Notes for October 22, 1999
- Greetings and Felicitations!
- Bibliography: I'll have copies made for Monday or Wednesday of next week
- Program hints: see newsgroup.
Should I extend homework due date to Wednesday?
- Puzzle of the Day
- Example of Flaw Hypothesis Methodology
- Go through Burroughs B6700 penetration
- Intrusion Detection Systems
- Anomaly detectors: look for unusual patterns
- Misuse detectors: look for sequences known to cause problems
- Specification detectors: look for actions outside specifications
- Anomaly Detection
- Original type: used login times
- Can be used to detect viruses, etc.
by profiling expected number of writes
- Basis: statistically build a profile of users' expected actions,
and look for actions which do not fit into the profile
- Issue: periodically modify the profile, or leave it static?
- User vs. group profiles
- Misuse Detection
- Look for specific patterns that indicate a security violation
- Basis: need a database or ruleset of attack signatures
- Issues: handling log data, correllating logs
- Problems: can't find new attacks
- Specification Detection
- Look for violations of specifications
- Basis: need a representation of specifications
- Issues: similar to misuse detection
- Advantage: can detect attacks you don't know about.
- Ciphers vs. Codes
- Attacks: ciphertext-only, known plaintext, known ciphertext
- monoalphabetic (simple substitution):
f(a) = a + k mod n
- example: Cæ with k = 3,
RENAISSANCE -> UHQDLVVDQFH
- polyalphabetic: Vigenère,
fi(a) = a + ki
- cryptanalysis: first do index of coincidence to see if it's
monoalphabetic or polyalphabetic, then Kasiski method.
- problem: eliminate periodicity of key
Send email to
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 10/22/99