# Syllabus: AINS6300 AI in Threat Detection

## Catalog Description

Applies AI to telemetry, anomaly detection, threat intelligence, detection engineering, and SOC integration.

## Course Structure

Each week includes readings, a lecture/slide sequence, an executable lab, and an applied deliverable. Students maintain a reproducible project record and submit work through the LMS or GitHub workflow selected by the instructor.

## Weekly Schedule

| Week | Topic | Essential Question | Deliverable |
|------|-------|--------------------|-------------|
| 1 | Security telemetry and threat models | What signals reveal malicious behavior? | Lab notebook + assignment brief |
| 2 | Anomaly detection foundations | How can models detect unknown patterns? | Lab notebook + assignment brief |
| 3 | Malware and network behavior analysis | What features distinguish hostile activity? | Lab notebook + assignment brief |
| 4 | Threat intelligence and enrichment | How does external intelligence improve detection? | Lab notebook + assignment brief |
| 5 | Detection engineering and evaluation | How do we measure detection quality? | Lab notebook + assignment brief |
| 6 | Adversarial behavior and evasion | How do attackers adapt to detectors? | Lab notebook + assignment brief |
| 7 | Security operations integration | How do detections become action? | Lab notebook + assignment brief |
| 8 | Threat detection portfolio | What evidence supports deployment? | Lab notebook + assignment brief |

## Assessment

| Component | Weight |
|-----------|--------|
| Weekly labs and notebooks | 30% |
| Applied assignments | 35% |
| Participation and technical critique | 15% |
| Final synthesis portfolio | 20% |

## Graduate Expectations

Submissions must show technical reasoning, evidence awareness, clear limitations, and responsible use of AI assistance. Code and analysis should be reproducible enough for instructor review.