Notes for October 22, 1999

  1. Greetings and Felicitations!
    1. Bibliography: I'll have copies made for Monday or Wednesday of next week
    2. Program hints: see newsgroup. Should I extend homework due date to Wednesday?
  2. Puzzle of the Day
  3. Example of Flaw Hypothesis Methodology
    1. Go through Burroughs B6700 penetration
  4. Intrusion Detection Systems
    1. Anomaly detectors: look for unusual patterns
    2. Misuse detectors: look for sequences known to cause problems
    3. Specification detectors: look for actions outside specifications
  5. Anomaly Detection
    1. Original type: used login times
    2. Can be used to detect viruses, etc. by profiling expected number of writes
    3. Basis: statistically build a profile of users' expected actions, and look for actions which do not fit into the profile
    4. Issue: periodically modify the profile, or leave it static?
    5. User vs. group profiles
    6. Problems
  6. Misuse Detection
    1. Look for specific patterns that indicate a security violation
    2. Basis: need a database or ruleset of attack signatures
    3. Issues: handling log data, correllating logs
    4. Problems: can't find new attacks
  7. Specification Detection
    1. Look for violations of specifications
    2. Basis: need a representation of specifications
    3. Issues: similar to misuse detection
    4. Advantage: can detect attacks you don't know about.
  8. Cryptography
    1. Ciphers vs. Codes
    2. Attacks: ciphertext-only, known plaintext, known ciphertext
  9. Classical
    1. monoalphabetic (simple substitution): f(a) = a + k mod n
    2. example: Cæ with k = 3, RENAISSANCE -> UHQDLVVDQFH
    3. polyalphabetic: Vigenère, fi(a) = a + ki mod n
    4. cryptanalysis: first do index of coincidence to see if it's monoalphabetic or polyalphabetic, then Kasiski method.
    5. problem: eliminate periodicity of key

Send email to

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 10/22/99