CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Detecting Computer Attackers: Recognizing Patterns of Malicious, Stealthy Behavior

Robert Cunningham - MIT Lincoln Laboratory, Information Systems Technology

Nov 29, 2000

PDF Slides PDF ()


In the United States today, computer systems are used as repositories of information critical to the success of businesses and the smooth functioning of our nation. As we rely more heavily on these systems, they become increasingly valuable targets for computer attackers. While some attackers are merely experimenting with others' computers, others are intentionally attempting to damage infrastructure or adversely impact military readiness. We have developed model-based techniques to detect several classes of attacks both before and after they are launched. For this presentation, I will describe techniques for detecting attacks that allow a normal user to acquire the privileges of the super-user. The first technique detects user-to-super-user attack before that software is used, while the second technique (Bottleneck Verification) detects attacks after they have been launched. Each has a high detection rate at a low false alarm rate, but neither is perfect, so both are useful for protecting a computer system.

About the Speaker

Robert K. Cunningham received the Sc.B. degree in computer engineering from Brown University in 1985, the M.S. degree in electrical engineering from Boston University in 1988, and the Ph.D. degree in cognitive and neural systems from Boston University in 1998. From 1985 to 1987 he worked at Raytheon, designing and developing a parallel and distributed operating system for the next generation weather radar system. After completing his masters degree in 1988, he became a staff member of the Machine Intelligence Group at MIT Lincoln Laboratory, where his research focused on digital image processing and image understanding, including parallel implementations of algorithms for enhanced visualization and image region classification. As part of that work, he contributed to early drafts of the real-time message passing interface (MPI/RT) specification. In early 1998 he moved to the Information Systems Technology Group, where his research has focused on developing intrusion detection systems that do not require advance knowledge of the method of attack. He was appointed Assistant Leader of the group in August 2000. He is a member of Sigma Xi and a senior member of the IEEE.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.