Plan recognition in intrusion detection systems using logic programming

Author

Chintabathina, S. ; Villacis, J. ; Walker, J.J. ; Gomez, H.R.

Author_Institution

Comput. Sci. Dept., Univ. of Arkansas at Pine Bluff, Pine Bluff, AR, USA

fYear

2012

fDate

13-15 Nov. 2012

Firstpage

609

Lastpage

613

Abstract

In this paper we focus on logic programming based approach to plan recognition in intrusion detection systems. The goal of an intruder is to attack a computer or a network system for malicious reasons and the goal of the intrusion detection system is to detect the actions of the intruder and warn the network administrator of an impending attack. We show how an intrusion detection system can recognize the plans of the intruder by modeling the domain as a logic program and then reducing the plan recognition problem to computing models of the logic program. This methodology has been used widely for several planning problems and fits very naturally for plan recognition problems. We give an example scenario and show how to model it. Our results are quite satisfactory and we believe that our approach can lead to a generalized solution to plan recognition.

Keywords

logic programming; pattern recognition; security of data; computer attack; intruder action detection; intrusion detection system; logic programming; network administrator; network system attack; plan recognition; Computational modeling; Computer crime; Computers; Educational institutions; Intrusion detection; Logic programming; Ports (Computers); A-Prolog; Intrusion Detection; Logic Programming; Plan Recognition;

fLanguage

English

Publisher

ieee

Conference_Titel

Homeland Security (HST), 2012 IEEE Conference on Technologies for

Conference_Location

Waltham, MA

Print_ISBN

978-1-4673-2708-4

Type

conf

DOI

10.1109/THS.2012.6459918

Filename

6459918