Intrusion detection and identification system using data mining and forensic techniques

Authors:
Fang-Yie Leu;Kai-Wei Hu;Fuu-Cheng Jiang
Affiliations:
Department of Computer Science and Information Engineering, Tunghai University, Taiwan;Department of Computer Science and Information Engineering, Tunghai University, Taiwan;Department of Computer Science and Information Engineering, Tunghai University, Taiwan
Venue:
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Year:
2007

Citing 10
Cited 0

Evaluating document clustering for interactive information retrieval

Proceedings of the tenth international conference on Information and knowledge management
Detection and classification of intrusions and faults using sequences of system calls

ACM SIGMOD Record
A New Intrusion Detection Method based on Process Profiling

SAINT '02 Proceedings of the 2002 Symposium on Applications and the Internet
Administration of an RBAC System

HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 7 - Volume 7
State-of-the-art in privacy preserving data mining

ACM SIGMOD Record
TRINETR: An Intrusion Detection Alert Management System

WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
A Performance-Based Grid Intrusion Detection System

COMPSAC '05 Proceedings of the 29th Annual International Computer Software and Applications Conference - Volume 01
Extracting meaningful entities from police narrative reports

dg.o '02 Proceedings of the 2002 annual national conference on Digital government research
Fake finger detection by skin distortion analysis

IEEE Transactions on Information Forensics and Security
A parallel decision tree-based method for user authentication based on keystroke patterns

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Presently, most computers authenticate a user's ID and password before the user can log in. However, if the two items are known to hackers, there is a risk of security breach. In this paper, we propose a system, named the Intrusion Detection and Identification System (IDIS), which builds a profile for each user in an intranet to keep track of his/her usage habits as forensic features. In this way the IDIS can identify who the underlying user in the intranet is by comparing the user's current inputs with the features collected in the profiles established for all users. User habits are extracted from their usage histories by using data mining techniques. When an attack is discovered, the IDIS switches the user's inputs to a honey pot not only to isolate the user from the underlying system, but also to collect many more attack features by using the honey pot to enrich attack patterns which will improve performance of future detection. Our experimental results show that the recognition accuracy of students in the computer science department of our university is nearly 99.16% since they are sophisticated users. The recognition accuracy of those other than computer science students is 94.43%.