ISA 674, Intrusion Detection - Fall 2012

[Class Schedule] [Projects] [Intrusion Detection Resources]

Instructor: Angelos Stavrou
Lecture: Wednesdays 7:20 - 10:00pm
Nguyen Engineering Building 5358
Office Hours: Wednesday 4:30 - 6:30pm and by appointment
Office: Research I, Rm 437
Email: astavrou(_)

Teaching Assistant: Rahul Murmuria
CS TA Room
Office Hours: Monday 4-6PM

Course Description:

The objective of this course is to provide an in depth introduction to the science and art of intrusion detection. The course covers methodologies, techniques, and tools for monitoring events in computer system or network, with the objective of preventing and detecting unwanted process activity and recovering from malicious behavior.

The class consists of lectures and a series of interactive research oriented seminars. Topics covered include: overview of intrusions, history and state of the art of intrusion detection, the principles and techniques of intrusion detection including signature-based techniques and anomaly detection, the limitations and open problems of intrusion detection, advanced persistent threats, evasion techniques and countermeasures against intrusion detection, case studies of intrusion detection systems against real-world threats and malware. In addition to the principles and techniques of intrusion detection, the course will have suibstantial hands-on components.

Course Outcomes:


ISA 656 and ISA 562 or permission of the instructor. The coursework will include substantial hands-on projects;
in order to be able to complete the projects, the students must be comfortable with basic security principles and networking.


Both the class books are available through the GMU bookstore

The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, Patrick Engebretson, Publication Date: August 4, 2011 | ISBN-10: 1597496553 | ISBN-13: 978-1597496551
Available by:[GMU Bookstore] [Amazon]

Data Mining and Machine Learning in Cybersecurity, Sumeet Dua and Xian Du
Publication Date: April 25, 2011 | ISBN-10: 1439839425 | ISBN-13: 978-1439839423
Available by: [GMU Bookstore] [Amazon]

Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century, Ryan Trost,
Publication Date: June 24, 2009 | ISBN-10: 0321591801 | ISBN-13: 978-0321591807
Available by:[Online through Safari]


The students must achieve a total score of at least 90 (out of 100) to be considered for an A. This class is an upper-level class and is geared towards understanding the fundamental concepts behind Security for Computer systems. The students will be expected to participate in large projects under the guidance of the instructor.

Computer Accounts:

All students should have accounts on the central Mason Unix system (also known as
and on IT&E Unix cluster (Instructions and related links are here). Please read the FAQ if you have any questions. Students can work in IT&E computer labs for programming projects during the specified hours.

Please read the University's Academic Honesty Page and GMU Honor Code.
Violations of the Honor Code will result penalties imposed by the university and/or the CS department.

Disability Statement

If you have a documented learning disability or other condition that may affect academic performance you should:
1) Make sure this documentation is on file with the Office of Disability Services.
All academic accommodations must be arranged through the ODS.
2) Talk with me to discuss your accommodation needs.

Other Usefull Resources
Writing Center: A114 Robinson Hall; (703) 993-1200;
University Libraries: “Ask a Librarian”
Counseling and Phychological Services (CAPS): (703) 993-2380;
University Policies: The University Catalog,, is the central resource
for university policies affecting student, faculty, and staff conduct in university affairs.