SCHOOL OF INFORMATION TECHNOLOGY AND ENGINEERING
Department of Electrical and Computer Engineering
Telecommunications Program
George Mason University
TCOM 690: Intrusion Detection and Forensics
Fall 2006
Course:
Section 001, Tuesday, 7:20pm - 10:00pm
Location:
IN 333
Announcements:
Course Objectives:
At the conclusion of this course the student will have learned why and how intrusion detection systems are used and how they are applied in the forensics area. The student will also know how to implement an intrusion detection system, analyze packets, and construct signatures. The student will also have advanced knowledge of prevention and response technologies and other leading areas of research in intrusion detection and forensics.
Prerequisite:
TCOM 509
Schedule of Classes (subject to change):
- Week 1 - 8/29 - Course overview and TCP/IP review
- Week 2 - 9/5 - Packet Analysis Part 1
- Week 3 - 9/12 - Packet Analysis Part 2 - HW1
- Week 4 - 9/19 - Fundamentals of IDS Part 1 - HW#1 due by beginning of class time.
- Week 5 - 9/26 - Fundamentals of IDS Part 2
- Week 6 - 10/3 - Introduction to Snort - Submit research paper chosen for final exam.
- Week 7 - 10/10 - No Class - Columbus Day
- Week 8 - 10/17 - Mid-term exam (no class)
- Week 9 - 10/24 - Snort Signatures and Analysis (Midterm due by beginning of class time) - HW2
- Week 10 - 10/31 - Advanced Intrusion Detection and Intrusion Prevention Techniques
- Week 11 - 11/7 - Alert Correlation for Incident and Forensic Analysis - HW#2 due by beginning of class time. - HW3
- Week 12 - 11/14 - Advanced IDS Methods for Behavior Analysis and Proactive Forensics
- Week 13 - 11/21 - HW3 due. Student presentations.
- Week 14 - 11/28 - Guest Lecturer: Becky Pinkard
- Week 15 - 12/5 - Final exam (no class). Final is due Dec. 12 by normal class time (7:20).
Textbook:
No required textbook. Reading will be assigned from various Internet sites and published research papers.
Grading Policy:
Homework: 30%
Mid-term: 30%
Final Paper: 40%
Note: Late homework will be accepted with 10% penalty for each day past due, but will no longer be accepted once the homework is discussed in class.
Office Hours:
Tuesdays before class from 6 - 7:15pm in Science and Technology II, Room 235. Also by appointment.
Resources:
Bace, Becky. Intrusion Detection. Sams. 1st edition. 1999.
Orebaugh, Angela. Ethereal Packet Sniffing. Syngress. 2004.
Caswell, Brian, Snort 2.1 Intrusion Detection, Second Edition. Syngress. 2004.
Rehman, Rafeeq. Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID. Prentice Hall. 2003.
Rash, Mike. Intrusion Prevention and Active Response: Deploying Network and Host IPS. Syngress. 2005.
Northcutt, Stephen. Network Intrusion Detection, 3rd Edition. New Riders. 2003.
Northcutt, Stephen. Intrusion Signatures and Analysis. New Riders. 2001.
Mohay, George. Computer and Intrusion Forensics. Artech House Publishers. 2006.
Marchette, David. Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. Springer. 2001.
Jajodia, Sushil, Daniel Barbara. Applications of Data Mining in Computer Security. Springer. 2002.