Notes for October 21, 1998
Greetings and Felicitations!
Office hours 3:00-4:00PM today.
Security lab seminar 1:00-2:00PM in 1131 EU-II. We will talk about ongoing projects!
Puzzle of the Day
Go through Burroughs B6700 penetration
Go through Michigan Terminal System penetration
Intrusion Detection Systems
Anomaly detectors: look for unusual patterns
Misuse detectors: look for sequences known to cause problems
Specification detectors: look for actions outside specifications
Original type: used login times
Can be used to detect viruses, etc. by profiling expected number of writes
Basis: statistically build a profile of users' expected actions, and look for actions which do not fit into the profile
Issue: periodically modify the profile, or leave it static?
User vs. group profiles
Look for specific patterns that indicate a security violation
Basis: need a database or ruleset of attack signatures
Issues: handling log data, correllating logs
Problems: can't find new attacks
Look for violations of specifications
Basis: need a representation of specifications
Issues: similar to misuse detection
Advantage: can detect attacks you don't know about.
monoalphabetic (simple substitution):
example: Cæsar with
) = (
cryptanalysis: first do index of coincidence to see if it's monoalphabetic or polyalphabetic, then Kasiski method.
problem: eliminate periodicity of key
You can also see this document
in its native format
in ASCII text
Send email to
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 11/28/98