Nov 21, 1997
A distinction between anomaly and misuse detection has emerged in the recent past. Where misuse detection mechanisms encapsulate and detect known, previously encountered security violations, anomaly detection mechanisms address the problem from a different angle. Based on the on the hypothesis that security violations involve abnormal usage of a system resources, it aims to detect security violations by identifying abnormal patterns of system usage. In particular it addresses that area of security violations where which arise from possible flaws or vulnerabilities that may not have been anticipated or previously known.
My doctoral thesis involves the application of an adaptive neural engine towards encapsulating subject behaviour from directly available system information. More precisely it concentrates on the effectiveness of the neural mechanism to define normal behaviour, flag abnormal behaviour and reporting true alarms and true acceptances as opposed to false alarms and false acceptances.
The research work undertaken in conjunction with the Australian Federal Police involves the use of the same neural engine applied to the examination of network traffic captured using readily available network monitoring software. The study attempts to characterise and classify standard TCP/IP network services with the view to developing signatures for each connection type for a particular network environment. Network traffic can then be correlated with these signatures and anomalous network activities, such as intruder installed network services, detected. The preliminary results of this research are to be presented in a paper at the 13th Annual Computer Security Applications Conference in San Diego in December 1997.
About the Speaker
Kymie Tan is a Phd student with the Computer Forensics and System Security Group of the
Department of Computer Science
University of Melbourne
, Melbourne, Australia. She holds a Bachelor of Computer Science degree with First Class Honours and has continued working in the area of neural networks and anomaly intrusion detection since her honours year. Kymie has presented the results of her research in a number of forums including the The Third International Law Enforcement Conference on Computer Evidence held in Australia in 1996 and at the launch of Melbourne IT, a collaborative venture between the University of Melbourne and the Australian IT industry where Kymie's work generated considerable commercial interest.
Since January 1997 Kymie has collaborated with the Australian Federal Police Computer Crime Team in Melbourne assisting in the development of mission specific software to assist in computer crime investigations and conducting research into techniques to detect computer intruder activities.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...