{"id":3452,"date":"2021-05-11T13:20:22","date_gmt":"2021-05-11T12:20:22","guid":{"rendered":"https:\/\/cyberschool.univ-rennes.fr\/?page_id=3452"},"modified":"2026-03-12T14:28:23","modified_gmt":"2026-03-12T13:28:23","slug":"intrusion-detection-systems","status":"publish","type":"page","link":"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/","title":{"rendered":"Intrusion Detection Systems"},"content":{"rendered":"\n
\n
\n
\n

<\/span><\/span>Teaching goals<\/h2>\n

This course will teach you the techniques, tools and methodologies related to defensive cyber warfare. Competencies commonly used by SOC, CERT, and CTI teams such as threat analysis, intrusion detection, and digital investigation will be covered.<\/p>\n\n <\/div>\n <\/div>\n<\/section>\n\n\n\n

\n
\n
\n

<\/span><\/span>Course description<\/h2>\n
\n

CTI \u2013 Threatanalysis<\/em><\/p>\n

    \n
  • Intelligence Cyber gathering<\/li>\n
  • Executive intelligence production<\/li>\n
  • Application of intelligence for detection<\/li>\n
  • Intelligence sharing and consolidation languages (STIX, OpenC2, TAXII, \u2026)<\/li>\n
  • Modelling op\u00e9rating modes, tactics, and attack techniques (ATT&CK)<\/li>\n<\/ul>\n

    SOC \u2013 Intrusion destection\u00a0<\/em><\/p>\n

      \n
    • Intrusion detection context<\/li>\n
    • Regulatory and legal framework of detection and response to incidents<\/li>\n
    • Collection and analysis of journals and events (HIDS, EDR, \u2026)<\/li>\n
    • Collection and analysis of network data (NIDS, NetFlow, \u2026)<\/li>\n
    • Aggregation, enrichment, and correlation mechanisms within a SIEM.<\/li>\n<\/ul>\n

      CERT \u2013 Computer forsenics\u00a0<\/em><\/p>\n

        \n
      • Incident response stages<\/li>\n
      • Detecting compromises<\/li>\n
      • Forsenic analysis (disks, memory and network)<\/li>\n
      • Malware analysis and producing compromise indicators<\/li>\n
      • SOC\/CSIRT team organization and training<\/li>\n<\/ul>\n<\/div>\n\n <\/div>\n <\/div>\n<\/section>\n\n\n
        \n
        \n
        \n

        <\/span><\/span>Keywords<\/h2>\n

        SOC, CERT, Cyber Threat Intelligence, Operations.<\/p>\n\n <\/div>\n

        \n

        <\/span><\/span>Prerequisites<\/h2>\n
        \n
          \n
        • Knowledge of TCP\/IP protocols<\/li>\n
        • Basic knowledge of system administration<\/li>\n
        • Knowledge of operating system architectures<\/li>\n
        • Basic knowledge of Python<\/li>\n<\/ul>\n<\/div>\n\n <\/div>\n <\/div>\n<\/section>\n\n\n\n
          \n
          \n
          \n

          <\/span><\/span>Bibliography<\/h2>\n
          \n
            \n
          • Building Threat Hunting Strategies with the Diamond Model, by Sergio Caltagirone, 2016<\/li>\n
          • Guide to Cyber Threat Information Sharing, by Chris Johnson, Lee Badger, David Waltermire, Julie Snyder and Clem Skorupka, 2016<\/li>\n
          • Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains, by Eric M. Hutchins, Michael J. Cloppert, Rohan M. Amin, 2011<\/li>\n
          • Traffic Light Protocol, by Cybersecurity & infrastructure security agency (CISA)<\/li>\n
          • Prestataires de d\u00e9tection d\u2019incidents de s\u00e9curit\u00e9 : R\u00e9f\u00e9rentiel d\u2019exigences, by Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information (ANSSI), 2017<\/li>\n
          • Integrated Cyber Defense (ICD) Conceptual Reference Model: White paper, by Alexander P. Lee and Jared C. Moon, 2019<\/li>\n<\/ul>\n<\/div>\n\n <\/div>\n <\/div>\n<\/section>\n\n\n\n
            \n
            \n
            \n

            <\/span><\/span>Biographies<\/h2>\n
            \n

            Georges Bossert<\/strong> is product manager in charge of SEKOIA engineering and intelligence. He is specialized in scaling recent intrusion detection technologies, new valuations of new generation SIEMs (EDR, XDR\u2026), TTP follow up, detection and correction (SOAR) harmonization and automatization, indicator sharing and interoperability CTI\/SOC\/CERT-CSIRT (Fusion Center). He has a doctorate in cybersecurity from CentraleSupelec with a focus on communication protocol back-engineering.<\/p>\n

            Fr\u00e9d\u00e9ric Guih\u00e9ry<\/strong> is in charge of R&D and Innovations at AMOSSYS in Rennes. The focus of his work is designing secure architectures, the increased security for OS, confidence in information technology, and most recently defensive cyber warfare . He is also specialized in program and protocol back-engineering, in particular through Netzob. Fr\u00e9d\u00e9ric received his master\u2019s in information system security from IFSIC at the University of Rennes in 2008. At AMOSSYS, he managed and contributed to several research projects with academic and industrial partners. Fr\u00e9d\u00e9ric has presented his work at several conferences such as CCC, Black Hat, ICCC, ECW, and SSTIC.<\/p>\n<\/div>\n\n <\/div>\n <\/div>\n<\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"featured_media":0,"parent":11707,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"acf":[],"yoast_head":"\nIntrusion Detection Systems - CyberSchool<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Intrusion Detection Systems - CyberSchool\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/\" \/>\n<meta property=\"og:site_name\" content=\"CyberSchool\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/CSchoolRennes\/\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-12T13:28:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cyberschool.univ-rennes.fr\/app\/uploads\/2021\/02\/cover-social-network.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1500\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@CSchoolRennes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/\",\"url\":\"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/\",\"name\":\"Intrusion Detection Systems - CyberSchool\",\"isPartOf\":{\"@id\":\"https:\/\/cyberschool.univ-rennes.fr\/en\/#website\"},\"datePublished\":\"2021-05-11T12:20:22+00:00\",\"dateModified\":\"2026-03-12T13:28:23+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cyberschool.univ-rennes.fr\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Education\",\"item\":\"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Master\u2019s and postgraduate programmes\",\"item\":\"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Master\u2019s Cybersecurity, Science of Software and Hardware Security\",\"item\":\"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Study programme of the Master\u2019s Cybersecurity, Science of Software and Hardware Security\",\"item\":\"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/\"},{\"@type\":\"ListItem\",\"position\":6,\"name\":\"Intrusion Detection Systems\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cyberschool.univ-rennes.fr\/en\/#website\",\"url\":\"https:\/\/cyberschool.univ-rennes.fr\/en\/\",\"name\":\"CyberSchool\",\"description\":\"Just another WordPress site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cyberschool.univ-rennes.fr\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Intrusion Detection Systems - CyberSchool","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/","og_locale":"en_US","og_type":"article","og_title":"Intrusion Detection Systems - CyberSchool","og_url":"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/","og_site_name":"CyberSchool","article_publisher":"https:\/\/www.facebook.com\/CSchoolRennes\/","article_modified_time":"2026-03-12T13:28:23+00:00","og_image":[{"width":1500,"height":500,"url":"https:\/\/cyberschool.univ-rennes.fr\/app\/uploads\/2021\/02\/cover-social-network.jpeg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@CSchoolRennes","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/","url":"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/","name":"Intrusion Detection Systems - CyberSchool","isPartOf":{"@id":"https:\/\/cyberschool.univ-rennes.fr\/en\/#website"},"datePublished":"2021-05-11T12:20:22+00:00","dateModified":"2026-03-12T13:28:23+00:00","breadcrumb":{"@id":"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/intrusion-detection-systems\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cyberschool.univ-rennes.fr\/en\/"},{"@type":"ListItem","position":2,"name":"Education","item":"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/"},{"@type":"ListItem","position":3,"name":"Master\u2019s and postgraduate programmes","item":"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/"},{"@type":"ListItem","position":4,"name":"Master\u2019s Cybersecurity, Science of Software and Hardware Security","item":"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/"},{"@type":"ListItem","position":5,"name":"Study programme of the Master\u2019s Cybersecurity, Science of Software and Hardware Security","item":"https:\/\/cyberschool.univ-rennes.fr\/en\/education\/masters-and-postgraduate-programmes\/masters-cybersecurity-science-of-software-and-hardware-security\/study-programme-of-the-masters-cybersecurity-science-of-software-and-hardware-security\/"},{"@type":"ListItem","position":6,"name":"Intrusion Detection Systems"}]},{"@type":"WebSite","@id":"https:\/\/cyberschool.univ-rennes.fr\/en\/#website","url":"https:\/\/cyberschool.univ-rennes.fr\/en\/","name":"CyberSchool","description":"Just another WordPress site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cyberschool.univ-rennes.fr\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/cyberschool.univ-rennes.fr\/en\/wp-json\/wp\/v2\/pages\/3452"}],"collection":[{"href":"https:\/\/cyberschool.univ-rennes.fr\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/cyberschool.univ-rennes.fr\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/cyberschool.univ-rennes.fr\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberschool.univ-rennes.fr\/en\/wp-json\/wp\/v2\/comments?post=3452"}],"version-history":[{"count":19,"href":"https:\/\/cyberschool.univ-rennes.fr\/en\/wp-json\/wp\/v2\/pages\/3452\/revisions"}],"predecessor-version":[{"id":18442,"href":"https:\/\/cyberschool.univ-rennes.fr\/en\/wp-json\/wp\/v2\/pages\/3452\/revisions\/18442"}],"up":[{"embeddable":true,"href":"https:\/\/cyberschool.univ-rennes.fr\/en\/wp-json\/wp\/v2\/pages\/11707"}],"wp:attachment":[{"href":"https:\/\/cyberschool.univ-rennes.fr\/en\/wp-json\/wp\/v2\/media?parent=3452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}