An intelligent tutor for intrusion detection on computer systems
Computers & Education Volume 31, Number 4, ISSN 0360-1315 Publisher: Elsevier Ltd
Intrusion detection is the process of identifying unauthorized usage of a computer system. It is an important skill for computer-system administrators. It is difficult to learn on the job because it is needed only occasionally but can be critical. We describe a tutor incorporating two programs. The first program uses artificial-intelligence planning methods to generate realistic audit files reporting actions of a variety of simulated users (including intruders) of a Unix computer system. The second program simulates the system afterwards, and asks the student to inspect the audit and fix the problems caused by the intruders. This program uses intrusion-recognition rules to itself infer the problems, planning methods to figure how best to fix them, plan-inference methods to track student actions, and tutoring rules to tutor intelligently. Experiments show that students using the tutor learn a significant amount in a short time.
Rowe, N.C. & Schiavo, S. (1998). An intelligent tutor for intrusion detection on computer systems. Computers & Education, 31(4), 395-404. Elsevier Ltd.