IMT4133 - Data Science for Security and Forensics


Examination arrangement

Examination arrangement: Assignments and Written examination
Grade: Letter grades

Evaluation Weighting Duration Grade deviation Examination aids
Written examination 6/10 3 hours E
4 major assignments 4/10

Course content

This course serves as an introduction to machine learning, data science, and AI while considering the context of information security and digital investigation. The majority of the learned content focuses on machine learning, its basic principles, and its related practices. Items will be taught through lectures describing the theoretical aspects of machine learning, as well as tutorials that attempt to show more applied work in a hands-on way using Python, Weka, and other tools. Lectures and tutorials will contain the following items. Overview and motivation of machine learning. Basic principles of machine learning such as features, supervised learning (typically classification), unsupervised learning (typically clustering), and regression. Introduction to Use of machine learning tools and programming such as Python, Jupyter Notebook, WEKA, and RapidMiner. Understanding of types of features, how training and testing data should be preprocessed, and cross-validation. Overview of algorithm and data bias. Evaluation metrics to understand the performance of machine learning models. Objective functions and optimization methods (learning as search), including greedy algorithms, gradient descent, and genetic algorithms. Feature selection, feature extraction, and dimensionality reduction. More in depth look at classifiers including K-nearest neighbors, SVM, decision trees, etc. More in depth look at clustering and unsupervised methods including K-means, fuzzy clustering, association rules, etc. Introduction to Artificial Neural Networks, how they are trained, and deep learning. Homework includes tasks of applying machine learning models,

Learning outcome


-The candidate should know the difference between supervised, unsupervised learning, and an assortment of algorithms associated with the different learning methods. -The candidate should have an understanding of overfitting and underfitting machine learning models, and the causes of these occurrences. -The candidate should have a basic but comprehensive understanding of at least the following categories of machine learning models: decision trees, support vectors machines, artificial neural networks, K nearest neighbors, k-Means clustering, -The candidate should know how to evaluate binary classification models, multiclass classification models, clustering models, and regression models. -The candidates should understand cross-validation. -The candidate should understand different types of features: numeric, categorical, and ordinal. -The candidate should know the difference between filter and wrapper feature selection methods, and some particular methods for each selection methodology. -The candidate should have a good understanding of what are useful features. -The candidate should understand the role of objective (loss) functions, and know multiple methods of optimization, including genetic algorithms and gradient descent. -The candidate should know some methods of dimensionality reduction, including principle component analysis. -The candidate should understand the fundamentals of artificial neural networks, including activation functions, bias, hidden layers, forward propagation, and backpropagation.


Some technical skills learned during the course (depending on the students tools of course) are: -How to use WEKA for classification, clustering, feature selection, and feature visualiation. -How to use RapidMiner for classification, data preprocessing, and visualization. -How to use Python to apply machine learning knowledge. -How to use Jupyter Notebook to prototype and prepare data science reports.

General Competence:

By the end of the course, candidates should have a strong foundation of the basics of machine learning methods, be able to apply and evaluate machine learning methods in their programming language of choice (at least on relatively small datasets), capable of understanding some contexts in which machine learning can be applied to information security and digital investigation, and be capable of researching and conducting basic research applying what they have learned. Furthermore, they should understand the limitations or benefits of the different machine learning methods.

Learning methods and activities

-Lectures -Lab work -E-learning -4 major assignments that include theoretical and practical aspects of the topics (graded)

Further on evaluation


  • For the written exam: Ordinary re-sit examination in August. Depending on the number of students the re-sit can be changed to oral exam.
  • The major assignments, if passed, need not be re-submitted.

Forms of assessment: -Written exam 3h (60%) -4 major assignments (40% total, 10% each) -The written exam and all major assignments must be passed.

Retake can be carried out for some partial assessments without all partial assessments having to be taken up again.

Specific conditions

Admission to a programme of study is required:
Applied Computer Science (MACS)
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)

Course materials

Books/standards, conference/journal papers and web resources, such as:

  • Kononenko, M. Kukar, Machine Learning and Data Mining: Introduction to Principles and Algorithms, Horwood Publishing, Chichester, U.K., 2007, ISBN 1-904275-21-4

Recommended further reading:

  • T. Mitchell, Machine Learning, McGraw Hill, 1997.
  • Chio, Clarence, and David Freeman. Machine learning and security: Protecting systems with data and algorithms. " O'Reilly Media, Inc.", 2018.
  • R.O.Duda, P.E. Hart, and D.G. Stork: Pattern Classification. 2nd edition., Wiley, 2001.
  • S. Theodoridis, and K. Koutroumbas. Pattern Recognition, 3rd edition. Academic Press.

Credit reductions

Course code Reduction From To
IMT4612 3.7 AUTUMN 2017
IMT4632 3.7 AUTUMN 2017
IE500618 5.0 AUTUMN 2023
TDT4173 5.0 AUTUMN 2023
More on the course



Version: 1
Credits:  7.5 SP
Study level: Second degree level


Term no.: 1
Teaching semester:  SPRING 2025

Language of instruction: English

Location: Gjøvik , Trondheim

Subject area(s)
  • Information Security
Contact information
Course coordinator: Lecturer(s):

Department with academic responsibility
Department of Information Security and Communication Technology


Examination arrangement: Assignments and Written examination

Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
Spring ORD 4 major assignments 4/10 INSPERA
Room Building Number of candidates
Spring ORD Written examination 6/10 E INSPERA
Room Building Number of candidates
Summer UTS Written examination 6/10 E INSPERA
Room Building Number of candidates
  • * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.

For more information regarding registration for examination and examination procedures, see "Innsida - Exams"

More on examinations at NTNU