An Intrusion-Detection Tutoring System Using Means-Ends Analysis.

Abstract

This research designed and implemented an intelligent tutoring system for teaching computer intrusion detection to potential or current system administrators of computer networks. The Intrusion- Detection Tutoring System (IDTS) is an intelligent tutoring system built using Quintus Prolog and METUTOR general-purpose tutoring software written by Professor Rowe. The operating environment of the IDTS is a virtual one, based on UNIX; it uses some common UNIX commands and file hierarchy. After both student and tutor analyze a static audit file to find suspicious and or malicious behavior, the student tries to fix the damage, and the computer critiques the student's actions using means-ends analysis. Using its nineteen behavior rules, IDTS can classify eleven different types of intruder behavior known to exploit system vulnerabilities, and can tutor the student how to detect this behavior and how to efficiently return the system to a secure state after the intrusion has occurred. Four different audit files of varying length were tested with IDTS. IDTS correctly identified most intruder behavior in both manually and computer generated audit files, and showed it could correctly tutor on that behavior.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 1995
Accession Number
ADA294283

Entities

People

  • Sandra J. Schiavo

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Artificial Intelligence
  • California
  • Classification
  • Computer Programs
  • Computer Science
  • Computers
  • Cybersecurity
  • Detection
  • Expert Systems
  • Hierarchies
  • Information Systems
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Operating Systems
  • Trojan Horse

Fields of Study

  • Computer science

Readers

  • Archaeological Resource Survey
  • Artificial Intelligence
  • Cybersecurity.