Project 5
Spring 2001
Due: May 3rd @ 4 PM
12 points
With the commercialization of the Internet, computer security has become a prominent concern. An aspect of protecting computers and data is intrusion detection, and while there are many facets of this effort, one is to determine if someone's current behavior on a computing system is similar to past behavior. Audit programs, like the UNIX acctcom command, record information about the commands that individuals use, the amount of CPU time required to execute the command, how CPU intensive it was, the amount of information transferred to and from disk, and the like.
For this project, you are to write a program that will take data derived from a computer user's recent session and will compare it to past, historic data. Each user profile consists of 22 fields. The first is the user's login name. (The names have been changed to protect the innocent.) The remaining 21 are measures computed for a session (i.e., login to logout): the average, minimum, and maximum of three time measures (real time, system time, and user time), two measures of data transfer (characters transferred and blocks read and written) and two measures of CPU utilization (CPU time and hog factor). An example of a record for the user bugs is:
bugs 64307.2567 0.1700 96460.8000 0.2600 0.0200 0.5000 0.1867 0.0200 0.2700 1829 5.3333 1030.0000 64736.0000 11.0000 0.0000 0.0000 0.4400 0.1200 0.5000 0.0667 0.0000 0.2000The basic idea is to take profiles, from a file, like recent.dta, or entered from the keyboard, and to compare them to profiles stored in a linked list, finding the most similar entry. If the two most similar records have the same user name, then we can assume that they were produced by the same person, the correct user. However, if there is a mismatch, then either the real user's behavior has changed, or someone, perhaps a cracker, is masquerading as the true user.
A collection of past profiles is stored in the file past.dta. As shown in the sample run, the program should report matches and mismatches. Develop your own measure of similarity, and there are many you could use. Here's the high-level design. Your program should let the user load profiles from a file, add new profiles from either a file or from the keyboard, save stored profiles to a file, clear the profiles stored in the linked list, classify profiles from either a file or entered from the keyboard, and, of course, quit the program.
Instructions for Electronic Submission: At the top of the file containing your source code (i.e., the file containing the C++ instructions), place the following header comment, with the appropriate modifications:
// // Project 4 // Name: <your name> // SID: <last four digits of student ID> // E-mail: <e-mail address> // Instructor: Maloof // TA: <TA's name> // COSC 071-<section number> // // Description: <Describe your program> //
All programs must run under UNIX and must compile using GNU g++. When you are ready to submit your program for grading, e-mail it to your TA using the last four digits of your student ID and the suffix ``.cc'' as the subject line.
For example, if the last four digits of your student ID is 1234, the name of your source file is proj4.cc, and your TA's e-mail address is ``imagoodta@georgetown.edu'', then you would type at the UNIX prompt:
gusun% mailx -s "1234.cc" imagoodta@georgetown.edu < proj4.ccYou are executing the mailx command. The -s option indicates that the string "1234.cc" is the subject heading. imgagoodta@georgetown.edu is the address to which the mail will be sent. The part ``< proj4.cc'' takes your source file and directs it into the mailx command.
You can also use pine to submit your project. After filling in the To and Subject fields, type the ^R command in the MESSAGE TEXT screen. Pine will ask for a file name, which it will then load as your message text. Type ^X to send the e-mail.
You must submit your project by e-mail before 5:00 P.M. on the due date. Late projects will be subject to a penalty.
If you need to include a message to you TA about your submission, then type the message as a comment in the program.
Once you've submitted your project, it is important to keep an electronic copy on a university machine (e.g., gusun or cssun) that preserves the modification date and time. If we lose your project or the e-mail system breaks, then we will need to look at the modification date and time of your project to ensure that you submitted it before it was due.