An Expert System-based Site Security Officer

Sodiya, Adesina Simon; Adeniran, Olusola; Ikuomola, Ronke
September 2007
Journal of Computing & Information Technology;Sep2007, Vol. 15 Issue 3, p227
Academic Journal
A Site Security Officer (SSO) who is a network security staff that responds to alarms from an Intrusion Detection System (IDS), is always faced with the critical problem of low response time when the network becomes big. Even a skilled SSO is hard-pressed and less productive when collecting and analyzing IDS output manually as the frequency of intrusion increases. In this work, an Expert System-based SSO (ExSSO) is designed to correct this problem. The design presents an architecture that encodes associated expert rules for responding to different categories of intrusions into its rule-based component. The Intrusion Index (II), which determines the extent of intrusion, is calculated to classify intrusions into three categories namely low, high and very high. The inference engine component utilizes the encoded rules to interpret and respond to intrusions based on the Intrusion Index. Visual Basic 6.0 is used to implement the design because of its interactiveness and high ability to support database. Testing the new design with data from three different network environments, the result shows a system that can investigate and respond to an average of 57 intrusions per minute as against the maximum response time of 2 per three minutes in human-based SSO.


Related Articles

  • New options in alarm sounds. Colombo, Allan B. // SDM: Security Distributing & Marketing;Mar1999, Vol. 29 Issue 4, p53 

    Explains how electronic drivers clarify and simplify the annunciation of events, status reports, and command features and functions in security systems. Alarm notification; Voice annunciation; Voice annunciated sensors; Power options. INSET: Why end users want voice prompting..

  • IP PHONE HOME.  // Popular Mechanics;Feb2008, Vol. 185 Issue 2, p104 

    The article provides an answer to a question on how an electronic alarm system links to an emergency call center.

  • Implementing Embedded Expert Systems via Programmable Hardware. Pohronsk√°, M√°ria // Information Sciences & Technologies: Bulletin of the ACM Slovaki;Jun2012, Vol. 4 Issue 2, p10 

    The work deals with intelligent embedded systems, particularly with the problem of application of expert systems in embedded architectures. It summarizes the state of art and challenges in areas of embedded systems and rule-based expert systems, and gives motivations for implementing expert...

  • ONLINE INTRUSION BEHAVIORS: SEQUENCES AND TIME INTERVALS. HAO-EN CHUEH; SHUN-CHUAN HO; SHIH-PENG CHANG; PING-YU HSU // Social Behavior & Personality: an international journal;2010, Vol. 38 Issue 10, p1307 

    In this study we model the sequences and time intervals of online intrusion behaviors. To maintain network security, intrusion detection systems monitor network environments; however, most existing intrusion detection systems produce too many intrusion alerts, causing network managers to...

  • IDSIC: an intrusion detection system with identification capability. Chen, Pei-Te; Laih, Chi-Sung // International Journal of Information Security;Jun2008, Vol. 7 Issue 3, p185 

    Security is an important but challenging issue in current network environments. With the growth of Internet, application systems in enterprises may suffer from new security threats caused by external intruders. This situation results in the introduction of security auditors (SAs) who perform...

  • Profiling User Behavior for Intrusion Detection Using Item Response Modeling. Yun Wang; Melby, Nathaniel J.; Inyoung Kim // Journal of Information Privacy & Security;2007, Vol. 3 Issue 4, p3 

    Item response theory (IRT) is a modern test measurement theory that has been widely used in many research areas over the last decade. This paper presents an IRT modeling approach that fits network traffic to a "test" (normal or abnormal) model and estimates an expected test score of being...

  • Intrusion detection and cybersecurity. Peterson, Dale // InTech;May2004, Vol. 51 Issue 5, p30 

    This article presents several intrusion detection and cybersecurity monitoring products and services used in information technology enterprise networks. Network intrusion detection sensor products sit on the network and evaluates data travelling over the network. This device typically connects...

  • False Negative.  // Network Dictionary;2007, p189 

    A definition of the term "False Negative" is presented. It refers to a failure in an alerting system that is said to commonly occur in an anti-virus product or intrusion detection system. False negative happens when an intrusion condition exists, but it allowed or ignored or missed by the...

  • False Positive.  // Network Dictionary;2007, p189 

    A definition of the term "False Positive" is presented. It refers to a failure in an alerting system that usually occurs in an anti-virus product or intrusion detection system. False positive happens when an intrusion condition is incorrectly reported, meaning the alerting system reported an...


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics