Electronic countermeasures

Intrusion Detection Systems (IDS) are security tools which monitor systems and networks for malicious activity. In saturated network links the amount of data present for analysis can overwhelm them, resulting in potentially undetected attacks. Many of these network links contain significant amounts of multimedia traffic which may seem to contribute to the problem, however our work suggests otherwise. This thesis proposes a novel method to classify and analyze multimedia traffic in an effort to maximize the efficiency of IDS. By embedding multimedia-specific knowledge into IDS, trusted multimedia contents can be identified and allowed to bypass the detection engine, thereby allowing IDS to focus its limited resources on other traffic. The proposed framework also enables IDS to detect multimedia-specific exploits which would otherwise pass under the radar. Results of our experiments confirm our claims and show substantial CPU savings in both streaming and non-streaming scenarios.

The purpose of this thesis is to show the use of digital techniques for Electronic Countermeasures (ECM) signal processing. The main objective is the use of only digital circuitry for the processing of the ECM signals. A recent design of an ECM controller called the Oscillator Waveform Controller (OWC) follows this philosophy. The OWC digitally controls the generation of its nine jamming modes plus the modes generated by the other ECM modules within the ECM system. The use of advance microcircuitry technology allows the OWC the capability of controlling all the parameters within an ECM system. The most desirable feature of the OWC is the use of high level communications for programming ECM mode parameters from an external computer or terminal and digitally storing this parameters upon removal of power.

We discuss a set of indirect combining techniques for addressing multi-category classification problems that have been used in many domains, but not for intrusion detection systems. In contrast to the indirect combining techniques, direct techniques generally extend associated binary classifiers to handle multi-category classification problems. An indirect combining technique decomposes the original multi-category problem into, based on some criteria, multiple binary-category problems. We investigated two different approaches for building the binary classifiers. The results of the binary classifiers are then merged using a combining technique---three different combining techniques were studied. We implement some of the indirect combining techniques proposed in recent literature, and apply them to a case study of the DARPA KDD-1999 network intrusion detection project. The results demonstrate the usefulness of using indirect combining techniques for the multi-category classification problem of intrusion detection systems.