3 research outputs found
Counterplanning Deceptions to Foil Cyber-Attack Plans
Proceedings of the 2003 IEEE Workshop in Information Assurance, West Point, NY, June 2003Tactics involving deception are important in military strategies. We have been exploring deliberate deception in defensive tactics by
information systems under cyber-attack as during information warfare. We have developed a tool to systematically "counterplan" or find ways
to foil a particular attack plan. Our approach is to first find all possible atomic "ploys" that can interfere with the plan. Ploys are simple
deceits the operating system can do such as lying about the status of a file. We analyze ploys as to the degree of difficulty they cause to the plan
wherever they can be applied. We then formulate a "counterplan" by selecting the most cost-effective set of ploys and assign appropriate
presentation methods for them, taking into account the likelihood that, if we are not careful, the attacker will realize they are being deceived
and will terminate our game with them. The counterplan can be effected by a modified operating system. We have implemented our
counterplanner in a tool MECOUNTER that uses multi-agent planning coupled with some novel inference methods to efficiently find a best
counterplan. We apply the tool to an example of a rootkit-installation plan and discuss the results.supported by the U.S. Department of Justice Office of Justice Programs and Office for Domestic PreparednessApproved for public release; distribution is unlimited
An Intelligent Tutor for Intrusion Detection on Computer Systems
Computers and Education, pp. 395-404, 1998Intrusion detection is the process of identifying unauthorized usage of a computer system. It an important skill for computer-system administrators. It is difficult to learn on the job because it is needed only occasionally but can be critical. We describe a tutor incorporating two programs. The first program uses artificial-intelligence planning methods to generate realistic audit files reporting actions of a variety of simulated users (including intruders) of a Unix computer system. The second program simulates the system afterwards, and asks the student to inspect the audit and
fix the problems caused by the intruders. This program uses intrusion-recognition rules to itself infer the problems, planning methods to figure how best to fix them, plan-inference methods to track student actions, and tutoring rules to tutor intelligently. Experiments show that students using the tutor learn a significant amount in a short time.Approved for public release; distribution is unlimited
An Intelligent Tutor for Intrusion Detection on Computer Systems
Intrusion detection is the process of identifying unauthorized usage of a computer system. It an important skill for computer-system administrators. It is difficult to learn on the job because it is needed only occasionally but can be critical. We describe a tutor incorporating two programs. The first program uses artificial-intelligence planning methods to generate realistic audit files reporting actions of a variety of simulated users (including intruders) of a Unix computer system. The second program simulates the system afterwards, and asks the student to inspect the audit and fix the problems caused by the intruders. This program uses intrusion-recognition rules to itself infer the problems, planning methods to figure how best to fix them, plan-inference methods to track student actions, and tutoring rules to tutor intelligently. Experiments show that students using the tutor learn a significant amount in a short time