Detecting Anomalies and Intruders
暂无分享,去创建一个
Brittleness is a well-known problem in expert systems where a conclusion can be made, which human common sense would recognise as impossible e.g. that a male is pregnant. We have extended previous work on prudent expert systems to enable an expert system to recognise when a case is outside its range of experience. We have also used the same technique to detect new patterns of network traffic, suggesting a possible attack. In essence we use Ripple Down Rules to partition a domain, and add new partitions as new situations are identified. Within each supposedly homogeneous partition we use fairly simple statistical techniques to identify anomalous data. The special feature of these statistics is that they are reasonably robust with small amounts of data. This critical situation occurs whenever a new partition is added.
[1] P. Compton,et al. A philosophical basis for knowledge acquisition , 1990 .
[2] G Edwards,et al. Prudent expert systems with credentials: managing the expertise of decision support systems. , 1995, International journal of bio-medical computing.
[3] Ramanathan V. Guha,et al. CYC: A Midterm Report , 1990, AI Mag..
[4] Paul Compton,et al. Knowledge based systems that have some idea of their limits , 1996 .