PhD Seminar Course on

Detection theory and its applications to computer security

Cagliari, June 14-24, 2011


This activity was made possible by the "Visiting Professors 2010" program of the University of Cagliari, sponsored by the Autonomous Region of Sardinia
Instructor: Alvaro Cardenas - Fujitsu Laboratories of America
Duration: 8 hours
Schedule:

Lecture 1 (2 hours): Tuesday,    June 14, 09-11  Mocci room, DIEE building A

Lecture 2 (2 hours): Tuesday,    June 21, 09-11,  Y room, main Faculty building

Lecture 3 (2 hours): Wednesday,    June 22, 09-11  Y room, main Faculty building

Lecture 4 (2 hours): Friday,    June 24, 09-11 Y room, main Faculty building

Topics: Several problems in computer and network security require the analysis of a sequence of observations over time or space. Because these sequence (time-series) can be interpreted as a "signal", many computer security problems can benefit from the theory and algorithms developed by the signal processing community, and in particular, from detection theory, which focuses on determining the hypothesis that generated the signal (e.g., normal hypothesis, or attack hypothesis).

Most of the theory and results of signal processing were obtained under the assumptions of relatively benign scenarios. In signal processing we usually assume specific properties of the signal or the noise. These assumptions--while not valid at all times--may model the system accurately enough for most practical purposes. However, when we apply signal processing tests for computer security problems, we face an intelligent opponent who will try to exploit any of our erroneous assumptions. In this course we will study how and when to apply detection theory algorithms to computer security problems.

Lecture 1: General overview of detection theory, Neyman-Pearson theory, sequential detection, and change detection algorithms. It will also cover some basic game theoretic concepts that will be applied in future lectures

Lecture 2: The second lecture will apply game theory to the detection problem with the goal of modeling the adversary and obtain provably-secure detection algorithms. These algorithms will be applied to problems in MAC-layer protocol misbehavior, intrusion detection, and watermarking.

Lecture 3: The second lecture will apply game theory to the detection problem with the goal of modeling the adversary and obtain provably-secure detection algorithms. These algorithms will be applied to problems in MAC-layer protocol misbehavior, intrusion detection, and watermarking.

Lecture 4: The final lecture will cover miscellaneous topics and some of my current research, including metrics and how to evaluate classifiers, autoregressive models for clustering and anomaly detection, and detection of anomalies in critical infrastructures.

Organizer: Giorgio Giacinto
Dep. of Electrical and Electronic Engineering
University of Cagliari, Italy
Email: giacinto(at)diee(dot)unica(dot)it