As I told the list last year, I'm offering a grad seminar this semester on incident detection and response. A large part of that will be CMAD (Computer Misuse and Anomaly Detection, a broader definition than simply Intrusion Detection). I have the current course syllabus up on my WWW page. I will be adding to this as the semester progresses, including a list of papers read and more info on the projects. The URL (for my home page) is http://www.cs.purdue.edu/people /spaf If you have any comments or suggestions about what I have there, I'd certainly be happy to hear them! Cheers, --spaf