Abstract
Computer security is a topic of growing concern because, on the one hand, the power
of computers continues to increase at exponential speed and all computers are
virtually connected to each other and because, on the other hand, the lack of
reliability of software systems may cause dramatic and unrecoverable damage to computer
systems and hence to the newly emerging computerized society. Among the possible
approaches to improve the current situation, expert systems have been advocated
to be an important one. Typical tasks that such expert systems can achieve include
evaluating the security level of a software configuration and detecting malicious
or incorrect behaviors of users.
In this paper, we extend our intrusion detection system ASAX with a deductive
subsystem that allows us to assess the security level of a software configuration
on a real time basis. By coupling the two subsystems - intrusion detection and
configuration analysis - we moreover achieve a better tuning of the intrusion
detection since the system has only to enable intrusion detection rules that are
specifically required by the current state of the configuration. We also report
some preliminary performance measurements, which suggest that our approach can
be practical in real life contexts.