Cyber Defense Monitoring Solutions

Allikas: Kursused
Mine navigeerimisribale Mine otsikasti

Basic information

  • Course Code -- ITX8071
  • Credit Points -- 6.0 EAP
  • Course Language -- English
  • Course Schedule -- the course will be lectured from 17:45 to 21:00 on every Tuesday of fall semester 2023. Note that some lectures are taking place in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)", while remaining lectures and all labs are arranged in room ICT-401.
  • Course Materials -- use the registration code w7Xz53c for accessing all course slides and pre-recorded lecture videos in Moodle.

Detailed Course Schedule

  • September 5 2023 (introduction to the course, lecture of module 1) -- room ICT-401
  • September 12 2023 (lab of module 1) -- room ICT-401
  • September 19 2023 (lab of module 2) -- room ICT-401
  • September 26 2023 (lecture of module 3) -- MS Teams
  • October 3 2023 (lab of module 3) -- room ICT-401
  • October 10 2023 (lab of module 4) -- room ICT-401
  • October 17 2023 (lecture of module 5) -- room ICT-401
  • October 24 2023 (lab of module 5) -- room ICT-401
  • October 31 2023 (lecture of module 6) -- room ICT-401
  • November 7 2023 (lab of module 6) -- room ICT-401
  • November 14 2023 (lecture of module 7) -- room ICT-401
  • November 21 2023 (lab of module 7) -- MS Teams
  • November 28 2023 (lecture of module 8) -- room ICT-401
  • December 5 2023 (lab of module 8) -- room ICT-401
  • December 12 2023 (lecture of module 9) -- MS Teams
  • December 19 2023 (lab of module 9) -- room ICT-401

Independent work during the semester

For attending the course, the following course materials have to be independently studied in Moodle by given deadlines:

  • lecture materials of module 2 ("Introduction to packet filtering with the Linux netfilter firewall") by September 19 2023
  • lecture materials of module 3 ("Regular expression language") by September 26 2023
  • lecture materials of module 4 ("Introduction to Perl regular expressions") by October 10 2023
  • lecture materials of module 5 ("Syslog-ng framework") by October 17 2023
  • lecture materials of module 6 ("Introduction to event correlation and Simple Event Correlator") by October 31 2023
  • lecture materials of module 7 ("Simple Event Correlator - advanced topics") by November 14 2023
  • lecture materials of module 8 ("Introduction to intrusion detection/prevention and Suricata IDS/IPS") by November 28 2023


During the semester, two homework assignments are given to each student. Both assignments can yield up to 12.5 points, thus the maximum score from homework is 25 points. During the exam, three tasks are given to each student, with each task yielding up to 25 points and the whole exam up to 75 points. The final grade for a student is derived from his/her personal score:

  • score > 90 -- grade 5 (excellent)
  • 80 < score ≤ 90 -- grade 4 (very good)
  • 70 < score ≤ 80 -- grade 3 (good)
  • 60 < score ≤ 70 -- grade 2 (satisfactory)
  • 50 < score ≤ 60 -- grade 1 (pass)
  • score ≤ 50 -- a student has failed to pass

Virtual machine image

For course lab sessions, there is a virtual machine image which has been created with VirtualBox. When importing the image into VirtualBox, don't forget to select the option "Generate new MAC addresses for all network adapters". Also, if you are using the image on a classroom computer, import your virtual machine into the D:\itx8071 directory. In order to run your virtual machine as a node of the classroom network, change the mode of the first network adapter from NAT to Bridged Adapter.

Since the virtual machine is essential for doing homework assignments, it is strongly recommended to also install it on a personal laptop. In order to do that, leave the first network adapter to NAT mode, and change the mode of the second network adapter to Host-only Adapter. The host-only adapter is connected to a special virtual network (e.g., that is not accessible from other hosts and is shared between the host computer and virtual machines. This network can be used for accessing the virtual machine from the host computer and creating setups where several virtual machines need to communicate.

For changing the console keyboard layout of the virtual machine, use the /usr/bin/localectl tool. For example, localectl set-keymap ee sets Estonian keyboard layout for console and localectl set-keymap us sets US keyboard layout for console, while localectl list-keymaps lists all available layouts and localectl status shows the current settings.

Lab sessions

Solutions for past lab sessions are available here.

Note that the last lab of the course on December 19 2023 is a graded lab which provides extra 5 points for participants. During the graded lab, groups of max 3 students have to work on an assignment that is described here. In order to speed up your work during the lab, you can accomplish part of the assignment in advance. To receive points for the graded lab, the assignment solution has to be presented to the lecturers for evaluation during the lab session in ICT-401, and any other submissions are not accepted.

Homework assignments

  • Task1 -- a group work for max 3 students which must be submitted by November 6 2023 23:59 local time.
  • Task2 -- a group work for max 3 students which must be submitted by December 18 2023 23:59 local time.

Solutions to homework assignments should be sent to the e-mail address of the lecturer (given in the title page of each slide module). Together with the solution, full names and student codes of the authors must be listed. You should consider your solution submitted only after its reception has been confirmed by the lecturer.

All submitted solutions should be carefully tested final versions. Please submit the solution only once, and do not send in partial and/or untested work. It is not allowed to submit a partial solution, and use comments from the lecturer for later resubmission of improved version(s). Also, if you wish to submit multiple solutions, you must clearly indicate which one should be used for evaluation. If no such indication is provided, the first solution will be used for evaluating your work, and other solutions are not considered.

Please note that each student can be a (co)author of only one solution (i.e., participation in more than one student group is not allowed). Also note that the list of authors can not be changed after the deadline.

The correct solution with your score will be announced after the deadline.

Solutions submitted after the deadline will not be accepted. Also, it is not possible to redo the homework assignment after the deadline.

Information about the exam

The exam is an open-book exam, but the use of Internet, electronic devices, and digital materials is not permitted. In order to attend the exam, each student must present an ID with a photo and have at least one pen in good working order. During the exam, each student has to accomplish 3 tasks within 3 hours on paper. All paper materials such as printed course slides, paper-based notes, and hardcopy books can be freely used during the exam.

Exam can be taken during one of the following time slots:

  • December 20 2023, 15:45-19:00, room ICT-A1
  • January 3 2024, 15:45-19:00, room ICT-A1
  • January 10, 2024, 15:45-19:00, room ICT-A1
  • January 17, 2024, 15:45-19:00, room ICT-A1

For taking the exam, official registration in OIS is required for one of the examination time slots.

Note that each student can take the exam only once, and in order to get the second try for improving the result, official application for re-examination is required (see below).

While producing his/her final examination work, the student must consider the following:

  • Since there is no defense of the written examination work, the examination work must present full and unambiguous task solutions
  • Each task must have only one clearly presented solution; if multiple solutions are given, only the first one will be evaluated
  • All handwriting in the examination work must be legible
  • No spare pens are provided to students during the exam

The following rules apply during the exam, and failure to follow them will invalidate the examination work of the student:

  • The use of Internet, digital materials, and electronic devices (computers, mobile phones, cameras, etc.) is not permitted for any purposes
  • All electronic devices will have to be switched to silent mode and left on a designated desk for the duration of the exam
  • Any communication between students or with persons not taking the exam is strictly prohibited
  • While the use of printed materials is permitted, it is not allowed to share such materials between students
  • Students can't leave the examination room during the first 60 minutes and the last 30 minutes of the exam
  • Each student can leave the examination room once during the exam for max 10 minutes (only one person can leave the room at a time)
  • When leaving the examination room, the student has to surrender the task sheet to the lecturer (it is prohibited to take any exam-related materials outside the room)
  • When submitting the examination work, the student must also hand over the task sheet
  • It is strictly prohibited to take photos or make any other copies of the task sheet

Re-examination information

Each student is granted one re-examination attempt which requires official application. The student can apply for re-examination after failing a regular exam, or for improving a low grade from a regular exam. Re-examination invalidates any previous grade or intermediate result which was obtained during the semester. During re-examination, 2 assignments have to be accomplished within 1 hour. The final grade is solely based on assignment solutions, and no work from previous exam or semester can be combined with the re-exam.

The re-examination is an open-book exam, but the use of Internet, electronic devices, and digital materials is not permitted, and all rules of the regular exam apply (see above).

Re-exam can be taken on January 17 2024 at 15:45-17:00 in room ICT-A1.

Plagiarism policy

Please note that plagiarized home works and exam works will be rejected without a review, and the university will be notified of the offense. All cases of student plagiarism and other violations of academic practices will be handled according to regulations of the IT faculty.