Computers--Access control

Intrusion Detection Systems (IDS) are security tools which monitor systems and networks for malicious activity. In saturated network links the amount of data present for analysis can overwhelm them, resulting in potentially undetected attacks. Many of these network links contain significant amounts of multimedia traffic which may seem to contribute to the problem, however our work suggests otherwise. This thesis proposes a novel method to classify and analyze multimedia traffic in an effort to maximize the efficiency of IDS. By embedding multimedia-specific knowledge into IDS, trusted multimedia contents can be identified and allowed to bypass the detection engine, thereby allowing IDS to focus its limited resources on other traffic. The proposed framework also enables IDS to detect multimedia-specific exploits which would otherwise pass under the radar. Results of our experiments confirm our claims and show substantial CPU savings in both streaming and non-streaming scenarios.

The incorporation of object-oriented and semantic modeling concepts to databases is one of the most significant advances in the evolution of database systems. Among the many issues brought along by this integration, one that becomes important is the protection of the information. This thesis presents an authorization model that applies two basic aspects: control of users' access to data values, and control of administrators' access to data definitions and authorization rules. The model consists of a set of policies, a structure for authorization rules, algorithms for access request validation and procedures for administrative functions. Even though this model is developed in the context of a particular data model, the discussion is sufficiently general and can be applied to similar environments.

We discuss a set of indirect combining techniques for addressing multi-category classification problems that have been used in many domains, but not for intrusion detection systems. In contrast to the indirect combining techniques, direct techniques generally extend associated binary classifiers to handle multi-category classification problems. An indirect combining technique decomposes the original multi-category problem into, based on some criteria, multiple binary-category problems. We investigated two different approaches for building the binary classifiers. The results of the binary classifiers are then merged using a combining technique---three different combining techniques were studied. We implement some of the indirect combining techniques proposed in recent literature, and apply them to a case study of the DARPA KDD-1999 network intrusion detection project. The results demonstrate the usefulness of using indirect combining techniques for the multi-category classification problem of intrusion detection systems.

Network security is an important subject in today's extensively interconnected computer world. The industry, academic institutions, small and large businesses and even residences are now greatly at risk from the increasing onslaught of computer attacks. Such malicious efforts cause damage ranging from mere violation of confidentiality and issues of privacy up to actual financial loss if business operations are compromised, or even further, loss of human lives in the case of mission-critical networked computer applications. Intrusion Detection Systems (IDS) have been used along with the help of data mining modeling efforts to detect intruders, yet with the limitation of organizational resources it is unreasonable to inspect every network alarm raised by the IDS. Modified Expected Cost of Misclassification ( MECM) is a model selection measure that is resource-aware and cost-sensitive at the same time, and has proven to be effective for the identification of the best resource-based intrusion detection model.

Today new secure cryptosystems are in great demand. Computers are becoming more powerful and old cryptosystems, such as the Data Encryption Standard (DES), are becoming outdated. This thesis describes a new binary additive strewn cipher (HK cryptosystem) that is based on the logistic map. The logistic map is not random, but works under simple rules to become complex, thus making it ideal for implementation in cryptography. Instead of basing the algorithm on one logistic map, the HK cryptosystem. averages several uncoupled logistic maps. Averaging the maps increases the dimension of such a system, thus providing greater security. This thesis will explore the strengths and weaknesses of the HK cryptosystem and will end by introducing a modified version, called the HK8 cryptosystem that does not have the apparent weakness of the HK system.