TUM Logo

Intrusion Detection Systems

Intrusion Detection Systems  

Seminare 2 SWS / 5 ECTS (Kursbeschreibung)
Veranstalter: Mohammad Reza Norouzian
Zeit und Ort:

Tuesday, 14:00-16:00 01.08.033, Besprechungsraum (5608.01.033)

Beginn: 2019-04-23

The lecture is given in english
The slides are available in english


  • Kick-off meeting slide can be found here . If you could not attend the meeting, no problem. You can also apply by sending your short CV to Mohammad Norouzian (norouzian@sec.in.tum.de) and choosing the course on the matching system.
  • Bachelor students can take the seminar as well.

Kick-Off meeting

kick-off meeting: Tuesday, January 29, 2019 at 17:00 in room 01.08.033.


Participants are registered by the instructor based on the results of matching.


An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity. The most common classification is either in network (NIDS) or host-based (HIDS) intrusion detection systems, in reference to what is monitored by the IDS. Network based intrusion detection attempts to identify unauthorized, illicit, and anomalous behavior based solely on network traffic. A network IDS, using either a network tap, span port, or hub collects packets that traverse a given network. Using the captured data, the IDS system processes and flags any suspicious traffic. One approach to classify attacks is using anomaly detection method based on machine learning algorithms. Students involve reading and writing papers regarding the basis and state-of-the-art of IDS specially in anomaly detection domain.


Basics of IT security


The goal for students is to be acquainted with methods, algorithms and technologies in intrusion detection systems, how to identify malicious activities and how to address the challenges in this domain.

Schedule for Presentations


Title Speaker Date

Kick-off meeting

Mohammad Reza Norouzian


Introductory information
Division of papers

Mohammad Reza Norouzian



Report Guidelines

How to write a seminar report (link)

How to write a great research paper (link)

Students are strongly encouraged to use Springer LNCS manuscript submission guidelines and IEEE Editorial Style Manual

Avoid making common report writing mistakes: Download the general guidelines

Academic Phrasebank (link)

How to Read a Paper (link)


Anomaly Detection: A Survey 

SENAMI: Selective Non-Invasive Active Monitoring for ICS Intrusion Detection 

Accurate Modeling of the Siemens S7 SCADA Protocol for Intrusion Detection and Digital Forensics 

On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems

Stealthy Deception Attacks Against SCADA Systems

Exploiting Siemens Simatic S7 PLCs

Analyzing Cyber-Physical Attacks on Networked Industrial Control Systems

Intrusion Detection in Computer Networks by a Modular Ensemble of One-Class Classifiers

Toward an efficient and scalable feature selection approach for internet traffic classification

Analysis of Network Traffic Features for Anomaly Detection

Adversarial Attacks Against Intrusion Detection Systems: Taxonomy, Solutions and Open Issues

Defense Methods Against Adversarial Examples for Recurrent Neural Networks

State-Aware Anomaly Detection for Industrial Control Systems 

HAMIDS: Hierarchical Monitoring Intrusion Detection System for Industrial Control Systems

Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks

Application of deep learning to cybersecurity: A survey

A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities

Engineering Edge Security in Industrial Control Systems

High-Performance Unsupervised Anomaly Detection for Cyber-Physical System Networks

Time Series Analysis: Unsupervised Anomaly Detection Beyond Outlier Detection

Multivariate Industrial Time Series with Cyber-Attack Simulation: Fault Detection Using an LSTM-based Predictive Data Model

A Taxonomy and Survey of Intrusion Detection System Design Techniques, Network Threats and Datasets

An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems

McPAD : A Multiple Classifier System for Accurate Payload-based Anomaly Detection

DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning

Exploiting Traffic Periodicity in Industrial Networks

An Overview of IP Flow-Based Intrusion Detection

Network Intrusion Detection Based on Semi-supervised Variational Auto-Encoder