This course will give an introduction to the data and methodologies of computer intrusion detection. The focus will be on statistical and machine learning approaches to detection of attacks of various types, including denial of service attacks, viruses, and information gathering probes. Topics covered include:

• Basics of TCP/IP networking
• Collecting and analyzing network statistics
• Network-based intrusions
• Host-based intrusions
• User and machine profiling
• Computer viruses, worms, and trojans
• Covert channels

Students should have a working knowledge of a computer language. A basic statistics course is also recommended.

Text:
Computer Intrusion Detection and Network Monitoring: a statistical viewpoint, David Marchette, Springer, 2001. (The text will be supplemented by readings of various, relevant articles.)

Lecture Schedule:

• Lecture1: Administrivia and Introduction. Basic Computer Security Overview.
• Lecture2: TCP/IP basics. Useful utilities.
• Lecture3: Pattern Recognition, Data Analysis and Statistics Background.
• Lecture4: Network Tomography and Network Traffic Statistics.
• Lecture5: Mapping the Internet, Graphs, and Visualization. Evaluation of Intrusion Detection Systems (IDS).
• Lecture6: Common Network Attacks, Network Based IDS Systems.
• Lecture7: Activity Profiling, Anomaly Detection.
• Lecture8: Common Host Attacks, NIDES.
• Lecture9: Computer Immunology, User Profiling.
• Lecture10: Computer Viruses, Epidemiology, Worms. Computer Immunology Revisited.
• Lecture11: Trojan Programs, Covert Channels.
• Lecture12: Steganography.

Depending on the class size, and hence the number of student project presentations, some of these lectures may need to be compressed, to make room for the presentations.

|Home |Directions |Seminars |Research |Courses |Scholarship |Fellowships |Internships |Jobs |Alumni |Faculty |Projects |Sponsors |About |Director's Page |

---

Designated as a Center of Academic Excellence in Information Assurance Education by the National Security Agency

---

	The Committee on National Security Systems and the National Security Agency have certified that George Mason University offers a set of courseware that has been reviewed by National Level Information Assurance Subject Matter Experts and determined to meet National Training Standards for Information Systems Security Professionals, NSTISSI No. 4011, 4012, and 4013 for academic years 2005 - 2008.

---

---

The Information Assurance Scholarship Program is open to U.S. Citizens pursuing undergraduate, masters, and doctoral degrees from the Centers of Academic Excellence in Information Assurance Education

---

Copyright © 1994-2004 Center for Secure Information Systems, George Mason University.