Accession Number : ADA294283

Title :   An Intrusion-Detection Tutoring System Using Means-Ends Analysis.

Descriptive Note : Master's thesis,

Corporate Author : NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Personal Author(s) : Schiavo, Sandra J.

PDF Url : ADA294283

Report Date : MAR 1995

Pagination or Media Count : 155

Abstract : This research designed and implemented an intelligent tutoring system for teaching computer intrusion detection to potential or current system administrators of computer networks. The Intrusion- Detection Tutoring System (IDTS) is an intelligent tutoring system built using Quintus Prolog and METUTOR general-purpose tutoring software written by Professor Rowe. The operating environment of the IDTS is a virtual one, based on UNIX; it uses some common UNIX commands and file hierarchy. After both student and tutor analyze a static audit file to find suspicious and or malicious behavior, the student tries to fix the damage, and the computer critiques the student's actions using means-ends analysis. Using its nineteen behavior rules, IDTS can classify eleven different types of intruder behavior known to exploit system vulnerabilities, and can tutor the student how to detect this behavior and how to efficiently return the system to a secure state after the intrusion has occurred. Four different audit files of varying length were tested with IDTS. IDTS correctly identified most intruder behavior in both manually and computer generated audit files, and showed it could correctly tutor on that behavior.

Descriptors :   *DATA PROCESSING SECURITY, *COMPUTER AIDED INSTRUCTION, *INTRUSION DETECTION, COMPUTER PROGRAMS, EDUCATION, STUDENTS, VULNERABILITY, THESES, OPERATING SYSTEMS(COMPUTERS), EXPERT SYSTEMS, ADMINISTRATIVE PERSONNEL, BEHAVIOR, COMPUTER NETWORKS, COMPUTER FILES, INTRUSION, AUDITING.

Subject Categories : Computer Programming and Software
      Computer Systems Management and Standards

Distribution Statement : APPROVED FOR PUBLIC RELEASE