Abstract
Intrusion detection systems (IDS) have gained considerable popularity and importance in recent years. Much of this is due to the increased value of computer systems and the increased business and national concern over system security. An IDS may be classified into one of several categories; an important category is that of signature verification. A signature verification system detects intrusion based upon a named signature (e.g. a common textual string) and is decomposed into several components, two of which are the intrusion sensors and the analyzer. This thesis focuses on developing a novel model for the analysis component of a signature verification system.

The approach described in this thesis is based on an enhanced conceptual space representation. A model for representing proper behavior on a system is developed and applied to intrusion detection. Intrusion activities are detected by first mapping observed activities to the conceptual space. The resulting representation is then analyzed. A particular geometric object termed a superellipsoid is the major enhancement to the conceptual space proposed in this thesis. A proof of the optimality of the superellipsoid is developed. A prototype system that implements this approach was developed and tested.