Notes for October 28, 1998

  1. Greetings and Felicitations!
    1. Office hours 3:00-4:00PM today.
    2. Security lab seminar 1:00-2:00PM in 1131 EU-II. We will talk about ongoing projects!
  2. Puzzle of the Day
  3. Intrusion Detection Systems
    1. Anomaly detectors: look for unusual patterns
    2. Misuse detectors: look for sequences known to cause problems
    3. Specification detectors: look for actions outside specifications
  4. Misuse Detection
    1. Look for specific patterns that indicate a security violation
    2. Basis: need a database or ruleset of attack signatures
    3. Issues: handling log data, correllating logs
    4. Problems: can't find new attacks
  5. Specification Detection
    1. Look for violations of specifications
    2. Basis: need a representation of specifications
    3. Issues: similar to misuse detection
    4. Advantage: can detect attacks you don't know about.
  6. Cryptography
    1. Ciphers v. Codes
    2. Attacks: ciphertext-only, known plaintext, known ciphertext
  7. Classical Ciphers
    1. monoalphabetic (simple substitution): f(a) = a + k mod n
    2. example: Cæsar with k = 3, RENAISSANCE -> UHQDLVVDQFH
    3. polyalphabetic: Vigenère, fi(a) = a + ki mod n
    4. cryptanalysis: do index of coincidence to see if it's monoalphabetic or polyalphabetic, then Kasiski method.
    5. problem: eliminate periodicity of key

You can also see this document in its native format, in Postscript, in PDF, or in ASCII text.
Send email to [email protected].

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562


Page last modified on 11/5/98