Display language
To modulepage Generate PDF

#41116 / #1

Seit WiSe 2023/24


Intelligent Security Lab


Rieck, Konrad




Fakultät IV

Institut für Softwaretechnik und Theoretische Informatik

34353000 FG Maschinelles Lernen und IT-Sicherheit

No information


No information

Rieck, Konrad


Learning Outcomes

The students acquire knowledge and skills in developing intelligent security systems. These systems use machine learning to analyze and detect security threats. After completion of the module, the student are able to select and apply techniques for data preprocessing and feature extraction on security data. They can compare, apply and evaluate learning algorithms for different security tasks. They know how experimental evaluations are designed and conducted. Finally, they are aware of potential ethical risks of intelligent security systems and critically reflect on their role in society and policy.


The lab is a hands-on course that explores the development and evaluation of intelligent security systems. The lab introduces relevant strategies and methods for combining machine learning and security. This includes designing feature spaces and embeddings, selecting learning concepts, applying learning algorithms to security data, and conducting experimental evaluations. The considered security tasks may include - Attack detection in different data formats - Malware analysis and detection - Privacy analysis using machine learning - Detection of adversarial machine learning As security threats regularly change, the specific tasks will be selected and announced individually in each semester.

Module Components


All Courses are mandatory.

Course NameTypeNumberCycleLanguageSWSVZ
Intelligent Security LabPRWiSeEnglish4

Workload and Credit Points

Intelligent Security Lab (PR):

Workload descriptionMultiplierHoursTotal
Weekly meetings15.04.0h60.0h
Lab tasks6.020.0h120.0h
180.0h(~6 LP)
The Workload of the module sums up to 180.0 Hours. Therefore the module contains 6 Credits.

Description of Teaching and Learning Methods

The lab is structured into six units, each spanning two weeks. Each unit focuses on a specific security task and the development of a corresponding security system, such as systems for detecting network intrusions or malicious code. The unit begins with an overview of the task, covering relevant principles, methods and tools. After the overview, the students work in small groups and develop learning-based systems for 2-4 variants of the security task. The lab uses weekly meetings to provide guidance on the tasks and discussion among students. The meetings take place mainly online via a chat platform. However, physical meetings can also be arranged at the beginning, middle, and end of the course.

Requirements for participation and examination

Desirable prerequisites for participation in the courses:

- Good programming skills in Python - Good knowledge of machine learning and computer security. The lecture "Machine Learning for Computer Security" provides a perfect preparation for the course.

Mandatory requirements for the module test application:

No information

Module completion



Type of exam

Portfolio examination

Type of portfolio examination

100 Punkte pro Element



Test elements

(Learning process review) Unit 1 (Spam Filtering)100practicalSecurity task; 2-4 variants
(Learning process review) Unit 2 (Malware Detection)100practicalSecurity task; 2-4 variants
(Learning process review) Unit 3 (Malware Clustering)100practicalSecurity task; 2-4 variants
(Learning process review) Unit 4100practicalSecurity task; 2-4 variants
(Learning process review) Unit 5100practicalSecurity task; 2-4 variants
(Learning process review) Unit 6100practicalSecurity task; 2-4 variants

Grading scale

At least 60 points in average needed to pass.

Test description (Module completion)

Each unit addresses a specific security task and the development of learning-based systems for this task. For example, the first unit usually deals with spam filtering. The students develop learning-based spam filters for different data sets containing normal and spam emails (variants of the task). Other topics for the units include malware detection and malware clustering. As security threats regularly change, the specific tasks will be selected and announced individually in each semester. The performance of the developed learning-based systems is evaluated using a specified performance measure, such as the accuracy for spam filtering. The students receive points for their solutions and the achieved performance values. There is a total of 100 points for each unit. To pass the lab, students must successfully complete at least 60% of all points.

Duration of the Module

The following number of semesters is estimated for taking and completing the module:
1 Semester.

This module may be commenced in the following semesters:

Maximum Number of Participants

The maximum capacity of students is 50.

Registration Procedures

Registrations for the course are handled using the teaching platform ISIS.

Recommended reading, Lecture notes

Lecture notes

Availability:  unavailable


Electronical lecture notes

Availability:  unavailable



Recommended literature
No recommended literature given

Assigned Degree Programs

This module is used in the following Degree Programs (new System):

Studiengang / StuPOStuPOsVerwendungenErste VerwendungLetzte Verwendung
Computer Engineering (M. Sc.)15WiSe 2023/24WiSe 2023/24
Computer Science (Informatik) (M. Sc.)16WiSe 2023/24WiSe 2023/24
Elektrotechnik (M. Sc.)13WiSe 2023/24WiSe 2023/24
Information Systems Management (Wirtschaftsinformatik) (M. Sc.)12WiSe 2023/24WiSe 2023/24


No information