THE UNIVERSITY OF CRIMINAL INVESTIGATION AND POLICE STUDIES

DOCTORAL STUDIES

INFORMATION TECHNOLOGY

Course:

Network Intrusion Detection Systems

Course Code: II6

ECTS: 20

Course Status:

Elective

Number of Effective Classes (Per Week): 10

Theoretical Education:

Practical Training:

Research Study Project:

10

-

-

Prerequisite/s: None

Educational Objective: The primary objective of the subject is to define and explain concepts from the domain of detection in computer infrastructure, security, various forms of threats and attacks on computer network. The secondary objective of the course is to help in understanding intrusion detection systems, various technologies in design, implementation, configuration, network monitoring and maintenance of these systems. The course includes methodologies, techniques and tools for tracking events in a computer system, or network, in order to prevent and detect unwanted process activities, as well as to recover from malicious behavior aimed at the computer network. The implementation of intrusion detection systems in the protection of the telecommunication infrastructure of the police.

Projected Outcome: Capability for adequate use of information systems and recognition of the importance of digital data forensics in the process of detecting and proving criminal activities.

Course Contents/Structure

Theoretical education: Intrusion detection systems - definition, role, categorization, architecture, application in different network topologies. Implementation of adequate tools. Licensed and open source tools. Limitations and open problems in the detection of attacks on the network. Permanent advanced threats and defenses against malicious intrusions. Case studies of the intrusion detection system over real threats and malware. Police information systems.

Practical training: Practical introduction with tools for performance analysis and network environment protection for different operating systems. Work with available tools: Spade, Snort, Tcptrack, Nagios, Prelude and others.

Teaching Methods: lectures, modified lectures, seminary papers.

Pre-Exam Obligations

Pre-Exam Obligations

No. of Points

Final Examination

No. of Points

Active participation in classes

10

Written exam

50

Seminary paper

40

 

 

Textbook/s

1. Edited by Vipin Kumar, Jaideep Srivastava, Aleksandar Lazarević: Managing Cyber Threats : issues, approaches and challenges, New York : Springer, 2011.

2. Pleskonjić, D. [et al.]: Sigurnost računarskih sistema i mreža, Beograd : Mikro knjiga, 2007.

3. James F. Kurose, Keith W. Ross: Umrežavanje računara : od vrha ka dnu, Beograd : Računarski fakultet :CET, 2014.

4. K. Scarfone; P. Mell: NIST Special Publication 800-94 : Guide to Intrusion Detection and Prevention Systems (IDPS), Recommendations of the National Institute of Standards and Technology, Gaithersburg : Computer Security Division, National Institute of Standards and Technology, 2007.

5. F. Gong: Deciphering detection techniques : Part II. Anomaly – based intrusion detection, Mcafee Network Security Tehnologies Group, 2003.