Detecting Anomalies and Intruders

  • Akara Prayote
  • Paul Compton
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4304)


Brittleness is a well-known problem in expert systems where a conclusion can be made, which human common sense would recognise as impossible e.g. that a male is pregnant. We have extended previous work on prudent expert systems to enable an expert system to recognise when a case is outside its range of experience. We have also used the same technique to detect new patterns of network traffic, suggesting a possible attack. In essence we use Ripple Down Rules to partition a domain, and add new partitions as new situations are identified. Within each supposedly homogeneous partition we use fairly simple statistical techniques to identify anomalous data. The special feature of these statistics is that they are reasonably robust with small amounts of data. This critical situation occurs whenever a new partition is added.


False Positive Rate Expert System Intrusion Detection Anomaly Detection Intrusion Detection System 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Compton, P., Jansen, R.: A philosophical basis for knowledge acquisition. knowledge acquisition 2, 241–257 (1990)CrossRefGoogle Scholar
  2. 2.
    Compton, P., Preston, P., Edwards, G., Kang, B.: Knowledge based system that have some idea of their limits. In: Proceedings of the 10th AAAI-Sponsored Banff Knowledge Acquisition for Knowledge-Based Systems Workshop, Banff, Canada (1996)Google Scholar
  3. 3.
    Edwards, G., Kang, B., Preston, P., Compton, P.: Prudent expert systems with credentials: Managing the expertise of decision support systems. Int. J. Biomed. Comput. 40, 125–132 (1995)CrossRefGoogle Scholar
  4. 4.
    Guha, R.V., Lenat, D.: Cyc: A midterm report. AI Magazine (1990)Google Scholar
  5. 5.
    Lenat, D.: A brief list of the applications (1994),
  6. 6.
    Prayote, A., Compton, P.: Knowledge acquisition for anomaly detection. In: Internet Measurement Conference (IMC 2006) (submitted, 2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Akara Prayote
    • 1
  • Paul Compton
    • 1
  1. 1.School of Computer Science and EngineeringUniversity of New South WalesSydneyAustralia

Personalised recommendations