Security Issues in Computers, Networks, and Sensors

With increased use of heterogeneous networks of wired and wireless computers and sensors, security issues become far more complex. Rensselaer researchers are working on solutions to a range of security issues involving intrusions into secure areas, attacks on individual computers, and attacks on networks.   

Detecting Unauthorized Computer Users

Rensselaer researchers have created several systems for unmasking attackers:

Data Mining Mohammed Zaki, assistant professor of computer science, has developed ADMIT (Anomaly-based Data Mining for Intrusions), which detects unauthorized users, including those who have successfully navigated passwords and other barriers and have begun to use the system. Using data mining techniques, Dr. Zaki’s system builds a user profile based on the computer user’s normal patterns of commands such as “copy” or “delete.” The ADMIT system also takes into account “drift” in user behavior, changes that develop naturally over a period of time. Once the training phase is completed, ADMIT warns the network administrator if clusters of commands on a specific computer are deviating from the normal use pattern. While a single alarm may not be unusual, a series of alarms in quick succession notifies the administrator to check on the user. In tests, ADMIT has been 80 percent accurate in detecting intruders with only a 15 percent false positive rate.

Mathematical Models Boleslaw Szymanski, professor of computer science and founding director of the Center for Pervasive Computing and Networking at Rensselaer, uses several other approaches to detect attacks on individual computers. To detect an intrusion in which an attacker gains unauthorized access to a valid user’s account and acts disruptively, Dr. Szymanski uses probabilistic state finite automata (PSFA), mathematical models of computations augmented with probabilities. They detect anomalies, or variations from the norm. The system stores information about the normal user’s frequent commands and the normal order in which they occur, and regularly updates the user’s profile. PSFAs have proven very successful in detecting unusual behavior. Dr. Szymanski also uses a system based on the string matching algorithms developed in bioinformatics for matching DNA sequences. Instead of looking at strands of DNA, the system analyzes 100 command sequences, aligning the current session on a specific computer with the user’s signature, seeking gaps and mismatches.

The Conceptor In another project, Dr. Szymanski uses the Conceptor, a networked group of processors that use inputs from sensors in a dynamically changing environment to build a coherent view of that environment. In an application known as COMMAND (Conceptor Misuse and Masquerading Nonuser Detection), the Conceptor creates concepts of the user’s typical behavior and gives a warning when there is too much input that does not map into the user’s normal concepts.

Network Attacks

Dr. Szymanski’s team is investigating two methods of detecting network attacks.

DOORS In previous research, he developed DOORS (Distributed Object Oriented Repository Simulation), a distributed network monitoring tool that sends out JAVA-based mobile agents to collect network data with high reliability and low overhead. The team is adapting that system to collect data that can be used to recognize and react to attacks such as denial of service, in which networks are flooded with large numbers of messages from numerous sources, causing them to crash. Based on a neural network, the system learns to analyze network traffic and recognize attacks.
 

Recognizing the Signature Dr. Szymanski uses time dependent finite automata, a type of mathematical model, to recognize the “signature” of certain attacks in real-time so damage can be prevented. Because the system considers not only specific events but also the time intervals between events, it is highly accurate in recognizing the attacks it has been programmed to detect.
 

Secure Software

Software for real-time, distributed, mobile applications is subject to a variety of attacks, and a combination of methods is needed for protection. David Musser, professor of computer science, is known for his work on generic software libraries. He is now looking at ways to develop libraries of security-enhanced generic components. In some current schemes, proof-carrying code is used, and new code that comes from an untrusted source or by way of an insecure network is not accepted until the proofs it carries are checked. Musser suggests that generic code-carrying proofs can be sent, in which the code is only implicitly present in the form of the proofs but can be easily extracted at the consumer end after the proofs are checked. This requires less memory on the user’s end, an especially important advantage in the case of embedded systems with tight memory constraints. The use of generic programming greatly simplifies programming and amortizes costs.

Video Protection Against Intruders

Vera Kettnaker, assistant professor of computer science at Rensselaer, develops mathematical models for analyzing video data. Using stochastic models (mathematical models of time-varying processes based on probability), she is developing a system to monitor high-security rooms and detect intruders or suspicious behavior by employees. Security cameras monitor the room, and the images are then computer processed to detect unusual behavior. Unlike other systems, her methods place a time stamp on all activities. Computer models of all employees’ behavior include specific information about their usual movements and the time these actions take place. (Cleaning employees, for example, may legitimately enter at night, while other employees are normally seen only during their work shifts.) If unusual activities are detected, an alarm can alert security personnel to investigate. Kettnaker has received an NSF CAREER Award to develop a similar system to detect health emergencies of senior citizens in their homes.
 

Network of Sensors: Adapting Security Level to Battery Power
 

A group of Rensselaer Researchers led by Bulent Yener, associate professor of computer science, is looking at the specific security problems presented by an ad hoc wireless network with limited battery power, such as a group of tiny observation sensors deployed by the military. Yener, Boleslaw Szymanski, and Tong Zhang, assistant professor of electrical, computer, and systems engineering (ECSE), are designing an on-line controller that can adapt and make intelligent decisions about the level of security that will be provided as battery power diminishes.

Security Gaps at the Border
 

The worldwide Internet is actually a group of networks, and messages that travel around the world must move smoothly from network to network. The Border Gateway Protocol (BGP), which regulates passage of messages from one network to another, contains security gaps, according to Biplab Sikdar, ECSE assistant professor. He leads a Rensselaer group that is working to understand these gaps and to design a security system for each potential attack scenario. His group is seeking ways to optimize the way BGP processes messages and is building models of possible attacks in the form of “trees,” a basic method of arranging and storing data.