* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download IIDPS: An Internal Intrusion Detection and
Survey
Document related concepts
Cracking of wireless networks wikipedia , lookup
Cross-site scripting wikipedia , lookup
Unix security wikipedia , lookup
Mobile device forensics wikipedia , lookup
Distributed firewall wikipedia , lookup
Information privacy law wikipedia , lookup
Data remanence wikipedia , lookup
Computer security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Mobile security wikipedia , lookup
Transcript
An Internal Intrusion Detection and Protection System by Using Data Mining and Forensic Techniques ABSTRACT Over the past several years, the Internet environment has become more complex and untrusted. Enterprise networked systems are inevitably exposed to the increasing threats posed by hackers as well as malicious users internal to a network. IDS technology is one of the important tools used now-a-days, to counter such threats. Various IIDS techniques has been proposed, which identifies and alarms for such threats or attacks. IIDS are an essential component of the network to be secured. The traditional IIDS are unable to manage various newly arising attacks. To deal with these new problems of networks, data mining based IIDS are opening new research avenues. Data mining provides a wide range of techniques to classify these attacks. The paper provides a study on the various data mining based intrusion detection techniques. In this paper, we propose a security system, named the Internal Intrusion Detection and Protection System (IIDPS for short) at system call level, which creates personal profiles for users to keep track of their usage habits as the forensic features, and determines whether a legally login users is the owner of the account or not by comparing his/her current computer usage behaviors with the user’s computer usage habits collected in the account holder’s personal profile. The IIDPS uses a local computational grid to detect malicious behaviors in a real-time manner. Our experimental results show that the IIDPS’s user identification accuracy is 93%, the accuracy on detecting its internal malicious attempts is up to 99% and the response time is less than 0.45 sec., implying that it can prevent a protected system from internal attacks effectively and efficiently.