Edinburgh Napier University

  Network security has now become one of the most important aspects in computer systems and the Internet. Apart from strong encryption, there is no definite method of truly securing network, thus they must be protected at different levels of the OSI model. At the physical layer, they can be protected by lock-and-key, and at the data link, they can be protected within VLANS (virtual LANs). With the network and transport layers, networks can be secured by firewalls, which monitor source and destination network addresses, and source and destination ports, respectively. At the session level, user names and passwords are be used. Unfortunately, all these methods can be prone to methods which can overcome the protection used. This paper expands the research previously undertaken on a misuse system based on the intelligent agent software technology. The system monitors user actions in real-time and take appropriate actions if necessary. Along with this our system uses a short-term prediction to predict the user behaviour and advises the system administrator accordingly, before the actual actions take place. This paper presents new results, which are based on an increased number of users. We tested our short-term prediction model, introduced the notion of intervention to our model, and found that the results are very close to the actual user behaviour