Internal Intrusion Detection System

Currently, most laptop systems use user IDs and passwords because the login patterns to manifest users. However, many folks share their login patterns with co-workers and request these co-workers to help co-tasks, thereby making the pattern as one of the weakest points of computer security. Insider attackers, the valid users of a system who attack the system internally, are hard to detect since most intrusion detection systems and �rewalls identify and isolate malicious behaviours launched from the skin world of the system solely. In addition, some studies claimed that analysing system calls (SCs) generated by commands can identify these commands, with which to accurately detect attacks, and attack patterns are the features of an attack. Therefore, in this paper, a security system, named the Internal Intrusion Detection and Protection System (IIDPS), is proposed to detect insider attacks at SC level by using data mining and forensic techniques. The IIDPS creates users’ personal pro�les to keep track of users’ usage habits as their forensic features and determines whether a valid login user is the account holder or not by scrutiny his/her current laptop usage behaviours with the patterns collected within the account holder’s personal pro�le. The experimental results demonstrate that the IIDPS’s user identi�cation accuracy is ninety four.29%, whereas the response time is less than 0.45 s, implying that it can prevent a protected system from insider attacks effectively and ef�ciently.