TUM Logo

Intrusion Detection Systems

Intrusion Detection Systems  

Seminare 2sws / 5,0ects (Kursbeschreibung)
Veranstalter: Mohammad Reza Norouzian
Zeit und Ort:

Tuesday, 14-16:00 Uhr 01.08.033, Besprechungsraum (5608.01.033)

Beginn: 2018-04-17

The lecture is given in english
The slides are available in english

News

  • Kick-off meeting slide can be found here . If you could not attend the meeting, no problem. You can also apply by sending your short CV to Mohammad Norouzian (norouzian@sec.in.tum.de) and choosing the course on the matching system.
  • Bachelor students can take the seminar as well.
  • Introduction slides can be found here .

Preliminary meeting

Preliminary meeting: Tuesday, January 29, 2018 at 13:30 in room 01.08.033.

Registration

Participants are registered by the instructor based on the results of matching.

Contents

An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity. The most common classification is either in network (NIDS) or host-based (HIDS) intrusion detection systems, in reference to what is monitored by the IDS. Network based intrusion detection attempts to identify unauthorized, illicit, and anomalous behavior based solely on network traffic. A network IDS, using either a network tap, span port, or hub collects packets that traverse a given network. Using the captured data, the IDS system processes and flags any suspicious traffic. One approach to classify attacks is using anomaly detection method based on machine learning algorithms. Students involve reading and writing papers regarding the basis and state-of-the-art of IDS specially in anomaly detection domain.

Prerequisites

Basics of IT security

Objective

The goal for students is to be acquainted with methods, algorithms and technologies in intrusion detection systems, how to identify malicious activities and how to address the challenges in this domain.

Schedule for Presentations

 

Title Speaker Date

Kick-off meeting

Mohammad Norouzian

29.01.18

Introductory information
Division of papers

Mohammad Norouzian

17.04.18
Anomaly Detection: A Survey Christian von Pentz

 

 

05.06.18

iDeFEND: Intrusion Detection Framework for Encrypted Network Data
BlindBox: Deep Packet Inspection over Encrypted Traffic 
Ali Sami Kardaslar
A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection Ehsaan Qadir
A Novel Hybrid Intrusion Detection Method Integrating Anomaly Detection with Misuse Detection Mohamed Khalil Ayari 

 


12.06.18

SCADA-specific Intrusion Detection Prevention Systems: A Survey and Taxonomy Dana Novanova
Exploiting Traffic Periodicity in Industrial Networks Leon Imhof

 

 

19.06.18

Towards Learning Normality for Anomaly Detection in Industrial Control Networks Felix Hoops
Adversarial Attacks Against Intrusion Detection Systems: Taxonomy, Solutions and Open Issues Tobias Feil
Network Intrusion Detection Based on Semi-supervised Variational Auto-Encoder  Michael Hesse 

 

26.06.18 

Stealthy Deception Attacks Against SCADA Systems Robert Junge
Analysis of Network Traffic Features for Anomaly Detection  Philipp Eichstetter 

 

03.07.18 

A Deep Learning Approach to Network Intrusion Detection Sirus Shahbakhti
Fast Portscan Detection Using Sequential Hypothesis Testing  Jonas Donhauser 

 

10.07.18

   

 

Topics

Surveys:
Anomaly Detection: A Survey (Christian von Pentz)

Anomaly-based network intrusion detection: Techniques, systems and challenges (Khalil Ayari)

An overview of anomaly detection techniques: Existing solutions and latest technological trends (Ali Sami Kardaslar )

Network Anomaly Detection:Methods, Systems and Tools (Philipp Eichstetter)

A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection (Ehsaan Qadir)

ICS domain:
SENAMI: Selective Non-Invasive Active Monitoring for ICS Intrusion Detection (Christian von Pentz)

Accurate Modeling of the Siemens S7 SCADA Protocol for Intrusion Detection and Digital Forensics (Dana Novanova)

iDeFEND: Intrusion Detection Framework for Encrypted Network Data (Ali Sami Kardaslar )

BlindBox: Deep Packet Inspection over Encrypted Traffic (Ali Sami Kardaslar )

SCADA-specific Intrusion Detection Prevention Systems: A Survey and Taxonomy (Dana Novanova)

Exploiting Traffic Periodicity in Industrial Networks (Leon Imhof)

Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network (Felix Hoops)

Sequence-aware Intrusion Detection in Industrial Control Systems (Leon Imhof)

Towards Learning Normality for Anomaly Detection in Industrial Control Networks (Felix Hoops)

On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems (Robert Junge)

Stealthy Deception Attacks Against SCADA Systems (Robert Junge)

Analyzing Cyber-Physical Attacks on Networked Industrial Control Systems (Jonas Donhauser)

Exploiting Siemens Simatic S7 PLCs

Others:
An Overview of IP Flow-Based Intrusion Detection (Tobias Feil)

Bro: A System for Detecting Network Intruders in Real-Time (Sirus Shahbakhti)

Network Intrusion Detection Based on Semi-supervised Variational Auto-Encoder (Michael Hesse)

Intrusion Detection in Computer Networks by a Modular Ensemble of One-Class Classifiers (Ehsaan Qadir)

A novel hybrid intrusion detection method integrating anomaly detection with misuse detection (Khalil Ayari)

Toward an efficient and scalable feature selection approach for internet traffic classification (Michael Hesse)

Analysis of Network Traffic Features for Anomaly Detection (Philipp Eichstetter)

Adversarial Attacks Against Intrusion Detection Systems: Taxonomy, Solutions and Open Issues (Tobias Feil)

A Deep Learning Approach to Network Intrusion Detection (Sirus Shahbakhti)

Fast Portscan Detection Using Sequential Hypothesis Testing (Jonas Donhauser)

Report Guidelines

How to write a seminar report (link)

Students are strongly encouraged to use Springer LNCS manuscript submission guidelines

Avoid making common report writing mistakes: Download the general guidelines