Notes for October 28, 1998

  1. Greetings and Felicitations!
    1. Office hours 3:00-4:00PM today.
    2. Security lab seminar 1:00-2:00PM in 1131 EU-II. We will talk about ongoing projects!
  2. Puzzle of the Day
  3. Intrusion Detection Systems
    1. Anomaly detectors: look for unusual patterns
    2. Misuse detectors: look for sequences known to cause problems
    3. Specification detectors: look for actions outside specifications
  4. Misuse Detection
    1. Look for specific patterns that indicate a security violation
    2. Basis: need a database or ruleset of attack signatures
    3. Issues: handling log data, correllating logs
    4. Problems: can't find new attacks
  5. Specification Detection
    1. Look for violations of specifications
    2. Basis: need a representation of specifications
    3. Issues: similar to misuse detection
    4. Advantage: can detect attacks you don't know about.
  6. Cryptography
    1. Ciphers v. Codes
    2. Attacks: ciphertext-only, known plaintext, known ciphertext
  7. Classical Ciphers
    1. monoalphabetic (simple substitution): f(a) = a + k mod n
    2. example: Cæsar with k = 3, RENAISSANCE -> UHQDLVVDQFH
    3. polyalphabetic: Vigenère, fi(a) = a + ki mod n
    4. cryptanalysis: do index of coincidence to see if it's monoalphabetic or polyalphabetic, then Kasiski method.
    5. problem: eliminate periodicity of key

You can also see this document in its native format, in Postscript, in PDF, or in ASCII text.
Send email to

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 11/5/98