TUM Logo

Intrusion Detection System

Intrusion Detection System  

Seminare 2 SWS / 5,0 ECTS
Veranstalter: Mohammad Reza Norouzian
Beginn: 2017-04-27

The lecture is given in english
The slides are available in english
The exam will be in english


  • Slides from the kick-off meeting can be found here . If you could not attend the meeting, no problem. You can also apply by sending your short CV to Mohammad Norouzian (norouzian@sec.in.tum.de) and choosing the course on the matching system.
  • Bachelor students can take the seminar as well.

Preliminary meeting

Preliminary meeting: Tuesday, January 24, 2017 at 17:00 in room 01.08.033.

Participation on the preliminary meeting is obligatory.


Participants are registered by the instructor based on the results of matching.


An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity. The most common classification is either in network (NIDS) or host-based (HIDS) intrusion detection systems, in reference to what is monitored by the IDS. Network based intrusion detection attempts to identify unauthorized, illicit, and anomalous behavior based solely on network traffic. A network IDS, using either a network tap, span port, or hub collects packets that traverse a given network. Using the captured data, the IDS system processes and flags any suspicious traffic. One approach to classify attacks is using anomaly detection method based on machine learning algorithms. Students involve reading and writing papers regarding the basis and state-of-the-art of IDS specially in anomaly detection domain.


Basics of IT security


The goal for students is to be acquainted with methods, algorithms and technologies in intrusion detection systems, how to identify malicious activities and how to address the challenges in this domain.

Tasks for students

Students will be assigned with core + individual papers. After studying the papers, students are required to write a short report about the chosen papers and make a presentation + discussion.

Presentation Guidelines

Each student/group makes a presentation about the given paper(s). The time given for the presentation is 30 minutes, including discussion. We recommend to take 20 minutes for actual presentation and leave around 10 minutes for discussion. Presentations should be in a style of conference/workshop talks. A good presentation will:

  • give correct and accurately displayed information about the paper,
  • present all the important points of the paper,
  • contain an understandable explanation for your colleague students, especially about the used method and the results of the paper,
  • initiate a good discussion.

Schedule for Presentations

First, please don't forget to select your time slot for paper selection in Doodle.


Title Speaker Date

Kick-off meeting

Mohammad Norouzian


Introductory information

Making Groups

Mohammad Norouzian


Rules and Regulations

Mohammad Norouzian


Anomaly Detection: A Survey

Group 1

Anomaly Detection: A Survey

Group 2

Anomaly Detection: A Survey

Group 3

Anomaly Detection: A Survey

Group 4

Core Papers Presentation (Group 1)

Group 1


Core Papers Presentation (Group 2)

Group 2

Core Papers Presentation (Group 3)

Group 3

Core Papers Presentation (Group 4)

Group 4

ENAMI: Selective Non-Invasive Active Monitoring for ICS Intrusion Detection

Zachary Stone


Automatic Construction of Statechart-Based Anomaly Detection Models for Multi-Threaded Industrial Control Systems

Sri Vigneswara Anne

Sequence-aware Intrusion Detection in Industrial Control Systems

Karsten Lauck

Neural Network Based Intrusion Detection System for Critical Infrastructures

Li Nguyen

Towards Learning Normality for Anomaly Detection in Industrial Control Networks

Simon Huber

Machine Learning for Power System Disturbance and Cyber-attack Discrimination

Khiem Tom-That


A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection

Francois Aubet

Analysis of The Impact of Sampling on NetFlow Traffic Classification

Sergei Drugalev

TOPASE: Detection and Prevention of Brute Force Attacks with Disciplined IPs from IDS Logs

Marc Müller

A Hybrid System for Reducing The False Alarm Rate of Anomaly Intrusion Detection System

Christoph Putz

Adversarial Attacks Against Intrusion Detection Systems: Taxonomy, Solutions and Open Issues

David Bonauer


CANN: An Intrusion Detection System Based on Combining Cluster Centers and Nearest Neighbors

Mathias Mayer

Toward an Efficient and Scalable Feature Selection Approach for Internet Traffic Classification

Donika Mirdita

Analysis of Network Traffic Features for Anomaly Detection

Daniel Sel


  • The deadline for core paper report is 08.06.17.
  • Each student has to select his/her individual paper assignmnet regarding to our doodle time slots till 08.06.17.
  • The deaadline for individual paper report is 13.07.17.


Report Guidlines

Avoid making common report writing mistakes: Download the general guidelines

Students are strongly encouraged to use Springer LNCS/LNAI manuscript submission guidelines.

Download the LaTeX template

Students should not aspire to write a long but boring report. A charming report should be clear, compact and easy to follow.


Download the PDF version of "How to Write a Seminar Report".


In a report writing, it is necessary to stick more closely to the original and to preserve something of the progression of the argument from the source. The process of reproducing another writer’s text in your own words without attempting to reduce the length of the passage substantially is known as paraphrasing. If you set out to reproduce another writer’s ideas and arguments but at considerably less length and in less detail, then you are summarizing it.


The art of paraphrasing consists of re-creating an original text in its entirety using your own words, not those of the author. It can be particularly useful if your reader might have difficulty in following the original text. Here are some tips for you to produce an effective paraphrase:

  • You should, as much as possible, avoid quoting from the original.
  • If the author uses a particularly distinctive word or phrase that you wish to retain, then you should put it in quotation marks.
  • To avoid the pitfall of plagiarism, you can treat a paraphrase as if it were a piece of reported speech (in other words, X says/states/confirms/expresses/reports, etc. that ...)
  • If the passage has an emotional quality, however, you can help to convey this by beginning “X complains/insists/gleefully that ...”. Similarly, if the author is presenting an argument or responding to arguments put forward by someone else, you can register that fact by saying “X argues/admits/counters this argument by suggesting that ...”
  • When you have completed a paraphrase, you should always check it against the original to ensure that you have not omitted anything important.



Summarizing is an extremely useful writing skill for a researcher. For instance, you can easily find yourself in the position of having to pare down your text to
fit the space available (e.g. due to the page-limit of a conference paper). It is also often useful to provide a summary of your argument to wind up a lecture, report, or dissertation. A summary should be between 1/3 or 1/4 of the length of the original. Under these conditions, there is seldom any reason to keep the wording of the original. Here are some tips for you to make an effective summary:

  • Read through the whole passage carefully and make sure that you have understood it.
  • Identify and note down its main points, the essential ideas or pieces of informati
  • Science Research Writing for Non-Native Speakers of English
  • Cambridge Advanced Grammar in Use
  • How (and How Not) to Write a Good Systems Paper
  • How (and How Not) to Write a Good Systems Paper
  • on that the writer wishes to convey to the reader.
  • Check the order of main points is the most effective order.
  • It is easier to condense a piece of poor writing than a piece of good writing, because poor writing is often loosely structured and padded out with largely irrelevant material or simple verbiage.
  • To fit a large amount of information into succinctly words, you may resort to longer and more formal words and more complex grammatical constructions than you might normally use.

Always check your summary for clarity.

Other Resources


Science Research Writing for Non-Native Speakers of English
Cambridge Advanced Grammar in Use

How (and How Not) to Write a Good Systems Paper


How (and How Not) to Write a Good Systems Paper