Anita K. Jones

Temporal signatures for intrusion detection

We introduce a new method for detecting intrusions based on the temporal behavior of applications. It builds on an existing method of application intrusion detection developed at the University of New Mexico that uses a system call sequence as a signature. Intrusions are detected by comparing the signature of the intrusion and that of the normal application. But when the system call sequences generated by the intrusion and the normal application are sufficiently similar, this method cannot work. By extending system call signature to incorporate temporal information related to the application, we form a richer signature. Analysis shows that the temporal behavior for many applications is relatively stable. We exclude high variance data when creating a normal database to characterize an application with a temporal signature. It can then be the basis for future comparisons in an intrusion detection system. This paper discusses experiments that test the effectiveness of the temporal signature on different applications, alternative intrusions, and in various environments. The results show that by choosing appropriate analysis methods and experimentally adjusting the parameters, intrusions are readily detected. Finally, we give some comparisons between the temporal signature method and the system call method.

Application intrusion detection using language library calls

Traditionally, intrusion detection systems detect intrusions at the operating system (OS) level. We explore the possibility of detecting intrusion at the application level by using rich application semantics. We use short sequences of language library calls as signatures. We consider library call signatures to be more application-oriented than system call signatures because they are a more direct reflection of application code. Most applications are written in a higher-level language with an associated support library such as C or C++. We hypothesize that library call signatures can be used to detect attacks that cause perturbation in the application code. We are hopeful that this technique will be amenable to detecting attacks that are carried out by internal intruders, who are viewed as legitimate users by an operating system.

The explosive growth of postdocs in computer science

Considering the factors influencing the recent rapid increase in the number of postdoctoral positions in computer science.

A call to serve.

Once Barack Obama becomes the 44th president of the United States in January 2009, he will, sooner or later, appoint individuals to science and technology policy positions within the executive branch of government. It seems as though every science- and engineering-related think tank either has published, or shortly will, a report calling on the new administration to appoint these people quickly and give them the authority and tools to do their job.

Ask not what your postdoc can do for you ...

Seeking more effective strategies for training and nurturing CS postdocs to ensure their success.