An Expert System-Based Site Security Officer
|
| Title | An Expert System-Based Site Security Officer |
| Authors | |
| Abstract | A Site Security Officer (SSO) who is a network security staff that responds to alarms from an Intrusion Detection System (IDS), is always faced with the critical problem of low response time when the network becomes big. Even a skilled SSO is hard-pressed and less productive when collecting and analyzing IDS output manually as the frequency of intrusion increases. In this work, an Expert System-Based SSO (ExSSO) is designed to correct this problem. The design presents an architecture that encodes associated expert rules for responding to different categories of intrusions into its rule-based component. The Intrusion Index (II), which determines the extent of intrusion, is calculated to classify intrusions into three categories namely low, high and very high. The inference engine component utilizes the encoded rules to interpret and respond to intrusions based on the Intrusion Index. Visual Basic 6.0 is used to implement the design because of its interactiveness and high ability to support database. Testing the new design with data from three different network environments, the result shows a system that can investigate and respond to an average of 57 intrusions per minute as against the maximum response time of 2 per three minutes in human-based SSO. |
| Publisher | University of Zagreb, University Computing Centre - SRCE |
| Date | 1970-01-01 |
| Source | Journal of Computing and Information Technology Vol 15, No 3 (2007) |
| Rights | CIT. Journal of Computing and Information Technology is an open access journal.Authors who publish with this journal agree to the following terms:Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work´s authorship and initial publication in this journal.Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal´s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access). |