An Expert System-Based Site Security Officer
Abstract
A Site Security Officer (SSO) who is a network security staff that responds to alarms from an Intrusion Detection System (IDS), is always faced with the critical problem of low response time when the network becomes big. Even a skilled SSO is hard-pressed and less productive when collecting and analyzing IDS output manually as the frequency of intrusion increases. In this work, an Expert System-Based SSO (ExSSO) is designed to correct this problem. The design presents an architecture that encodes associated expert rules for responding to different categories of intrusions into its rule-based component. The Intrusion Index (II), which determines the extent of intrusion, is calculated to classify intrusions into three categories namely low, high and very high. The inference engine component utilizes the encoded rules to interpret and respond to intrusions based on the Intrusion Index. Visual Basic 6.0 is used to implement the design because of its interactiveness and high ability to support database. Testing the new design with data from three different network environments, the result shows a system that can investigate and respond to an average of 57 intrusions per minute as against the maximum response time of 2 per three minutes in human-based SSO.
Full Text:
PDFDOI: https://doi.org/10.2498/cit.1000961
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.