AudES - An Expert System for Security Auditing

  • Authors:
  • Gene Tsudik;Rita C. Summers

  • Affiliations:
  • -;-

  • Venue:
  • IAAI '90 Proceedings of the The Second Conference on Innovative Applications of Artificial Intelligence
  • Year:
  • 1990

Quantified Score

Hi-index 0.00

Visualization

Abstract

Computer security auditing constitutes an important part of any organization's security procedures. Because of the many inadequacies of the currently used manual methods, thorough and timely auditing is often difficult to attain. The recent literature suggests that expert system techniques can offer significant benefits when applied to security procedures such as risk analysis, security auditing, and intrusion detection. This chapter presents an example of a novel expert system application, an expert system for security auditing (AudES). Issues in the development and use of the expert system that are unique to the application domain are discussed.The importance of effective computer security measures has become increasingly evident with the advent of recently publicized intrusion attempts and virus attacks. Any organization implementing computer security policies is faced with a wide range of potential threats. Although some types of threats can be effectively countered using real-time methods (Anderson 1980; Denning 1987; Lunt and Jagannathan 1988), detection of others remains too time or resource intensive to address in real time. After-the-fact security auditing is frequently used to detect anomalous events that fall out of the scope of real-time security measures. A landmark study by Anderson (1980) suggests that external intrusion attempts can be detected by auditing log-in records and that some internal intruders can be detected by analyzing resource access attempts.Some recent literature indicates that AI techniques (expert system methods in particular) might have much to offer computer security practitioners (Summers and Kurzban 1988; Lunt 1988). The AudES expert system is an experiment in investigating potential expert system applications in the area of computer security auditing. It is designed to automate manual security auditing procedures and alleviate the burden on human auditors. AudES is interposed between a human auditor and the resource access control facility (RACF) (IBM Corporation 1990), a popular security mechanism for IBM mainframe systems.