Certificate Program in Intrusion Detection

Start anytime. Learn at your own pace.

Reveal insights, drive decisions, advance your career.

Cybersecurity

Online Self-Paced

60 hours

1200

Instructor: Dr. Jason Crossland

  • Designed and taught by Jason Crossland
  • LIVE monthly seminars and office hours
  • Engaging learning including video walkthroughs and hands-on activities
  • Satisfaction guaranteed. Explore the course with no risk.
  • Save $300 with the Certificate vs. buying courses separately

Powered by Engineering for Professionals

The #1 Ranked Online Grad Program for Computer Information Technology by U.S. News & World Report

Johns Hopkins Engineering’s Executive and Professional Education delivers executive education courses from the same faculty and support team behind Johns Hopkins Engineering for Professionals, the nation’s #1 online, part-time graduate program in computer information technology. This ranking includes our master’s programs in computer science, artificial intelligence, cybersecurity, information systems engineering, and data science.

Guided by leading cybersecurity experts from the Johns Hopkins Applied Physics Laboratory, one of the nation’s premier centers for cyber operations, you’ll gain real-world insight into the tactics, tools, and techniques used by today’s network defenders. 

Across three expertly crafted courses—designed and taught by senior APL engineer Jason Crossland and fellow Johns Hopkins faculty—you’ll benchmark leading HIDS and NIDS solutions, weave them into a defense-in-depth architecture, and validate their performance with ROC curves, confusion matrices, and graph analytics.


You’ll also learn methods to drastically reduce false positives while surfacing zero-day attacks. Every assignment mirrors real SOC challenges, so the artifacts you build roll straight into production playbooks. 

Your capstone drops you into Cyber Shield, a Fortune 500 firm reeling from nine documented breaches. As the incident-response analyst, you audit failed sensors, redesign the enterprise IDPS, and present a phased, board-ready mitigation plan that demonstrates measurable risk reduction. 

Earning Your Johns Hopkins University Certificate

After completing the course content, you will apply your knowledge to a real-world capstone project to earn your Certificate of Achievement—demonstrating to peers and employers that you can lead in detecting, responding to, and mitigating enterprise-scale cyber threats.

The capstone requires analyzing nine recent attack reports, identifying detection gaps, recommending host- and network-level IDS/IPS solutions (with ML enhancements), and integrating them into a defense-in-depth architecture aligned to NIST CSF functions. The final deliverable is a high-stakes briefing to network engineering and C-suite stakeholders, including ROC visualizations, active-vs-passive response rationale, and a phased mitigation roadmap. The project will be reviewed by Jason, who will provide feedback, which can be discussed further during live office hours.

The image is for illustrative purposes only. Actual certificate design subject to change,

The Certificate combines Jason’s 3 sequential intrusion detection courses:

into one bundle, saving you $300 off the cost of buying separately

No Risk: Satisfaction Guaranteed

Feel confident in your learning journey! If the certificate content is too advanced, not advanced enough, or simply doesn’t meet your expectations, we’ve got you covered with our money-back guarantee. Just contact our team within 7 days from purchase to receive a full refund—no questions asked.

Meet Your Instructor

Jason Crossland

Johns Hopkins University, Johns Hopkins Applied Physics Laboratory

Jason Crossland has over 16 years of military commissioned and civilian experience in cyber security engineering, information assurance, information systems, and information technology. He served in the Air Force, where he was assigned to satellites, fiber-optics, and telecommunications networks, systems, and equipment. He currently works at the John Hopkins University Applied Physics Laboratory in the Critical Infrastructure Sector and as an instructor in the Johns Hopkins Engineering for Professionals program.

Jason is Here to Help!

Questions about course content? Looking for insight on intrusion detection? Stop by monthly Zoom office hours to talk with Jason and fellow students about what you’re learning in the course and the theoretical application of intrusion detection.

Prerequisites

The Certificate is designed for cybersecurity professionals and experienced students. A baseline understanding of cybersecurity concepts is useful, but there are no formal prerequisites

Projects You’ll Build (With Expert Guidance)

With ready-to-use Jupyter notebooks and working code examples, Dr. Guven will walk you through creating…

  • Insider-Threat Case Study
    Using supplied host-event traces, you will pinpoint tell-tale artifacts (unexpected process launches, checksum changes) that flag an internal adversary.
  • Host Integrity Attack Analysis
    Experience a guided exercise on BIOS/TPM and side-channel exploits shows how hardware-level compromise evades poorly placed IDS controls and what integrity checks prevent it.
  • Traffic Shaping and Policing
    Study the concepts and operational cases for when to apply traffic shaping & policing approaches to your host and network-based IDS and IPS.  
  • Machine Learning I
    Study methods of integrating ML into IDPSs to gain high detection accuracy while minimizing false positives.
  • Machine Learning II
    Compare and contrast two highly used ML applications that perform deep learning and artificial intelligence (AI) principles. Walk away with evidence-based reasoning that you can defend to leadership.

Course Summaries

You’ll build:

  • Tool-comparison briefs: Study open-source HIDS options such as Tripwire and OSSEC, then write short decision memos recommending the right tool for a given mission or budget.  
  • Insider-threat case study: Using supplied host-event traces, you will learn to pinpoint tell-tale artifacts (unexpected process launches, checksum changes) that flag an internal adversary. 
  • Host-integrity attack analysis: Experience a guided exercise on BIOS/TPM and side-channel exploits, learn how hardware-level compromise evades poorly placed IDS controls, and what integrity checks prevent it. 
  • Hybrid-IDS architecture walk-through: Explore Suricata and Snort to see how signature and anomaly engines corroborate the same event and enrich context identification.  
  • NetFlow baselining drill: Graph flow data and learn to distinguish normal traffic from flash crowd and DDoS precursors. 

You’ll build:

  • Graph Theory for IDS: Study algorithmic approaches to IDS using graph theory to better understand node and edge characteristics. 
  • Validating IDS test data results: Learn and apply the concepts for ensuring accuracy and effectiveness of SIEM and endpoint detection and response (EDR) systems.
  • ROC analysis: Use a graphical plot that illustrates and validates how to adjust/tune IDS/IPS to prevent type I and type II errors. 
  • Traffic shaping and Traffic policing: Study the concepts and operational cases for when to apply traffic shaping & policing approaches to your host and network-based IDS and IPS.  
  • Network Packet Analysis: Understand the importance of thorough packet analysis methods in order to establish network baselines and identify security threats.  

You’ll build:

  • Machine learning I: Study methods of integrating ML into IDPSs to gain high detection accuracy while minimizing false positives.  
  • Machine learning II: Compare and contrast two highly used ML applications that perform deep learning and artificial intelligence (AI) principles. 
  • The Onion Router (Tor): Understand how the leading anonymization network is often used to implement deanonymization attacks due to errors in usage and operation.  
  • NIST-CSF functions: Translate NIST-CSF functions into a sequenced incident response plan that integrates  ML approaches to detect misuses of ToR network. 

Tab 4 content.

Course Delivery and Support

The courses are delivered entirely online through the industry-leading Canvas Learning Management System. This system is supported by the same instructional design team behind Johns Hopkins’ renowned Engineering for Professionals program, which serves thousands of online graduate students each year. Upon registration, you will receive an email with instructions to create your Hopkins Canvas account and access the videos, readings, files and quizzes.

Certificate Program in Intrusion Detection

Start Now
Request Info

Cybersecurity

1200

Online Self-Paced

60 hours

7 CEUs

No Risk: Explore the Certificate for 7 Days