An intrusion-detection tutoring system using means-ends analysis

This research designed and implemented an intelligent tutoring system for teaching computer intrusion detection to potential or current system administrators of computer networks. The Intrusion- Detection Tutoring System (IDTS) is an intelligent tutoring system built using Quintus Prolog and METUTOR...

Full description

Bibliographic Details
Main Author: Schiavo, Sandra Jean.
Other Authors: Neil C. Rowe
Language:en_US
Published: Monterey, California. Naval Postgraduate School 2013
Online Access:http://hdl.handle.net/10945/35082
id ndltd-nps.edu-oai-calhoun.nps.edu-10945-35082
record_format oai_dc
spelling ndltd-nps.edu-oai-calhoun.nps.edu-10945-350822014-11-27T16:18:55Z An intrusion-detection tutoring system using means-ends analysis Schiavo, Sandra Jean. Neil C. Rowe Computer Science This research designed and implemented an intelligent tutoring system for teaching computer intrusion detection to potential or current system administrators of computer networks. The Intrusion- Detection Tutoring System (IDTS) is an intelligent tutoring system built using Quintus Prolog and METUTOR general-purpose tutoring software written by Professor Rowe. The operating environment of the IDTS is a virtual one, based on UNIX; it uses some common UNIX commands and file hierarchy. After both student and tutor analyze a static audit file to find suspicious and or malicious behavior, the student tries to fix the damage, and the computer critiques the student's actions using means-ends analysis. Using its nineteen behavior rules, IDTS can classify eleven different types of intruder behavior known to exploit system vulnerabilities, and can tutor the student how to detect this behavior and how to efficiently return the system to a secure state after the intrusion has occurred. Four different audit files of varying length were tested with IDTS. IDTS correctly identified most intruder behavior in both manually and computer generated audit files, and showed it could correctly tutor on that behavior. 2013-08-13T22:06:23Z 2013-08-13T22:06:23Z 1995-03 Thesis http://hdl.handle.net/10945/35082 en_US This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, it may not be copyrighted. Monterey, California. Naval Postgraduate School
collection NDLTD
language en_US
sources NDLTD
description This research designed and implemented an intelligent tutoring system for teaching computer intrusion detection to potential or current system administrators of computer networks. The Intrusion- Detection Tutoring System (IDTS) is an intelligent tutoring system built using Quintus Prolog and METUTOR general-purpose tutoring software written by Professor Rowe. The operating environment of the IDTS is a virtual one, based on UNIX; it uses some common UNIX commands and file hierarchy. After both student and tutor analyze a static audit file to find suspicious and or malicious behavior, the student tries to fix the damage, and the computer critiques the student's actions using means-ends analysis. Using its nineteen behavior rules, IDTS can classify eleven different types of intruder behavior known to exploit system vulnerabilities, and can tutor the student how to detect this behavior and how to efficiently return the system to a secure state after the intrusion has occurred. Four different audit files of varying length were tested with IDTS. IDTS correctly identified most intruder behavior in both manually and computer generated audit files, and showed it could correctly tutor on that behavior.
author2 Neil C. Rowe
author_facet Neil C. Rowe
Schiavo, Sandra Jean.
author Schiavo, Sandra Jean.
spellingShingle Schiavo, Sandra Jean.
An intrusion-detection tutoring system using means-ends analysis
author_sort Schiavo, Sandra Jean.
title An intrusion-detection tutoring system using means-ends analysis
title_short An intrusion-detection tutoring system using means-ends analysis
title_full An intrusion-detection tutoring system using means-ends analysis
title_fullStr An intrusion-detection tutoring system using means-ends analysis
title_full_unstemmed An intrusion-detection tutoring system using means-ends analysis
title_sort intrusion-detection tutoring system using means-ends analysis
publisher Monterey, California. Naval Postgraduate School
publishDate 2013
url http://hdl.handle.net/10945/35082
work_keys_str_mv AT schiavosandrajean anintrusiondetectiontutoringsystemusingmeansendsanalysis
AT schiavosandrajean intrusiondetectiontutoringsystemusingmeansendsanalysis
_version_ 1716725442356969472