SECURITY ISSUES IN COMPUTERS, NETWORKS,
AND SENSORS
With increased use of heterogeneous networks of wired and wireless computers and sensors, security issues
become far more complex. Rensselaer researchers are working on solutions to a range of security issues
involving intrusions into secure areas, attacks on individual computers, and attacks on networks.
Detecting Unauthorized Computer Users
Rensselaer researchers have created several systems for unmasking attackers:
 Data Mining Mohammed Zaki, assistant professor of computer science, has developed ADMIT
(Anomaly-based Data Mining for Intrusions), which detects unauthorized users, including those who
have successfully navigated passwords and other barriers and have begun to use the system. Using data
mining techniques, Dr. Zaki’s system builds a user profile based on the computer user’s normal
patterns of commands such as “copy” or “delete.” The ADMIT system also takes into account “drift”
in user behavior, changes that develop naturally over a period of time. Once the training phase is
completed, ADMIT warns the network administrator if clusters of commands on a specific computer
are deviating from the normal use pattern. While a single alarm may not be unusual, a series of alarms
in quick succession notifies the administrator to check on the user. In tests, ADMIT has been 80
percent accurate in detecting intruders with only a 15 percent false positive rate. Contact: Mohammed
Zaki (518) 276-6340, zaki@cs.rpi.edu
 Mathematical Models Boleslaw Szymanski, professor of computer science and founding director of
the Center for Pervasive Computing and Networking at Rensselaer, uses several other approaches to
detect attacks on individual computers. To detect an intrusion in which an attacker gains unauthorized
access to a valid user’s account and acts disruptively, Dr. Szymanski uses probabilistic state finite
automata (PSFA), mathematical models of computations augmented with probabilities. They detect
anomalies, or variations from the norm. The system stores information about the normal user’s
frequent commands and the normal order in which they occur, and regularly updates the user’s profile.
PSFAs have proven very successful in detecting unusual behavior. Dr. Szymanski also uses a system
based on the string matching algorithms developed in bioinformatics for matching DNA sequences.
Instead of looking at strands of DNA, the system analyzes 100 command sequences, aligning the
current session on a specific computer with the user’s signature, seeking gaps and mismatches.
 The Conceptor In another project, Dr. Szymanski uses the Conceptor, a networked group of
processors that use inputs from sensors in a dynamically changing environment to build a coherent
view of that environment. In an application known as COMMAND (Conceptor Misuse and
Masquerading Nonuser Detection), the Conceptor creates concepts of the user’s typical behavior and
gives a warning when there is too much input that does not map into the user’s normal concepts.
Contacts: Mohammed Zaki (518) 276-6340, zaki@cs.rpi.edu, Boleslaw Szymanski (518) 276-2714,
szymansk@cs.rpi.edu
-more-
Network Attacks
Dr. Szymanski’s team is investigating two methods of detecting network attacks.
 DOORS In previous research, he developed DOORS (Distributed Object Oriented Repository
Simulation), a distributed network monitoring tool that sends out JAVA-based mobile agents to collect
network data with high reliability and low overhead. The team is adapting that system to collect data
that can be used to recognize and react to attacks such as denial of service, in which networks are
flooded with large numbers of messages from numerous sources, causing them to crash. Based on a
neural network, the system learns to analyze network traffic and recognize attacks.
 Recognizing the Signature Dr. Szymanski uses time dependent finite automata, a type of
mathematical model, to recognize the “signature” of certain attacks in real-time so damage can be
prevented. Because the system considers not only specific events but also the time intervals between
events, it is highly accurate in recognizing the attacks it has been programmed to detect.
Secure Software
Software for real-time, distributed, mobile applications is subject to a variety of attacks, and a combination of
methods is needed for protection. David Musser, professor of computer science, is known for his work on
generic software libraries. He is now looking at ways to develop libraries of security-enhanced generic
components. In some current schemes, proof-carrying code is used, and new code that comes from an untrusted
source or by way of an insecure network is not accepted until the proofs it carries are checked. Musser suggests
that generic code-carrying proofs can be sent, in which the code is only implicitly present in the form of the
proofs but can be easily extracted at the consumer end after the proofs are checked. This requires less memory
on the user’s end, an especially important advantage in the case of embedded systems with tight memory
constraints. The use of generic programming greatly simplifies programming and amortizes costs. Contact:
David Musser (518) 276-8660, musser@cs.rpi.edu
Video Protection Against Intruders
Vera Kettnaker, assistant professor of computer science at Rensselaer, develops mathematical models for
analyzing video data. Using stochastic models (mathematical models of time-varying processes based on
probability), she is developing a system to monitor high-security rooms and detect intruders or suspicious
behavior by employees. Security cameras monitor the room, and the images are then computer processed to
detect unusual behavior. Unlike other systems, her methods place a time stamp on all activities. Computer
models of all employees’ behavior include specific information about their usual movements and the time these
actions take place. (Cleaning employees, for example, may legitimately enter at night, while other employees
are normally seen only during their work shifts.) If unusual activities are detected, an alarm can alert security
personnel to investigate. Kettnaker has received an NSF CAREER Award to develop a similar system to detect
health emergencies of senior citizens in their homes. Contact: Vera Kettnaker (518) 276 –6957,
kettnv@cs.rpi.edu
Network of Sensors: Adapting Security Level to Battery Power
A group of Rensselaer Researchers led by Bulent Yener, associate professor of computer science, is looking at
the specific security problems presented by an ad hoc wireless network with limited battery power, such as a
group of tiny observation sensors deployed by the military. Yener, Boleslaw Szymanski, and Tong Zhang,
assistant professor of electrical, computer, and systems engineering (ECSE), are designing an on-line controller
that can adapt and make intelligent decisions about the level of security that will be provided as battery power
diminishes. Contact: Bulent Yener (518) 276-6907, yener@cs.rpi.edu
Security Gaps at the Border
The worldwide Internet is actually a group of networks, and messages that travel around the world must move
smoothly from network to network. The Border Gateway Protocol (BGP), which regulates passage of messages
from one network to another, contains security gaps, according to Biplab Sikdar, ECSE assistant professor. He
leads a Rensselaer group that is working to understand these gaps and to design a security system for each
potential attack scenario. His group is seeking ways to optimize the way BGP processes messages and is
building models of possible attacks in the form of “trees,” a basic method of arranging and storing data.
Contact: Biplab Sikdar (518) 276-6664, sikdab@rpi.edu