Applying Expert System Technology in a Distributed Monitoring System: An Efficient Response Mechanism for Unknown Threats

Detecting unknown threats is a paradox; how do you detect a threat if it is not known to exist? The answer is that unknown threat detection is the process of making a previously unknown threat identifiable in the shortest possible time frame. This thesis examines the possibility of creating an unknown threat detection mechanism that security experts can use for developing a flexible protection system for networks. A system that allows the detection of unknown threats through distributed host based monitoring and the incorporation of dynamic and flexible logics with situational knowledge is described as well as the mechanisms used to develop such a system is illustrated. The system not only allows the detection of new threats but does so in a fast and efficient manner to increase the available time for responding to these threats.