Computer Networksknowledge~30 mins

Intrusion Detection Systems (IDS) in Computer Networks - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Practice Challenge Project Recall Time

Intrusion Detection Systems (IDS) Basics

📖 Scenario: You are a network administrator setting up a simple overview of an Intrusion Detection System (IDS) to understand how it works in monitoring network traffic for suspicious activities.

🎯 Goal: Build a step-by-step conceptual model of an IDS using simple data structures and logic to represent monitored network events and detection rules.

📋 What You'll Learn

Create a data structure to hold network events with exact event types and sources

Add a configuration variable to specify a suspicious activity threshold

Implement logic to identify events that exceed the threshold

Complete the model by marking detected suspicious events clearly

💡 Why This Matters

🌍 Real World

Network administrators use IDS to monitor and detect unusual activities that may indicate security threats.

💼 Career

Understanding IDS basics helps cybersecurity professionals identify and respond to potential intrusions effectively.

Progress0 / 4 steps

Create the network events data structure

Create a dictionary called network_events with these exact entries: 'login_failure': 5, 'port_scan': 3, 'malware_alert': 1, 'data_exfiltration': 0

Computer Networks

# Create the dictionary network_events with the specified entries
# Your code here

Need a hint?

Use a Python dictionary with event names as keys and their counts as values.

Set the suspicious activity threshold

Create a variable called suspicious_threshold and set it to 2 to represent the minimum number of events considered suspicious

Computer Networks

network_events = {'login_failure': 5, 'port_scan': 3, 'malware_alert': 1, 'data_exfiltration': 0}
# Create suspicious_threshold variable and set it to 2
# Your code here

Need a hint?

This variable helps decide which events are suspicious based on their count.

Identify suspicious events

Create a list called suspicious_events that includes all event names from network_events where the event count is greater than or equal to suspicious_threshold using a for loop

Computer Networks

network_events = {'login_failure': 5, 'port_scan': 3, 'malware_alert': 1, 'data_exfiltration': 0}
suspicious_threshold = 2
# Create suspicious_events list with event names meeting or exceeding the threshold
# Your code here

Need a hint?

Use a for loop to check each event's count and add the event name to the list if it meets the threshold.

Mark detected suspicious events

Create a dictionary called detected_alerts where keys are event names from network_events and values are True if the event is in suspicious_events, otherwise False, using dictionary comprehension

Computer Networks

network_events = {'login_failure': 5, 'port_scan': 3, 'malware_alert': 1, 'data_exfiltration': 0}
suspicious_threshold = 2
suspicious_events = []
for event, count in network_events.items():
    if count >= suspicious_threshold:
        suspicious_events.append(event)
# Create detected_alerts dictionary marking suspicious events as True
# Your code here

Need a hint?

Use dictionary comprehension to create a new dictionary with True or False values based on suspicious_events membership.