1. Field of the Invention
The present invention relates generally to an improved data processing system, and in particular, to a computer implemented method, data processing system, and computer program product for monitoring system events and providing real-time response to security threats.
2. Description of the Related Art
An expert system is a computer program which solves problems using the knowledge and experiences of one or more human technical experts in a specific area of interest. The expert system comprises artificial intelligence software that mimics the decision-making ability of the human experts by relying on and manipulating large stores of expert knowledge in well-defined problem domains. Utilizing an expert system allows less-skilled individuals, who may not otherwise be able to perform tasks as proficiently without the aid of the expert system, to benefit from the knowledge base of the expert system. If the system comprises knowledge from multiple experts, an expert user may also benefit from using the expert system if the expert user wants to access the knowledge base of multiple expert humans in the specific area of interest. One example of an expert system is a rules-based system. In a rules-based system, rules may be applied to collected information to form conclusions.
In contrast with traditional computer programs of decision-making logic which imbed this decision-making logic in the program itself, an expert system relies on the knowledge in its knowledge-base. For example, pseudo code of a traditional decision-making program to drive a car is shown below. Note that all of the logic is imbedded in the code itself.
Switch ( the_car_near_me) {Slows: ...Stops: ...Turns:If( in_front_of_me)If ( will_I_crash(myspeed,distance_to_impact))If( there_is_a_car_next_to_me)Break( );ElseSwerve( );
The tables below illustrate how the same problem is solved using a knowledge-based expert system. Note how the logic is in the rule base, events, and actions, which makes the code logic simplistic.
Event Rule Base TableEvent NameParametersActionRequiredImpendingImpactTimeToImpactYes
Action Rule Base TableAction NamePreferred use ratingEvent typesBrake7ImpendingImpact, ParkingSwerve5ImpendingImpactFrom the above events and actions, the programming decision logic for the expert system is reduced to the following:
AnEventOccured( event)If (event.ActionRequired)ApplyActionToEvent(event);
Thus, the programming logic using the expert system is greatly reduced by moving the knowledge from the program's code into the rule/knowledge base. Although the two approaches in the example above are functionally equivalent and solve the same basic problem, the expert system distinguishes itself from traditional computer programs of decision-making logic when adapting to change in the system and the expert system's ability to learn. For example, if a new technology was introduced to car safety called the ejection seat, the traditional programming decision-making logic code would need to be reviewed and changed wherever this new technology is applicable. In contrast, the expert system would simply create a new action in its rule base.
Thus, expert systems may allow users without special knowledge or expertise to perform specific tasks as proficiently as an expert user. For example, in response to an event, the expert system may need to apply an action or countermeasure to the event to mitigate the effects of the event on the system. As the non-expert users cannot configure or be involved in each and every decision of the expert system (because doing so would require expertise on the user's part), the expert system may be configured to perform the action automatically, or, in some situations, the expert system may be allowed to only perform the action upon receiving user input confirming the action. However, no existing expert system is present that provides a user with a general overall level of control over the actions to be taken by the expert system.