Abstract
This paper introduces and describes an innovative modelling approach which utilises models that are synthesised through approximate calculations of user actions and extensive representation of knowledge about how to perform these actions. The Intention modelling approach is based on theories of cognitive and task modelling as well as on theories of intention, rational action and plan recognition. Intention Models (IMs) have been used in the detection of malicious attacks which usually do not consist of illegal actions, but of a set of actions individually acceptable to the system which at a higher level may form non acceptable task(s). A first effort at implementing these models for a real application was for the creation of the UII system, a research prototype for the detection of anomalous behaviour of network users obtained by reasoning about the characterisation of their intentions. It was developed as an autonomous module within SECURENET, a European funded programme that aims at defending open computer systems, employing advanced techniques and methodologies.
Chapter PDF
Similar content being viewed by others
References
Allen J.F. (1983) Maintaining Knowledge about Temporal Intervals. Communications of the ACM, 26, 832–843.
Allen J.F. (1984) Towards a General Theory of Action and Time. Artificial Intelligence 23, 123–154.
Allen J.F. (1990) Two Views of Intention: Comments on Bratman and on Cohen and Levesque, in Intentions in Communication (ed. R. Cohen, J. Morgan, and M. Pollack), 71–76, MIT Press.
Barnard P.J., May J. and Green A.J.K. (1991) Report on the Design Capabilities and Potential of an Expert System Modeller Based Upon Cognitive Theory. ESPRIT Basic Research Action 3066, Amodeus Project D13.
Barnard P.J. and May J. (1993) Cognitive Modelling for User Requirements in Computers, Communication and Usability: Design issues, research and methods for integrated services (ed. Byerley P.F., Barnard P.J. and May J.), Elsevier, Amsterdam.
Barnard P.J., Wilson M. and MacLean A. (1988) Approximate modelling of cognitive activity with an Expert System: A Theory Based Strategy for Developing an Interactive Design Tool. The Computer Journal, 31, 445–456.
Bonnie E. J. Alonso H. V. and Allen N. (1994) Towards real-time GOMS: a model of expert behaviour in a highly interactive task. Behaviour and Information Technology, 13, 255–267.
Bratman M. (1990) What is Intention. in Intentions in Communication (ed. Cohen R., Morgan J., and Pollack M.), 15–32, MIT Press.
Card S.K., Moran T. P. and Newell A. (1980) Computer text editing: An information-processing analysis of a routine cognitive skill Cognitive Psycology, 12, 32–74.
Card S.K., Moran T.P. and Newell A. (1983) The Psychology of Human-Computer Interaction, Hillsdale, Lawrence Erlbaum Associates, N.J.
Cohen P.R., Perrault R. and Allen J. (1982) Beyond question-answering in Strategies for Natural Language Processing (ed. W.Lehnert and M. Ringle), Erlbaum Associates, Hillsdale, N.J.
Cohen P.R., and Levesque H.J. (1990) Persistence, Intention and Communication in Intentions in Communication (ed. Cohen R., Morgan J., and Pollack M.), MIT Press, 33–70.
Cohen P.R and Levesque H.J. (1990) Intention Is Choice with Commitment. Artificial Intelligence, 42, 213–261.
Debar H., Becker M., and Siboni D. (1992) A Neural Network Component for an Intrusion Detection System, in Proceedings, IEEE Symposium on Research in Computer Security and Privacy.
Denning D.E. (1987) An Intrusion-Detection Model, IEEE Transactions on Softwre Engineering, 13.
Dias G., Leviyy K. and Mukherjee B. (1990) Modelling Attacks on Computer Systems: Evaluating Vulnerabilities and Forming a Basis for Attack Detection, in Proceedings, SRI Intrusion Detection Workshop 5, 296–304.
Fox K., Henning R. and Reed J. (1990) A Neural network approach towards intrusion detection, in Proc. of the 1990 Symposium on Research in Security and Privacy, 125–134.
Giarratano J. and Riley G. (1994) Expert Systems: Principles and Programming. PWS Publishing, Boston, MA., 2nd. edition.
Jackson K.A., Gubois D.H., and Stallings C.A. An Expert System Application for Network Intrusion Detection in Proceedings, 14th Nat. Computer Security Conference, 215–225.
Javitz H. and Valdes A. (1991) The SRI IDES Statistical Anomaly Detector, in Proceedings, 1991 IEEE Symposium on Security and Privacy, Oakland, California.
Johnson P., Johnson H., Waddington R. and Shools A. (1988) Task-related Knowledge Structures: Analysis, Modelling and Applications, in People and Computer IV: From Research to Implementation, (ed. D. M. Jones and R. Winder), Cambridge Univ. Press, 35–62.
Johnson P. and Johnson H. (1991) Knowledge analysis of Tasks: Task Analysis and Specification for Human-computer Systems, in Engineering the Human-computer Interface (ed. A. Downton), London, McGraw Hill.
Johnson P. (1989) Supporting System Design by Analyzing Current Task Knowledge. in Task Analysis for Human-Computer Interaction, (ed.) D. Diaper, Ellis Horwood, 160–185.
Kautz H. (1990) A Circumscriptive Theory of Plan Recognition, in Intentions in Communication, (ed. Cohen R., Morgan J., and Pollack M.) MIT Press.
Kieras D and Poison P.G. (1985) An approach to the Formal Analysis of User Complexity, International Journal of Man Machine Studies, 22, 365–394.
Lunt T. F. (1988) Automated Audit Trail Analysis and Intrusion Detection: A Survey, in Proceedings of the 11th National Computer Security Conference, Baltimore, MD.
Lunt T.F. (1993) A Survey of Intrusion Detection Techniques, Computers and Security, 12, 405–418.
Lunt T. F. et. al. (1992) IDES final technical Report, SRI.
Lunt T. F. (1990) Using Statistics to Track Intruders, in Proceedings of the Joint Statistical Meetings of the American Statistical Association.
Mansur D. (1988) Network Security Monitor, in Presentation Notes for the IDES Workshop 3.
NASA (1993), Clips Programmer’s Guide, Version 6.0, JSC-25012, NASA Johnson Space Center, Houston, TX.
Sebring M., Shellhouse E., Hanna M. and Whitehurst A. (1991) Expert Systems in Intrusion Detection: A Case Study, in Proceedings, 11th Nat. Computer Security Conference, 215–225.
Shieh S. W. and Gligor V. D. (1991) A Pattern-Oriented Intrusion-Detection Model and Its Applications, in Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, USA.
Smaha S.E. (1988) Haystack: An Intrusion Detection System, in Proceedings, 12th National Computer Security Conference, 37–44.
Spirakis P., Katsikas S., Gritzalis D., Allegre F., Darzentas J., Gigante C., Karagiannis D., Kess P., Putkonen H. and Spyrou T. (1994) SECURENET: A Network-oriented Intelligent Intrusion Prevention and Detection System Network Security Journal, vol. 1, no 1, Nov. 1994. (Also in IFIP SEC94, Proceedings of the 10th International Conference on Information Security, The Netherlands 1994)
Vaccaro H. S. and Liepins G. E. (1989) Detection of Anomalous Computer Session Activity, in Proceedings of the 1989 IEEE Symposium on Security and Privacy.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Spyrou, T., Darzentas, J. (1996). Intention Modelling: Approximating Computer User Intentions for Detection and Prediction of Intrusions. In: Katsikas, S.K., Gritzalis, D. (eds) Information Systems Security. SEC 1996. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-1-5041-2919-0_28
Download citation
DOI: https://doi.org/10.1007/978-1-5041-2919-0_28
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2921-3
Online ISBN: 978-1-5041-2919-0
eBook Packages: Springer Book Archive