TKK | Tietoverkkolaboratorio | Opetus

S-38.4030 Postgraduate Course on Networking Technology
(5-15 ECTS) P V

Course Topic Spring 2007: Anomaly Detection in the Internet



Latest news:



Introduction

Network operators meet on daily basis different types of unusual network events. Not all of them are deliberately aimed to be malicious. Operators want to detect and classify these anomalies and rectify them quickly and without causing unnecessary network service outages. The main challenge in the detection & classification processes is the diversity of the anomaly nature. Anomalies include (but are definately not limited to) DoS attacks, virus & worm infections and problems related to routing. Equipment failures, unusual traffic patterns and application profiles may also appear as anomalies in the network. Network behavior may be analysed for anomaly detection. At least three different ways to analyse it exist: By applying anomaly algorithms best suited to the attacks they are designed to detect, anomaly detection can proactively identify zero-day worms, malware, acceptable-use policy violations and insider misuse. Because anomaly detection looks for substantial changes in network behavior, it is less prone to false positives, and requires less configuration and ongoing maintenance than many other security methods.

Study information

This instance of the course will produce 5-8 ECTS. The course can be included in post-graduate studies on Networking Technology (major or minor in S38). The credits can also be included in graduate studies on Networking Technology.

Course personnel contact information

Registration

Please register to the course via wwwtopi. Note that the number of participants will be limited.

Course goals

The goal of this course is to introduce the students to the state of the art, existing research and latest developments in the area of anomaly detection. The learning goal of an individual student over the course topic is to
  1. In-depth knowledge on student's assigned topic: On the particular subjects of study the individual student needs to be able to fluently present and evaluate existing solutions and ongoing research. Furthermore, the student must be able to apply his/her knowledge and suggest improvements to the existing research.
  2. Detailed general knowledge on the whole course topic. This means being to able to discuss the other students contributions in the seminar.
To excel in this course and aiming for higher grades the student has to be able to present initial results of the suggested improvements.

Course arrangements

The course main events will be arranged as an interactive seminar. Seminar language will be English. The topics are found here. Check also the course requirements.

If an adequate amount of high-standard papers and presentations emerge they will be published in the Networking Laboratory Series. This may require additional work on the paper!

As always, your comments and suggestions towards improving the seminar are also welcome.

Schedule

The first introduction meeting will be held on 26.1.2007 at 16.00 in D302.
Seminar day for presentations will be announced later. We will aim for some convenient date in May. Check the detailed schedule for more information.

Tietoverkkolaboratorio on nyt osa Tietoliikenne- ja tietoverkkotekniikan laitosta. Tällä sivulla oleva tieto voi olla vanhentunutta.

Kurssien ajantasainen tieto on MyCourses-palvelussa.

Tämän sivun sisällöstä vastaavat ja Webmaster.
Sivua on viimeksi päivitetty 29.01.2007 10:45.
URI: http://www.netlab.tkk.fi/opetus/s384030/k07/index.shtml
[ TKK > Sähkö- ja tietoliikennetekniikan osasto > Tietoverkkolaboratorio > Opetus ]
?Kysy =>Anna palautetta!