Abstract
This paper describes a diagnostic system designed to aid an investigator to determine how a computer intrusion was accomplished. This wants to be a decision support by figuring out how a hacker created an unauthorized computer account. The diagnostic of this system is based on automated abduction. Abduction is inference that begins with data describing some state and produces an explanation of the data. Since abduction is ampliative and plausible reasoning may not be correct. The plausibility of an explication depends on how much better it is than the alternatives, how good it is independent of the alternatives, how reliable the data is. Therefore, abduction is nonmonotonic. To solve the problem of intrusion we consider the relationship between abduction, default logic and circumscription.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Antoniou, G., Courtenay, A.P., Ernts, J., Williams, M.A.: A system for computing. In: Orłowska, E., Alferes, J.J., Moniz Pereira, L. (eds.) JELIA 1996. LNCS (LNAI), vol. 1126, pp. 237–250. Springer, Heidelberg (1996)
Breiman, L.: Bagging predictors. Machine Learning 26, 123–140 (1996)
Blake, C.L., Merz, C.J.: UCI repository of machine learning databases (1998) http://www.ics.uci.edu/~mlearn/MLRepository.html
Bylander, T., Allemang, D., Tanner, M.C., Josephson, J.R.: The computational complexity of abduction. Artificial Intelligence 49, 25–60 (1991)
Domingo, P., Pazzani, M.: On the optimality of the simple bayesian classifier under zero-one loss. Machine Learning 29, 103–130 (1998)
Muggleton, S.: Inverse entailement and Progol. New Gen. Comput. 13, 245–252 (1998)
Muggleton, S., Firth, J.: CProgol4.4: a tutorial introduction. Report of Departement of Computer Science, University of York
Muggleton, S.: Stochastic logic Programs. In: Advances in Inductive Logic Programming. IOS Press, Amsterdam (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Doncescu, A., Inoue, K. (2006). Automated Abduction for Computer Forensics. In: Yang, L.T., Jin, H., Ma, J., Ungerer, T. (eds) Autonomic and Trusted Computing. ATC 2006. Lecture Notes in Computer Science, vol 4158. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11839569_48
Download citation
DOI: https://doi.org/10.1007/11839569_48
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38619-3
Online ISBN: 978-3-540-38622-3
eBook Packages: Computer ScienceComputer Science (R0)