An Intelligent Tutor for Intrusion Detection on Computer Systems

Abstract

Intrusion detection is the process of identifying unauthorized usage of a computer system. It an important skill for computer-system administrators. It is difficult to learn on the job because it is needed only occasionally but can be critical. We describe a tutor incorporating two programs. The first program uses artificial-intelligence planning methods to generate realistic audit files reporting actions of a variety of simulated users (including intruders) of a Unix computer system. The second program simulates the system afterwards, and asks the student to inspect the audit and fix the problems caused by the intruders. This program uses intrusion-recognition rules to itself infer the problems, planning methods to figure how best to fix them, plan-inference methods to track student actions, and tutoring rules to tutor intelligently. Experiments show that students using the tutor learn a significant amount in a short time.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 1998
Accession Number
ADA484520

Entities

People

  • Neil C. Rowe
  • Sandra Schiavo

Organizations

  • Naval Postgraduate School

Tags

DTIC Thesaurus Topics

  • Anomaly Detection
  • Artificial Intelligence
  • Change Detection
  • Computer Science
  • Computers
  • Cybersecurity
  • Detection
  • Information Systems
  • Intrusion
  • Intrusion Detection
  • Operating Systems
  • Robotics
  • Security
  • Simulators
  • Students
  • Threats
  • Training

Fields of Study

  • Computer science

Readers

  • Artificial Intelligence
  • Computer Science.
  • Sensor Fusion and Tracking Systems.

Technology Areas

  • AI & ML