Drawing from the experience obtained during the development and testing of a distributed intrusion detection system, we reflect on the data collection needs of intrusion detection systems, and on the limitations that are faced when using the data collection mechanisms built into most operating systems.  We claim that it is best for an intrusion detection system to be able to collect its data by looking directly at the operations of network packets.  Furthermore, for collecting data in an efficient, reliable and complete fashion, incorporation of monitoring mechanisms in the source code of the operating system and its applications is needed.

The trend towards a strong interdependence among networks has serious security implications.  Not only does the compromise of one network adversely affect resources needed by others, but the compromised network may be part of a multi-network attack targeting other systems.  The task of identifying such attacks in progress can be quite difficult.  Other researchers have found that data sharing is needed to detect many systemic attacks involving multiple hosts even within a single network [PN97].  Systems such as DIDS and EMERALD have been developed to gather and analyze such data network and enterprise-wide, respectively.  However, neither system addresses data sharing between networks that lack central administration.  This paper identifies some of the issues that need to be addressed if cooperative intrusion detection using data sharing between distinct sites is to become a viable option, and provides a set of requirements for designing such a system.  A substantial subset of these requirements have been modelled in a functional cooperative data sharing system.

With the growing need for multimedia data management, security requirements are becoming very crucial.  Composing multimedia documents involves bringing together media objects that exist in various formats.  These objects may reside in a distributed environment and belong to different security domains.  We propose a time augmented colored-Petri Net model for multimedia document composition that allows the specification of multilevel security.  The model also allows handling multiple security policies and hierarchical and path-based protection schemes.

We introduce a technique for tracing a class of

The natural immune system has evolved many interesting mechanisms to solve the problem of self-nonself discrimination.  An anomaly detection system based upon principles derived from the immune system was introduced in [Forr94].  Its main advantages are that it is distributable, local, and tunable.  This paper provides an overview of the theoretical, algorithmic,and practical developments extending the original proposal.  In particular, we present information theoretic results on the detection method, show the possibility of strings that cannot be detected for a given combination of self set and matching rule, present efficient algorithms to generate the detector set, and provide rules of thumb for setting the parameters to apply this method to a real data set.

Deniel of service is becoming a growing concern.  As our systems communicate more and more with others that we know less and less, they become increasingly vulnerable to hostile intruders who may take advantage of the very protocols intended for the establishment and authentication of communication to tie up our resources and disable our servers.  Since these attacks occur before parties are authenticated to each other, we cannot rely upon enforcement of the appropriate access control policy to protect us (as is recommended in the classic work of Gligor and Millen in [5, 18, 19]).  Instead we must build our defenses, as much as possible, into the protocols themselves.  This paper shows how some principles that have already been used to make protocols more resistent to deniel of service can be formalized, and indicates the ways in which existing cryptographic protocol analysis tools could be moidified to operate within this formal framework.

As organizations rush to build and support eCommerce applications there is an increasing realization that information and financial assets are becoming more vulnerable to attack. Media hyped reports of the BubbleBoy virus and frequent network failure of eCommerce sites like eTrade may serve to alarm the public, but the threats are real and the potential risks catastrophic. One industry survey discovered that organizations engaged in Web commerce, electronic supply chains, and enterprise resource planning experience three times the incidents of information loss and theft of trade secrets than everybody else.

Data products (macrodata or tabular data and micro-data or raw data records), are designed to inform public or business policy, and research or public information. Securing these products against unauthorized accesses has been a long-term goal of the database security research community and the government statistical agencies. Solutions to this problem require combining several techniques and mechanisms. Recent advances in data mining and machine learning algorithms have, however, increased the security risks one may incur when releasing data for mining from outside parties. Issues related to data mining and security have been recognized and investigated only recently.

Current distributed intrusion detection systems are not completely distributed with respect to data analysis because of the presence of centralized data analysis components. This deficiency has many undesirable implications. Here we present a framework for doing distributed intrusion detection with no centralized analysis components. Our approach uses agents that are the only data analysis components. Agents cooperate by using a hierarchical communication framework. This cooperation is driven by interests expressed by the agents.

This guide attempts to provide information helpful to new graduate students in Purdue\‘s Computer Sciences Department.  It covers a wide variety of material, ranging from details needed during your first few weeks on campus to tidbits about the Lafayette area and suggestions for weekend activities…

While mobile agents approach provides a great flexibility and customizability compared to the traditional client-server approaches, it introduces many serious security problems. These problems are mainly protecting the hosting server and the visiting agent from each other. In this paper we discuss the security issues in the mobile agents technology. Specifically, we describe the techniques used to protect a hosting server from malicious agents roaming the network. We also present mechanisms for protecting a mobile agent during traveling from its source to the designated destination. In addition, we address the challenging problem of securing the agent from a hostile execution environment. We point out the difficulty of the problem inherent from the fact that the executing environment has almost complete control over the code it is executing. And we describe the techniques proposed in the literature for dealing with the problem. Finally, we present a secure distributed application that we have developed to illustrate the capabilities of the mobile agents approach. We adapt a public key authentication technique to implement the security features of the application.