Can you Trust your Data?

A new program analysis is presented, and two compile time methods for this analysis are given. The analysis attempts to answer the question: “Given some trustworthy and some untrustworthy input, can we trust the value of a given variable after execution of some code”. The analyses are based on an abstract interpretation framework and a constraint generationframework, respectively. The analyses are proved safe with respect to an instrumented semantics. We explicitly deal with a language with pointers and possible aliasing problems.The constraint based analysis is related directly to the abstract interpretation and therefore indirectly to the instrumented semantics

A tour of the worm

technical reportOn the evening of November 2, 1988, a self-replicating program was released upon the Internet 1. This program (a worm) invaded VAX and Sun-3 computers running versions of Berkeley UNIX, and used their sources to attack still more computers2. Within the space of hours this program had spread aacross the U.S., infecting hundreds or thousands of computers and making many of them unusable due to the burden of its activity. This paper provides a chronology for the outbreak and presents a detailed description of the internals of the worm, based on a C version produced by decompiling

Making information flow explicit in HiStar

HiStar is a new operating system designed to minimize the amount of code that must be trusted. HiStar provides strict information flow control, which allows users to specify precise data security policies without unduly limiting the structure of applications. HiStar's security features make it possible to implement a Unix-like environment with acceptable performance almost entirely in an untrusted user-level library. The system has no notion of superuser and no fully trusted code other than the kernel. HiStar's features permit several novel applications, including privacy-preserving, untrusted virus scanners and a dynamic Web server with only a few thousand lines of trusted code.National Science Foundation (U.S.) (Cybertrust Award CNS-0716806)National Science Foundation (U.S.) (Cybertrust/DARPA Grant CNS-0430425

Rover Mosaic : e-mail communication for a full-function Web browser

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1995.Includes bibliographical references (p. 41-43).by Alan F. deLespinasse.M.Eng

WiFi Miner: An online apriori and sensor based wireless network Intrusion Detection System

This thesis proposes an Intrusion Detection System, WiFi Miner, which applies an infrequent pattern association rule mining Apriori technique to wireless network packets captured through hardware sensors for purposes of real time detection of intrusive or anomalous packets. Contributions of the proposed system includes effectively adapting an efficient data mining association rule technique to important problem of intrusion detection in a wireless network environment using hardware sensors, providing a solution that eliminates the need for hard-to-obtain training data in this environment, providing increased intrusion detection rate and reduction of false alarms. The proposed system, WiFi Miner, solution approach is to find frequent and infrequent patterns on pre-processed wireless connection records using infrequent pattern finding Apriori algorithm also proposed by this thesis. The proposed Online Apriori-Infrequent algorithm improves the join and prune step of the traditional Apriori algorithm with a rule that avoids joining itemsets not likely to produce frequent itemsets as their results, thereby improving efficiency and run times significantly. A positive anomaly score is assigned to each packet (record) for each infrequent pattern found while a negative anomaly score is assigned for each frequent pattern found. So, a record with final positive anomaly score is considered as anomaly based on the presence of more infrequent patterns than frequent patterns found

A Genetic Algorithm Based elucidation for improving Intrusion Detection through condensed feature set by KDD 99 data set

An Intrusion detection system's main aim is to identify the normal and intrusive activities. The objective of this paper is to incorporate Genetic algorithm with reduced feature set into the system to detect and classify intrusions from normal. The experiments and evaluations of the proposed method were done using KDD cup 99 data set. The Genetic algorithm is used to derive a set of rules from the reduced training data set, and the fitness function is employed to judge the quality of rules. Keywords: Genetic Algorithm, Detection Rate, Intrusion Detection System, Reduced Feature Set, KDD 99 data set