Gene Tsudik and Rita Summers, IBM Los Angeles Scientific Center
Computer security auditing constitutes an important part of any organization’s security procedures. Because of the many inadequacies of the currently used manual methods, thorough and timely auditing is often difficult to attain. The recent literature suggests that expert system techniques can offer significant benefits when applied to security procedures such as risk analysis, security auditing, and intrusion detection. This paper presents an example of a novel expert system application, an expert system for security auditing (AudES). Issues in the development and use of the expert system that are unique to the application domain are discussed.