Skip to Main Content
In this paper we focus on logic programming based approach to plan recognition in intrusion detection systems. The goal of an intruder is to attack a computer or a network system for malicious reasons and the goal of the intrusion detection system is to detect the actions of the intruder and warn the network administrator of an impending attack. We show how an intrusion detection system can recognize the plans of the intruder by modeling the domain as a logic program and then reducing the plan recognition problem to computing models of the logic program. This methodology has been used widely for several planning problems and fits very naturally for plan recognition problems. We give an example scenario and show how to model it. Our results are quite satisfactory and we believe that our approach can lead to a generalized solution to plan recognition.