FYI - Computer Security Laboratory (a.k.a. seclab)
James O. (jtruitt@iu.net)
Mon, 27 Mar 1995 23:11:04 -0500
URL: http://everest.cs.ucdavis.edu/Security.html
Research in the Computer Security Laboratory (a.k.a. seclab) is concerned
with the development
of new techniques for the design of secure systems and for demonstrating
such systems to be
secure. Current research activities include (1) developing techniques for
understanding malicious
code (e.g. computer viruses) and for detecting and preventing the occurrence
of such code in
programs, and (2) developing techniques for network intrusion detection. The
latter topic is aimed
at developing monitoring techniques for existing data networks. The intent
is to flag network
intruders and abusers with a low probability of false alarms. The basic
philosophy is to employ
rule-based approaches to detect policy violations or attempts at exploiting
system vulnerabilities as
well as profiles for users, groups of users, hosts, etc., and then use
statistical methods to detect
anomalies from normal behavior. Techniques being developed include the
theory of hierarchical
monitoring (particularly for detecting attacks on wide area networks),
machine learning, automatic
rule generation, characterization of (network) attacks, and distributed
learning. A current project is
developing an intrusion detection system that could be used on the INTERNET.
This system will
detect attempts to subvert the infrastructure of the INTERNET or to use the
INTERNET to attack
remote hosts. Facilities include over 125 workstations from Sun, DEC, and Next.
Projects
Intrusion Detection for Large Networks (ARPA)
Machine Learning for Intrusion Detection (ARPA)
AWB: Audit Workbench (NSA)
Models for Testing Intrusion Detection Systems (NSA)
From Generic Policies to Enforcement Rules (NSA)
Machine Learning for Intrusion Detection (NSA & ARPA)
Authetications in a Distributed Intrusion Detection System (Trident)
Vulnerabilities (Trident)
NID (LLNL)
Virus (LLNL)
JT