You are here:

An intelligent tutor for intrusion detection on computer systems


Computers & Education Volume 31, Number 4, ISSN 0360-1315 Publisher: Elsevier Ltd


Intrusion detection is the process of identifying unauthorized usage of a computer system. It is an important skill for computer-system administrators. It is difficult to learn on the job because it is needed only occasionally but can be critical. We describe a tutor incorporating two programs. The first program uses artificial-intelligence planning methods to generate realistic audit files reporting actions of a variety of simulated users (including intruders) of a Unix computer system. The second program simulates the system afterwards, and asks the student to inspect the audit and fix the problems caused by the intruders. This program uses intrusion-recognition rules to itself infer the problems, planning methods to figure how best to fix them, plan-inference methods to track student actions, and tutoring rules to tutor intelligently. Experiments show that students using the tutor learn a significant amount in a short time.


Rowe, N.C. & Schiavo, S. (1998). An intelligent tutor for intrusion detection on computer systems. Computers & Education, 31(4), 395-404. Elsevier Ltd. Retrieved July 14, 2020 from .

This record was imported from Computers & Education on January 30, 2019. Computers & Education is a publication of Elsevier.

Full text is availabe on Science Direct: