Intrusion Detection System

Seminare	2 SWS / 5,0 ECTS
Veranstalter:	Mohammad Reza Norouzian
Beginn:	2017-04-27

The lecture is given in english

The slides are available in english

The exam will be in english

News

Slides from the kick-off meeting can be found here . If you could not attend the meeting, no problem. You can also apply by sending your short CV to Mohammad Norouzian (norouzian@sec.in.tum.de) and choosing the course on the matching system.
Bachelor students can take the seminar as well.

Preliminary meeting

Preliminary meeting: Tuesday, January 24, 2017 at 17:00 in room 01.08.033.

Participation on the preliminary meeting is obligatory.

Registration

Participants are registered by the instructor based on the results of matching.

An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity. The most common classification is either in network (NIDS) or host-based (HIDS) intrusion detection systems, in reference to what is monitored by the IDS. Network based intrusion detection attempts to identify unauthorized, illicit, and anomalous behavior based solely on network traffic. A network IDS, using either a network tap, span port, or hub collects packets that traverse a given network. Using the captured data, the IDS system processes and flags any suspicious traffic. One approach to classify attacks is using anomaly detection method based on machine learning algorithms. Students involve reading and writing papers regarding the basis and state-of-the-art of IDS specially in anomaly detection domain.

Prerequisites

Basics of IT security

Objective

The goal for students is to be acquainted with methods, algorithms and technologies in intrusion detection systems, how to identify malicious activities and how to address the challenges in this domain.

Tasks for students

Students will be assigned with core + individual papers. After studying the papers, students are required to write a short report about the chosen papers and make a presentation + discussion.

Presentation Guidelines

Each student/group makes a presentation about the given paper(s). The time given for the presentation is 30 minutes, including discussion. We recommend to take 20 minutes for actual presentation and leave around 10 minutes for discussion. Presentations should be in a style of conference/workshop talks. A good presentation will:

give correct and accurately displayed information about the paper,
present all the important points of the paper,
contain an understandable explanation for your colleague students, especially about the used method and the results of the paper,
initiate a good discussion.

Schedule for Presentations

First, please don't forget to select your time slot for paper selection in Doodle.

Title	Speaker	Date
Kick-off meeting	Mohammad Norouzian	24.01.17
Introductory information Making Groups	Mohammad Norouzian	27.04.17
Rules and Regulations	Mohammad Norouzian	04.05.17
Anomaly Detection: A Survey	Group 1
Anomaly Detection: A Survey	Group 2
Anomaly Detection: A Survey	Group 3
Anomaly Detection: A Survey	Group 4
Core Papers Presentation (Group 1)	Group 1	08.06.17
Core Papers Presentation (Group 2)	Group 2
Core Papers Presentation (Group 3)	Group 3
Core Papers Presentation (Group 4)	Group 4
ENAMI: Selective Non-Invasive Active Monitoring for ICS Intrusion Detection	Zachary Stone	06.07.17
Automatic Construction of Statechart-Based Anomaly Detection Models for Multi-Threaded Industrial Control Systems	Sri Vigneswara Anne
Sequence-aware Intrusion Detection in Industrial Control Systems	Karsten Lauck
Neural Network Based Intrusion Detection System for Critical Infrastructures	Li Nguyen
Towards Learning Normality for Anomaly Detection in Industrial Control Networks	Simon Huber
Machine Learning for Power System Disturbance and Cyber-attack Discrimination	Khiem Tom-That	13.07.17
A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection	Francois Aubet
Analysis of The Impact of Sampling on NetFlow Traffic Classification	Sergei Drugalev
TOPASE: Detection and Prevention of Brute Force Attacks with Disciplined IPs from IDS Logs	Marc Müller
A Hybrid System for Reducing The False Alarm Rate of Anomaly Intrusion Detection System	Christoph Putz
Adversarial Attacks Against Intrusion Detection Systems: Taxonomy, Solutions and Open Issues	David Bonauer	20.07.17
CANN: An Intrusion Detection System Based on Combining Cluster Centers and Nearest Neighbors	Mathias Mayer
Toward an Efficient and Scalable Feature Selection Approach for Internet Traffic Classification	Donika Mirdita
Analysis of Network Traffic Features for Anomaly Detection	Daniel Sel

Deadlines

The deadline for core paper report is 08.06.17.
Each student has to select his/her individual paper assignmnet regarding to our doodle time slots till 08.06.17.
The deaadline for individual paper report is 13.07.17.

Report Guidlines

Avoid making common report writing mistakes: Download the general guidelines

Students are strongly encouraged to use Springer LNCS/LNAI manuscript submission guidelines.

Download the LaTeX template

Students should not aspire to write a long but boring report. A charming report should be clear, compact and easy to follow.

Download the PDF version of "How to Write a Seminar Report".

PARAPHRASING AND SUMMARIZING

In a report writing, it is necessary to stick more closely to the original and to preserve something of the progression of the argument from the source. The process of reproducing another writer’s text in your own words without attempting to reduce the length of the passage substantially is known as paraphrasing. If you set out to reproduce another writer’s ideas and arguments but at considerably less length and in less detail, then you are summarizing it.

Paraphrasing

The art of paraphrasing consists of re-creating an original text in its entirety using your own words, not those of the author. It can be particularly useful if your reader might have difficulty in following the original text. Here are some tips for you to produce an effective paraphrase:

You should, as much as possible, avoid quoting from the original.
If the author uses a particularly distinctive word or phrase that you wish to retain, then you should put it in quotation marks.
To avoid the pitfall of plagiarism, you can treat a paraphrase as if it were a piece of reported speech (in other words, X says/states/confirms/expresses/reports, etc. that ...)
If the passage has an emotional quality, however, you can help to convey this by beginning “X complains/insists/gleefully that ...”. Similarly, if the author is presenting an argument or responding to arguments put forward by someone else, you can register that fact by saying “X argues/admits/counters this argument by suggesting that ...”
When you have completed a paraphrase, you should always check it against the original to ensure that you have not omitted anything important.

Summarizing

Summarizing is an extremely useful writing skill for a researcher. For instance, you can easily find yourself in the position of having to pare down your text to
fit the space available (e.g. due to the page-limit of a conference paper). It is also often useful to provide a summary of your argument to wind up a lecture, report, or dissertation. A summary should be between 1/3 or 1/4 of the length of the original. Under these conditions, there is seldom any reason to keep the wording of the original. Here are some tips for you to make an effective summary:

Read through the whole passage carefully and make sure that you have understood it.
Identify and note down its main points, the essential ideas or pieces of informati
Science Research Writing for Non-Native Speakers of English
Cambridge Advanced Grammar in Use
How (and How Not) to Write a Good Systems Paper
How (and How Not) to Write a Good Systems Paper
Check the order of main points is the most effective order.
It is easier to condense a piece of poor writing than a piece of good writing, because poor writing is often loosely structured and padded out with largely irrelevant material or simple verbiage.
To fit a large amount of information into succinctly words, you may resort to longer and more formal words and more complex grammatical constructions than you might normally use.

Always check your summary for clarity.

Other Resources

Science Research Writing for Non-Native Speakers of English

Cambridge Advanced Grammar in Use

How (and How Not) to Write a Good Systems Paper