ISA 674 Intrusion Detection

Fall 2009


Time and Place: Tuesday 4:30~7:10pm at Engineering, Room 5358

Instructor: Arun Sood

Office: Room 5327 Engineering

Office phone: 703.993.1524

Office hours: Tuesday 3:30~4:30PM or by appointment

Email: asood at gmu dot edu


Teaching Assistant: Eunjung Yoon

Office hours:

Email: eyoon2 at gmu dot edu


Course Description

The current computer security architecture rely mainly on prevention and detection techniques.† These techniques are reactive and typically require packet inspection.† The objective of this course is to provide an introduction to the science and art of intrusion detection. Topics covered include: overview of intrusions, history and state of the art of intrusion detection, the principles and techniques of intrusion detection, the limitations and open problems of intrusion detection, countermeasures against intrusion detection, case study of representative techniques used in intrusion detection systems, forensics, virus and worm defense. We will explore issues related to managing in the presence of an intrusion, and discuss issues related to intrusion tolerance.

Course Outline

Course Prerequisite

ISA 562, ISA 656, or permission by instructor.

The students are expected to have good understanding on operating system internals (e.g. system call internals, run-time memory organization, assembly language of x86). Proficiency in C programming is essential.

Textbook and Readings

There is NO textbook for this course. The course is in form of seminars, and it is based on current research papers!

Lecture Strategy

The instructor will give introductory lectures and discuss research papers.† In addition, we plan to organize guest lectures.† This course will require active student participation.† Students will review the assigned papers and make presentations in class.†


This special topics course will involve extensive instructor student interaction.† The goal is to help each (or group of 2 or 3) student to produce a paper written in IEEE or ACM conference proceeding style.† Student group work will be encouraged, but each student must be able to defend an independent paper and presentation.† Student grade will be based on class presentations, class participation, papers and reports.

The course grade will depend on a mid-term (20%), homework and †research papers (50%) and final (30%).

There is no anticipated grade distribution.†

Award of IN grade:

The IN grade policy as indicated in the catalog will be strictly adhered to. You must provide the necessary back-up documentation (e.g. medical certificate) for your application to be considered favorably. In all circumstances the written request, with all the back up documentation, must be received before the final exam week.

Academic Integrity

Honor Code procedures will be strictly adhered. Students are required to be familiar with the honor code. You must not utilize unauthorized material or consultation in responding to your tests. Violations of the honor code will be reported. Unless otherwise stated, homework assignments must be based on the studentís own effort.

Please be sure that you are aware of all provisions of the GMU Honor Code and Computer Science Department Honor Code

Disability Statement

If you have a documented learning disability or other condition that may affect academic performance you should:

1) make sure this documentation is on file with the Office of Disability ( to determine the accommodations you need; and

2) talk with me to discuss your accommodation needs. All academic accommodations must be arranged through the ODS.