusions, and Protection Mechanisms is recommended.