Mutation analysis is a method for reliable testing of large software systems.  It provides a method for assessing the adequacy of test data.  Mothra [DeMi87] is a mutation analysis based software testing environment that currently supports the testing of Fortran 77 programs.  Work is underway to enhance thsi tool along several dimension.  One of these is the addition of multilingual capability.  C is one of the languages that we plan to support. This report describes the mutant operators designed for the proposed ANSI C programming language.  Mutant operators are categorized using syntactic criteria.  Such a classification is expected to be useful for an implementor of mutation based testing system. Another classification, useful for the tester, is based on the nature of tests that can be conducted using mutation analysis.  This classification exposes the gen erality and completeness of mutation based testing. Each mutant operator s introduced with illustrative examples.  The rationale supporting each operator is also provided.  An appendix provides a cross-reference of all mutant operators for ease of referencing. The design described here is a result of long deliberations amongst authors of this report in, which several aspects of the C language and program development in C were examined.  We intend this report to srve as a manual for thew C mutant operators fir researchers in software testing.

Two problems of importance in computer security are to 1) detect the presence of an intruder masquerading as the valid user and 2) detect the perpetration of abusive actions on the part of an otherwise innocuous.  In this paper we present a machine learning approach to anomaly detection, designed to handle these two problems.  Our system learns a user profile for each user account and subsequently employs it to detect anomalous behavior in that account.  Based on sequences of actions (UNIX commands) of the current user\‘s inputstream, the system compares each fixed-length input sequence with a historical library of the account\‘s command sequences using a similarity measure.  The system must learn to classify current behavior as consistent or anomalous with past behavior using only positive examples of the account\‘s valid user.  Our empirical results demonstrate tha in most cases it is possible to distinguish the legitimate user from an intruder and, furthermore, that an instance selection technique based on a memory page-replacement algorithm is capable of drastically reducing library size without hindering detection accuracy.

This research analyzed trends in Internet security through an investigation of 4,299 security-related incidents on the Internet reported to the CERT Coordination Center (CERT / CC) from 1989 to 1995.  Prior to this research, our knowledge of security problems on the Internet was limited and primarily anecdotal.  This information could not be effectively used to determine what government policies and programs should be, or to determine the effectiveness of current policies and programs.  This research accomplished the following: 1) development of a taxonomy for the classification of Internet attacks and incidents, 2) organization, classification, and analysis of incident records available at the CERT/CC, and 3) development of recommendations to improve Internet security, and to gather and distribute informatioin about Internet security. With the exception of deniel-of-srvice attacks, security incidents were generally found to be dcreasing relative to the size of the Internet.  The probability of any severe incident not being reported to the CERT/CC was estimated to be between 0% and 4%.  The probability that an incident would be reported if it was above average in terms of duration and number of sites, was around 1 out of 2.6.  Estimates based on this research indicated that a typical Internet domain was involved in no more than around one incident per year, and a typical Internet host in around one incident every 45 years. The taxonomy of computer and network attacks developed for this research was used to present a summary of the relative frequency of various methods of operation and corrective actions.  This was followed by an anaysis of three subgroups: 1) a case study of one site that reported all incidents, 2) 22 incidents that were identified by various measures aas being the most severe in the records, and 3) denial-of-service incidents.  Data from all incidents and these three subgrups were used to estimate the total Internet incident activity during the period of the research.  This was followed by a critical evaluation of the utility of the taxonomy developed for this research.  The analysis concludes with recommendations for Internet users, Internet suppliers, response teams, and the U.S. government.

This paper discusses a prototyping effort in the classical internet protocol (IP) and address the resolution protocol (ARP) over asynchronous transfer mode (ATM) model.