Notes for October 21, 1998
Greetings and Felicitations!
Office hours 3:00-4:00PM today.
Security lab seminar 1:00-2:00PM in 1131 EU-II. We will talk about ongoing projects!
Puzzle of the Day
Examples
Go through Burroughs B6700 penetration
Go through Michigan Terminal System penetration
Intrusion Detection Systems
Anomaly detectors: look for unusual patterns
Misuse detectors: look for sequences known to cause problems
Specification detectors: look for actions outside specifications
Anomaly Detection
Original type: used login times
Can be used to detect viruses, etc. by profiling expected number of writes
Basis: statistically build a profile of users' expected actions, and look for actions which do not fit into the profile
Issue: periodically modify the profile, or leave it static?
User vs. group profiles
Problems
Misuse Detection
Look for specific patterns that indicate a security violation
Basis: need a database or ruleset of attack signatures
Issues: handling log data, correllating logs
Problems: can't find new attacks
Specification Detection
Look for violations of specifications
Basis: need a representation of specifications
Issues: similar to misuse detection
Advantage: can detect attacks you don't know about.
Classical Cryptography
monoalphabetic (simple substitution):
f
(
a
) =
a
+
k
mod
n
example: Cæsar with
k
= 3,
RENAISSANCE
->
UHQDLVVDQFH
polyalphabetic: Vigenère,
f
i
(
a
) = (
a
+
k
i
)
mod
n
cryptanalysis: first do index of coincidence to see if it's monoalphabetic or polyalphabetic, then Kasiski method.
problem: eliminate periodicity of key
You can also see this document
in its native format
,
in Postscript
,
in PDF
, or
in ASCII text
.
Send email to
[email protected]
.
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 11/28/98