Notes
1
In an expert system, knowledge about a problem domain is represented by a set
of rules. These rules consist
of two parts:
- The antecedent, which defines when the rule should be applied. An expert
system will use pattern matching
techniques to determine when the observed data matches or satisfies the
antecedent of a rule.
- The consequent, which defines the action(s) that should be taken if its
antecedent is satisfied.
A rule is said to be "fired" when the action(s) defined in its consequent are
executed. For RBID systems, rule
antecedents will typically be defined in terms of audit trail data, while rule
consequents may be used to
increase or decrease the level of monitoring of various entities, or they may
be used to notify system
administration personnel about significant changes in system state.