SPECIFICATIONLESS INTRUSTION DETECTION USING THERMODYNAMIC FORMALISM OF FREE ENERGY
Hutton, William James
MetadataShow full item record
This dissertation serves as a sort of historical road map on my journey to help secure not just computers, but the networks that connect them, and their sometimes critical mission, and the people that depend upon them. We start with the most theoretically stimulating (and difficult to understand; yet most promising) subject of the thermodynamic formalism of free energy. We investigate two algorithms; one to estimate the free energy observed by a system, and another algorithm that makes use of additional side information to estimate free energy with more precision and selectivity for classification. We demonstrate that the estimation of free energy can classify malicious network traffic as abnormal in absence of a given model. The second chapter applies our free energy approach to a Boolean feature vectors for a notional cyber security system. In this chapter we describe how to establish upper and lower bounds of trust as a real number which can be used to help secure resource constrained systems. We also introduce the concept of trust decay, which is a range of real numbers. The third chapter is an older journal paper that when combined with our theory of free energy may be useful in detecting collaboration between observed entities as well as estimate the channel capacity of some types of covert channels. Last but not least is a chapter that I am particularly proud of for its novel approach to a particularly vexing problem in computer security: how to improve upon the ubiquitous password for user authentication. This work illustrates the level of detail required for scientific repeatability, which is entirely lacking in the field of cyber security today.