Annexure-I

Title of Minor: Cyber Security*

Type and Number of Minor: Disciplinary Minor 2

Description of Minor:
Cyber Security is the study of protecting, recovering and defending computer systems,
devices, and networks against any type of cyber-attacks from both intruders as well as
extruders. All businesses, whether large or small, rely on data on computer systems.
Many devices are used by an individual for network access on a daily basis. Hence,
protecting data and networks from hackers, and protecting businesses against malware,
phishing, social engineering and ransomware types of attacks is the need of the day.
Lack of knowledge related to cyber security exposes an individual to the whole world
of attacks. Hence, provisioning of defense is the best way of ensuring data and
personal security on the virtual internet platform.

Salient Features (of this Minor):

 State-of-the-art cyber security lab
 Experienced faculty members in the domain of cyber security and networks
 Exclusive M.Tech. program in Cyber Security
 Minor program specifically focussing on audit and forensics, personal and
network security, and secured application development

Expected Learning (of this Minor):

 An ability to independently carry out research /investigation and development
work to solve practical problems
 An ability to apply intelligence tools to mitigate challenging problems related
to intrusion detection, digital forensics, and cyber security
 An ability to use state-of-the-art tools and technologies to build secured
network infrastructure and applications
 Imbibe the practice of professional ethics in computing and research to
inculcate intellectual integrity

Employability/Career Prospects: With a Minor in Computer Science, students will

have the versatility to choose from a broad, diverse range of career options, including:
 Secured Application Developer
 Penetration Tester
 Forensics Expert
 Security Administrator
 Security Consultant

Eligibility Requirements including Prerequisites:

 Intake: 75
 Prerequisites: Knowledge of Computer Networks, Digital Systems, Computer
Architecture, Linear Algebra, Probability and Statistics, Knowledge of
Programming Language

Other Related Information (if any): NIL

Course Structure with Teaching and Examination Scheme:

Course Course Name Teaching Examination Scheme

Type Scheme
(hours/week)
L T P C Duration Component
Hours Weightage
SEE CE LPW SEE
Minor Information and 3 0 2 4 3 0.3 0.3 0.4
Course-I Network
Security**
Minor Digital Forensics 3 0 2 4 3 0.3 0.3 0.4
Course-II
Minor Secured 3 0 2 4 3 0.3 0.3 0.4
Course-III Application
Development
Minor System and 3 0 2 4 3 0.3 0.3 0.4
Elective-I Website Audit
Quantum 3 0 2 4 3 0.3 0.3 0.4
Computing**
Blockchain and 3 0 2 4 3 0.3 0.3 0.4
Cryptocurrency
Data Privacy 3 0 2 4 3 0.3 0.3 0.4
Minor Intrusion 3 0 2 4 3 0.3 0.3 0.4
Elective-II Detection and
Prevention
Systems
Embedded 3 0 2 4 3 0.3 0.3 0.4
System Security
Surveillance and 3 0 2 4 3 0.3 0.3 0.4
Analytics
L: Lectures, P/T: Practical / Tutorial, C: Credits SEE: Semester End
Examination
LPW/PW: Laboratory / Project Work CE: Continuous
Evaluation

*Disciplinary Minor will be offered for the students of Computer Science and
Engineering Department, IT-NU.
** Students who have opted for Minor in Cyber Security will not be permitted to
select department electives courses such as Quantum Computing and Network
Security

w.e.f. for the first-year students admitted in 2022-23 and D to D students admitted in
2023-24 onwards
Details of Courses: Available on next pages
NIRMA UNIVERSITY
Institute: Institute of Technology
Name of B.Tech.(CSE)
Programme:
Course Code: XXXX
Course Title: Information and Network Security
Course Type: Minor Core Course – I (Cyber Security) - Disciplinary
Year of 2024-25
Introduction:

L T Practical Component C
LPW PW W S
3 0 2 - - - 4

Overview: Network services play an essential role in communication. This course

explores various security services and mechanisms involving cryptographic algorithms
to prevent cyber-attacks. Students will learn about the mathematical components of
cryptography and have practical exposure to various techniques used in the encryption
and decryption of real world data and applications.

Syllabus: Total Teaching

hours: 45
Unit Syllabus Teaching
hours
Unit-I Security Overview: Significance of Information and network 04
security, what are the hurdles in achieving the same, introduction to
Cryptography, Concepts and terminology

Unit-II Information Security: Classical Encryption Techniques, Block 12

Ciphers and DES, Advanced Encryption Standard (AES), Block
Cipher Operations, Pseudo Random Number Generation and Stream
Ciphers, Mathematical Background (Fermat’s Little Theorem, Euler
Totient Function, Euler’s Theorem Chinese Remainder Theorem etc.),
Public Key Cryptography

Unit-III Network Security: Firewall, Secure Socket Layer (SSL) Architecture 10

and working, Transport Level Security (TLS) including HTTPS,
HTTPS Use, Secure Shell SSH Protocol, port forwarding, Electronic
Mail Security: Email Security Enhancements, Pretty Good Privacy
(PGP), S/MIME, IP Security, IPSec, IPSec key management
Unit-IV Intrusion Detection: Concepts, Intrusion vs. Extrusion Detection 07
Examples of Intrusion Categories of Intruders Hacker Behaviour,
Insider Behaviour, Intrusion Techniques, Password Guessing and
Capture Notification Alarms, Types of IDS, Intrusion Detection
Systems (IDS) and Intrusion Prevention Systems (IPS)

Unit-V Network Threats and Defence: Types of network threats: malware, 06

phishing, DoS, etc., Attack vectors and methods, Understanding
firewalls: types, technologies, and configurations, Access control and
security policies
Unit-VI Virtual Private Networks (VPNs) and Wireless Network Security, 06
VPN principles and types, VPN protocols and encryption, Wireless
network security threats and solutions, Wireless encryption protocols,
Wireless Network Security: IEEE 802.11 Architecture IEEE 802.11
Services Wired Equivalent Privacy (WEP)

Suggested 1. William Stallings, Cryptography and Network Security: Principles

Readings/ and Practice, Pearson
References: 2. D. R. Stinson: Cryptography: Theory and Practice (Discrete
Mathematics and Its Applications), CRC Press.
3. B. Schneier: Applied cryptography: protocols, algorithms, and
source code in C, John Wiley & Sons.
4. Bernard Menezes: Network Security and Cryptography, 1st
Edition, Cengage Learning, Delhi
 NIRMA UNIVERSITY
Institute: Institute of Technology
Name of Programme: B.Tech.(CSE)
Course Code: XXXX
Course Title: Digital Forensics
Course Type: Minor Core Course – II (Cyber Security) - Disciplinary
Year of Introduction: 2024-25

L T Practical Component C
LPW PW W S
3 0 2 - - - 4

Overview: The increase in the usage of digital devices leads to an increase in

cybercrime. Digital forensics helps students understand different attacks and the
process of handling digital evidence related to network and computer forensics, to
name a few.

Syllabus: Total Teaching

hours: 45
Unit Syllabus Teaching
hours
Unit-I Introduction to Ethical Hacking: Difference between 05
Hacking and Ethical hacking, Steps of Ethical Hacking, Tools
for ethical hacking
Unit-II Introduction to Cyber Crime: Types of cybercrime, 03
categories of
cybercrime, Computers' roles in crimes, Prevention from cyber-
crime, Hackers, Crackers, Phreakers
Unit- Digital Forensics and Digital Evidences: Rules for Digital 05
III Forensic, The Need for Digital Forensics, Types of Digital
Forensics, Ethics in Digital Forensics, Types of digital
evidences and their characteristics, Challenges in digital
evidence handling
Unit- Computer Security Incident Response: Introduction to 07
IV Computer Security Incident, Goals of Incident response,
Incident Response Methodology, Formulating Response
Strategy, Incidence Response Process, Data Collection on Unix
based systems
Unit-V Forensic Duplication: Forensic Image Formats, Traditional 05
Duplication, Live System Duplication, Forensic Duplication
tools
Unit- Disk and File System Analysis: Media Analysis Concepts, 06
VI File System Abstraction Model, Partition Identification and
Recovery, Virtual Machine Disk Images, Forensic Containers
Hashing, Carving, Forensic Imaging
Unit- Data Analysis: Data Analysis Methodology, Investigating 04
VII Applications, Malware Handling
Unit- Network Forensics: Technical Exploits and Password 06
 VIII Cracking, Analysing Network Traffic, Collecting Network
based evidence, Evidence Handling, Investigating Routers,
Handling Router Table Manipulation Incidents, Using Routers
as Response Tools
Unit- Forensic Tools: Need and types of computer forensic tools, 04
IX tasks performed by computer forensic tools, Study of different
tools to acquire, search, analyse and store digital evidence

Suggested 1. Jason Luttgens, Matthew Pepe, Kevin Mandia, Incident

Readings/ Response and computer forensics, Tata McGraw Hill.
References: 2. Nilakshi Jain, Dhananjay Kalbande, Digital Forensic: The
fascinating world of Digital Evidences, Wiley India Pvt Ltd.
3. Cory Altheide, Harlan Carvey, Digital forensics with open-
source tools, Syngress Publishing, Inc.
4. Chris McNab, Network Security Assessment, O’Reily.
5. Clint P Garrison, Digital Forensics for Network, Internet,
and Cloud Computing A forensic evidence guide for moving
targets and data, Syngress Publishing, Inc.
6. Bill Nelson, Amelia Phillips, Christopher Steuart, Guide to
Computer Forensics and Investigations, Cengage Learning
7. Debra Littlejohn Shinder Michael Cross Scene of the
Cybercrime: Computer Forensics Handbook, Syngress
Publishing, Inc.
8. Marjie T. Britz, Computer Forensics and Cyber Crime,
Pearson, Preston Galla, How Personal and Internet Security
Work, Que Publications
 NIRMA UNIVERSITY
Institute: Institute of Technology
Name of Programme: B.Tech.(CSE)
Course Code: XXXX
Course Title: Secured Application Development
Course Type: Minor Core Course – III (Cyber Security) - Disciplinary
Year of Introduction: 2024-25

L T Practical Component C
LPW PW W S
3 0 2 - - - 4

Overview: This course focuses on the principles and practices of developing secure
applications. Students will learn about secure coding standards, security testing tools,
and practical skills for building robust, secure software applications.

Syllabus: Total Teaching

hours: 45
Unit Syllabus Teaching
hours
Unit-I Introduction: Introduction to Laws, Standards & Guidelines on Cyber 06
Security, Security v/s Safety, Threats and Risks, Security Attacks-
Type of Attacks, Attack Agents, Security Vulnerabilities.

Unit-II Introduction to Secure Application Development Frameworks: 05

Microsoft Secure Development Lifecycle (SDL), Open Web
Application Security Project (OWASP), Industrial Internet
Consortium (IIC)

Unit-III Secure Application Development Methodologies: Secure Software 06

Development Lifecycle (SSDLC), Guidelines for Secure Software
Development, Principles of Secured Software Development, Security
Practices

Unit-IV Guidelines and standard for Secure Coding: Secure coding 06

guidelines and practices, Input validation and output encoding,
Authentication and authorization, Error handling and logging

Unit-V Web Application Security: Web application vulnerabilities (e.g., 07

SQL injection, XSS, CSRF), Implementing secure session
management, Web application firewalls (WAF), Security headers

Unit-VI Secure Architectural Design: Threat Modelling, Asset, Threat, 08

Attack, Introduction to Data Flow Diagram (DFD), Threat Tree
(Attack Tree), STRIDE, DREAD. Security Architecture.

Unit- Security Testing Tools: Static Application Security Testing (SAST), 07

VII Dynamic Application Security Testing (DAST), Interactive
Application Security Testing (IAST), Vulnerability Assessment &
 Penetration Testing (VAPT)

Suggested 1. Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw and
Readings/ Nancy Mead, Software Security Engineering: A Guide for Project
References: Managers, Addison-Wesley Professional
2. Dafydd Stuttard and Marcus Pinto, The Web Application Hacker's
Handbook, Wiley India
3. Gary McGraw, Software Security: Building Security, Addison-
Wesley.
4. Adam Shostack, Threat Modelling: Designing for Security, John
Wiley and Sons Inc.
5. Mano Paul, 7 Qualities of Highly secure Software, Taylor and
Francis, CRC Press.
6. John Musa D, Software Reliability Engineering, Tata McGraw-
Hill
 NIRMA UNIVERSITY
Institute: Institute of Technology
Name of B.Tech.(CSE)
Programme:
Course Code: XXXX
Course Title: System and Website Audit
Course Type: Minor Elective -I (Cyber Security) - Disciplinary
Year of 2024-25
Introduction:

L T Practical Component C
LPW PW W S
3 0 2 - - - 4

Overview: The System and Website Audit course is designed to equip participants with
the knowledge and skills necessary to conduct comprehensive audits of information
systems and websites. Auditing is a critical component of ensuring data security,
compliance, and the overall health of IT infrastructure. This course covers various
aspects of auditing, including methodologies, tools, and best practices, enabling
participants to assess the security and performance of systems and websites effectively.
Syllabus: Total Teaching
hours: 45
Unit Syllabus Teaching
hours
Unit-I Governance and Management of IT: IT Governance, Information 05
Security Policy Document, IS Management Practices, Organizational
Quality Management.
Unit-II Information Systems auditing: Understanding the organization’s 05
business, The IS audit life-cycle, The IS audit role, The IS auditor
responsibility, authority and accountability, Code of professional
ethics, laws, and regulations
Unit-III Security and Risk Management: Introduction to Security and Risk 15
Management, Understand and Apply Security Concepts, Evaluate and
Apply Security Governance Principles, Data Protection Principles,
Risk
Analysis, Risk Analysis and Assessment, Risk Handling and Security
Control Assessment, Risk Monitoring, Threat Modelling, Third-Party
Risk Management Life Cycle
Unit-IV Introduction, Design and Validate Assessment, Test and Audit 15
Strategies, SOC Reports and Security Assessments, Network
Vulnerability Scan and Web Vulnerability Scan, Penetration Testing
Process and Testing Types, Testing Methods.
Unit-V Protection of Information Assets: IS Network Infrastructure, 05
Protecting Data, Key Elements, Roles, and Responsibilities

Suggested 1. Richard E. Cascarino, Auditor′s Guide to Information Systems

Readings/
References:
 Auditing, Wiley
2. IT Auditing Using Controls to Protect Information Assets,
Third Edition by Mike Kegerreis (Author), Mike Schiller
(Author), Chris Davis (Author), Mc Graw Hill
3. Jack J. Champlain, Auditing Information Systems, Wiley

NIRMA UNIVERSITY
Institute: Institute of Technology
Name of Programme: B.Tech.(CSE)
Course Code: XXXX
Course Title: Quantum Computing
Course Type: Minor Elective -I (Cyber Security) - Disciplinary
Year of Introduction: 2024-25
L T Practical Component C
LPW PW W S
3 0 2 - - - 4

Overview: This course explores the features of quantum computing, like superposition
of states, nonlocality, probabilistic laws, uncertainty, and the implications of the
quantum world on computer science. The course is a technical journey about how the
quantum realm can disrupt the world of Computer Science in terms of Architecture,
Algorithms, Programming Language, Theoretical Computer Science, Cryptography,
Information Theory, and Hardware.
Syllabus: Total Teaching
hours: 45
Unit Syllabus Teaching
hours
Unit-I Complex Numbers: Basics, Algebra of Complex Numbers, Geometry 06
of Complex Numbers, Properties, Examples, Basis, Dimension, Inner
Products and Hilbert Spaces, Eigenvalues and Eigenvectors, Hermitian
and Unitary Matrices, Tensor Product of Vector Spaces
Unit-II Leap from Classical to Quantum: Classical Deterministic Systems, 03
Probabilistic Systems, Quantum Systems, Assembling Systems
Unit-III Basic Quantum Theory: Quantum States, Observables, Measuring, 06
Dynamics, Assembling Quantum Systems, Bits and Qubits, Classical
Gates, Reversible Gates, Quantum Gates
Unit-IV Algorithms: Deutsch’s Algorithm, Deutsch-Jozsa Algorithm, Simon’s 06
Periodicity Algorithm, Grover’s Search Algorithm, Shor’s Factoring
Algorithm
Unit-V Programming Languages: Quantum Assembly Programming, 06
Toward Higher-Level Quantum Programming, Quantum Computation
Before Quantum Computers
Unit-VI Theoretical Computer Science: Deterministic and Nondeterministic 04
Computations, Probabilistic Computations, Quantum Computations
Unit- Cryptography: Quantum Key Exchange Algorithms – BB84, B92 04
VII and EPR Protocols, Quantum Teleportation
Unit- Information Theory: Classical Information and Shannon Entropy, 05
VIII Quantum Information and von Neumann Entropy, Classical and
 Quantum Data Compression, Error Handling Codes
Unit-IX Hardware: Goals and Challenges, Quantum Computers - Ion Traps, 05
Linear Optics, NMR and Superconductors
Suggested 1. Noson S Yanofsky and Mirco A. Mannucci, Quantum Computing
Readings/ for Computer Scientists, Cambridge University Press
References: 2. Vishal Sahni, Quantum Computing, Tata McGraw-Hill Edition
3. Chris Bernhardt, Quantum Computing for Everyone, The MIT
Press

NIRMA UNIVERSITY
Institute: Institute of Technology
Name of Programme: B.Tech.(CSE)
Course Code: XXXX
Course Title: Blockchain and cryptocurrency
Course Type: Minor Elective -I (Cyber Security) - Disciplinary
Year of Introduction: 2024-25

L T Practical Component C
LPW PW W S
3 0 2 - - - 4

Overview: This course aims to understand the features and importance of blockchain
technology to enhance the security of various industrial applications. Blockchain is a
versatile technology beyond cryptocurrencies, offering a distributed ledger with solid
security features. It has applications in various fields like time stamping, event
logging, e-governance, and more. Researchers and companies are exploring uses like
identity management, health records, IoT, etc.
Syllabus: Total Teaching
hours: 45
Unit Syllabus Teaching
hours
Unit-I Introduction to Blockchain: Need, Blockchain 1.0 to 5.0, types of 08
blockchain, Generic elements of a blockchain, digital money to
distributed ledgers, design primitives, secure cryptographic protocols
on blockchain, security, consensus, permissions, and privacy.

Unit-II Cryptocurrency: History, Distributed Ledger, Bitcoin Protocols- 08

Mining strategy and rewards, Ethereum-Construction, DAO, Smart
Contract, GHOST, Vulnerability, Attacks, Sidechain, Namecoin

Unit-III Blockchain Architecture, Design and Consensus: Basic crypto 12

primitives: hash, signature, hash chain to Blockchain, basic consensus
mechanisms, requirements for the consensus protocol for permission
less environment, PoW, PoS, PoB, PoET
Unit-IV Permissioned and Public Blockchains: Design goals, Consensus 09
protocols for Permissioned Blockchains, Hyperledger Fabric,
Decomposing the consensus process, Hyperledger fabric components,
Smart Contracts, Chain code design, Hybrid models (PoS and PoW)

Unit-V Recent trends and research issues in Blockchain: Adoption of 08

blockchain technology in various applications, Supply chain
management, Government services, Smart grid, Ice-cream parlor, etc.

Suggested 1. Narayanan, Arvind. et al, Bitcoin and cryptocurrency

Readings/ technologies: a comprehensive introduction. Princeton
References: University Press.
2. Wattenhofer, Roger, The science of the blockchain,
CreateSpace Independent Publishing Platform
3. Bahga, Arshdeep, and Vijay Madisetti,. Blockchain
Applications: A Hands-on Approach, VPT
4. Nakamoto, Satoshi, Bitcoin: A peer-to-peer electronic cash
system, Research Paper
5. Antonopoulos, Andreas M, Mastering Bitcoin: Programming
the open blockchain, O'Reilly Media, Inc
6. Diedrich, Henning, Ethereum: Blockchains, digital assets,
smart contracts, decentralized autonomous organizations,
Wildfire Publishing (Sydney)
7. Draft version of “S. Shukla, M. Dhawan, S. Sharma, S.
Venkatesan, ‘Blockchain Technology: Cryptocurrency and
Applications’, Oxford University Press
8. Josh Thompson, ‘Blockchain: The Blockchain for Beginnings,
Guild to Blockchain Technology and Blockchain
Programming’, Create Space Independent Publishing Platform
 NIRMA UNIVERSITY
Institute: Institute of Technology
Name of B.Tech.(CSE)
Programme:
Course Code: XXXX
Course Title: Data Privacy
Course Type: Minor Elective -I (Cyber Security) - Disciplinary
Year of 2024-25
Introduction:

L T Practical Component C
LPW PW W S
3 0 2 - - - 4

Overview: This course aims to create architectural, algorithmic, and technological

foundations for maintaining the privacy of individuals, the confidentiality of
organizations, and the protection of sensitive information despite the requirement that
information be released publicly or semi-publicly. This course demonstrates various
privacy protection mechanisms against several data-related attacks.

Syllabus: Total Teaching

hours: 45

Unit Syllabus Teaching

hours
Unit-I Introduction to Security: Cryptography Basics, Web security
considerations, Protocols- SSL/TLS, SET, Secure Shell, Hardware 07
vulnerabilities- Backdoor, Hardware Trojans, Software vulnerabilities:
Buffer Overflow, XSS, SQL injection, Prevention and Counter
Measures, Threat Modelling

Unit-II Privacy Preservation Schemes: Data localization issues, Managing 12

personally identifiable or sensitive information, Hippocratic databases,
Homomorphic Encryption, Identity-Based Encryption, Differential
privacy, Privacy-preserving data analysis

Unit-III Disclosure Control: Introduction, Data Quality vs. Anonymity, Data 10

linkage, Disclosure Control Techniques, Data Anonymization, Models
of Protection- null map, k-map, wrong-map

Unit-IV Data Explosion: Availability vs. Storage vs. Collection Trade-off, 08

Barriers to distribution, Mathematical models for sharing practices and
policies for computing privacy and risk measurements

Unit-V Mechanisms of Backup and Disaster Recovery Tools: Backup 08

Mechanisms- Restor points, Failover, Failback, Data Replication,
Disaster recovery tools: Carbonite, Arcserve, Veritas, Recent Data
 Privacy Use Cases: Healthcare, Internet of Vehicles.
Suggested 1. Stallings, W. Cryptography and Network Security. Pearson
Readings/ Education India.
References: 2. Giannotti, F., & Pedreschi, D. (Eds.). Mobility, data mining and
privacy: Geographic knowledge discovery. Springer Science &
Business Media.
3. Bygrave, L. A. Data privacy law: an international
perspective (Vol. 63). Oxford: Oxford University Press.
4. Scoble, R., Israel, S., &Benioff, M. R. Age of context: Mobile,
sensors, data and the future of privacy. USA: Patrick Brewster
Press.
 NIRMA UNIVERSITY
Institute: Institute of Technology
Name of Programme: B.Tech.(CSE)
Course Code: XXXX
Course Title: Intrusion Detection and Prevention Systems
Course Type: Minor Elective -II (Cyber Security) - Disciplinary
Year of Introduction: 2024-25

L T Practical Component C
LPW PW W S
3 0 2 - - - 4
Overview: This course aims to protect networks and systems from diverse cyber threats
effectively; an IDPS must achieve these goals. It's essential to continually update and
adapt IDPS strategies to counter emerging threats and vulnerabilities in the ever-
changing cybersecurity landscape. This course covers the basic concepts of intrusion
detection and prevention systems, including different types of IDPS, their architecture,
deployment, and valuable applications. Using IDPS, students will learn how to assess
security situations and take appropriate action.
Syllabus: Total Teaching
hours: 45
Unit Syllabus Teaching
hours
Unit-I Introduction to IDS and IPS: Understanding Intrusion Detection – 05
Intrusion detection and prevention basics – IDS and IPS analysis
schemes, Attacks, Detection approaches –Misuse detection – anomaly
detection – specification-based detection – hybrid detection, Types of
IPS

Unit-II Classes of Attacks: Network layer: scans, denial of service, 10

penetration, Application layer: software exploits, code Injection,
Human layer: identity theft, root access. Insider Threat issues –
Taxonomy, Masquerade and Impersonation, Traitors, Decoys and
Deception

Unit-III Signature-Based IDS/IPS, Anomaly-Based IDS/IPS: Signature- 10

based detection and prevention techniques, Snort and Suricata as
examples, Signature rule creation Anomaly-based detection and
prevention techniques, Machine learning and statistical approaches,
Challenges and limitations

Unit-IV IDS/IPS Evasion Techniques: Common evasion techniques, how to 10

detect and prevent evasion, Testing IDS/IPS effectiveness, Theoretical
Foundations of Detection Taxonomy of anomaly detection system –
fuzzy logic – Bayes theory – Artificial Neural networks – Support
vector machine – Evolutionary computation – Association rules –
Clustering
Unit-V IDS/IPS Integration with Security, Information and Event 10
Management (SIEM) The role of IDS/IPS in a SIEM ecosystem,
Correlation and incident response, IDS/IPS Policy and Rule
Management, Developing and maintaining IDS/IPS policies, Rule
management best practices, Rule optimization
Suggested 1. Richard Bejtlich, Tao of Network Security Monitoring: Beyond
Readings/ Intrusion Detection, Addison-Wesley Professional
References: 2. Stephen Northcutt, Judy Novak, and Scott Winters, Network
Intrusion Detection, Sams Publishing
3. Earl Carter, Intrusion Prevention Fundamentals, Cisco Press
4. Jack Koziol, Intrusion Detection with Snort, Sams Publishing
 NIRMA UNIVERSITY
Institute: Institute of Technology
Name of Programme: B.Tech.(CSE)
Course Code: XXXX
Course Title: Embedded System Security
Course Type: Minor Elective -II (Cyber Security) - Disciplinary
Year of Introduction: 2024-25

L T Practical Component C
LPW PW W S
3 0 2 - - - 4

Overview: This course aims to enhance design processes and security in embedded
systems. Such systems play a significant role in controlling large infrastructure-based
products, including single-purpose devices. However, their use can also expose
vulnerabilities that can be exploited easily to compromise confidential information,
temper device functionalities, and impose other risks. This course will provide a basic
understanding of specific vulnerabilities of attackers commonly target embedded
systems. Different strategies and methods to integrate security measures into embedded
systems, starting from product design, building, and maintenance, are also covered in
this course. Through a blend of theory and hands-on practices, students will be able to
learn about current security threats to embedded systems and solutions to incorporate
the required measures to prevent them

Syllabus: Total Teaching

hours: 45
Unit Syllabus Teaching
hours

Unit-I Introduction to Embedded Systems: Embedded hardware units, 06

Embedded system software, Device drivers and interrupt services,
Interprocess communication and synchronization of processes

Unit-II Embedded System Security and Trust: Physical attacks, Side 12

channel analysis, Trusted integrated circuit, Trusted platform module
(TPM), Hardware Trojans, Cryptographic hashing, Stack-based
attacks against embedded systems (Code injection and return-
oriented programming), Physically unclonable functions, Fault
injection attacks, Reverse engineering, Supply chain security and
trust

Unit-III Embedded Hardware Security and Hacking: Securing external 12

memory, JTAG/Debug port considerations, Physical attack vectors,
Temper detection and logging, soldering techniques, Board analysis
methodology, Component Identification, Device instrumentation,
Bus monitoring and decoding, Access via JTAG
Unit-IV Embedded Software Security and Exploitation: Fundamentals of 15
embedded software security, Common firmware vulnerabilities,
Software vulnerabilities in ARM/MIPS/etc., Embedded code
vulnerabilities, Assembly code analysis, Exploitation techniques on
ARM/MIPS/x86, Defenses against ARM exploits, Security practices
for embedded software, Defensive software architectures, Defensive
hardware interfaces

Suggested Readings/ 1. Tehranipoor, Mohammad; Wang, Cliff (Eds.), Introduction to

References: Hardware Security and Trust, Springer
2. David Kleidermacher and Mike Kleidermacher, Embedded
Systems Security: Practical Methods for Safe and Secure
Software and Systems Development, Elsevier Science, Newnes
Publication.
3. Louis Goubin and Mitsuru Matsui, Cryptographic Hardware and
Embedded Systems - CHES 2006, Springer
4. Colin O’Flynn and Jasper van Woudenberg, The Hardware
Hacking Handbook: Breaking Embedded Security with
Hardware Attacks, No Starch Press
 NIRMA UNIVERSITY
Institute: Institute of Technology
Name of Programme: B. Tech. (CSE)
Course Code: XXXX
Course Title: Surveillance and Analytics
Course Type: Minor Elective -II (Cyber Security) - Disciplinary
Year of Introduction: 2024-25
L T Practical Component C
LPW PW W S
3 - 2 - - - 4

Overview: This course provides a comprehensive overview of surveillance systems and

data analytics techniques. Students will explore various types of surveillance systems,
sensors, and their applications, emphasizing both scalar and video-based surveillance
methods. The course covers topics such as background estimation, optical flow, image
segmentation, and deep learning techniques for video analysis. Additionally, students
will learn about classification methods, including Convolutional Neural Networks and
visual transformers. Through a blend of theory and practical applications, students will
gain a strong understanding of surveillance technologies and data analytics in real-
world scenarios, preparing them for advanced roles in the field.

Syllabus: Total Teaching

hours: 45
Unit Syllabus Teaching
hours
Unit-I Introduction: Types of Surveillance and Surveillance Systems, 03
Various Surveillance Sensors and type of the data they collect, Need,
Importance and Applications of Surveillance, Objectives of Analysing
Surveillance Data
Unit-II Scalar Surveillance Systems: Surveillance based on images, Public 06
Health Surveillance, Home Security, monitored and unmonitored
security systems, IoT based analytics, speech analytics, border
patrolling surveillance mechanisms
Unit-II Components of Video Analytics: Understanding Video and its 08
Components, Need for Video Surveillance and its Analytics, Video
Analysis Pipeline, Video Preprocessing Techniques, Edge Detection in
Video, Key Frame Extraction Techniques, PCA, FLD, SIFT
Unit-III Foreground Extraction from a Video: Background Estimation, 10
Averaging, Gaussian Mixture Model, Optical Flow, Image
Segmentation, Region Growing, Region Splitting, Morphological
Operations, Tracking in a Multiple Camera Environment, Deep
Learning Techniques for Foreground Extraction from a Video
Unit-IV Classification in Video: Spatiotemporal Convolutional Neural 08
Networks, ConvLSTM, 3D CNN, Attention Mechanisms, Visual
Transformers, Fuzzy Classification
Unit-V Surveillance for Security: Abandoned Object Detection, Human 10
Behavioural Analysis, Human, Action Recognition, Perimeter
Security, Crowd Analysis and Prediction of Crowd Congestion,
 Person Re-Identification

Suggested 1. Graeme A. Jones, Nikos Paragios, Carlo S. Regazzoni, Video-

Readings/ Based Surveillance Systems: Computer Vision and Distributed
References: Processing, Kluwer Academic Publisher.
2. Nilanjan Dey, Amira Ashour and Suvojit Acharjee, Applied Video
Processing in Surveillance and Monitoring Systems (IGI global).
3. Zhihao Chen, Ye Yang (Author), Jingyu Xue (Author), Liping Ye,
Feng Guo, The Next Generation of Video Surveillance and Video
Analytics: The Unified Intelligent Video Analytics Suite,
CreateSpace Independent Publishing Platform.
4. E. R. Davies and Matthew Turk, Advanced Methods and Deep
Learning in Computer Vision, Elsevier.
5. Umberto Michelucci, Advanced Applied Deep Learning:
Convolutional Neural Networks and Object Detection. Apress