Abstract: As we know the computer systems use user IDs and passwords as the login patterns to authenticate users. So, many people share their login patterns with coworkers andrequest these coworkers to assist co-tasks, thereby making the pattern as one of theweakest points of computer security. The Insider attackers, the valid users of a system they attack the system internally, and so itís hard to detect since most intrusion detection systemsand firewalls identify and isolate malicious behaviors. Some studies also claimed that analyzing system calls (SCs) generated by commands can identify these commands, with which to accurately detectattacks, and attack patterns are the features of an attack. Hence, in this paper, named as the Internal Intrusion Detection and Protection System,it is proposed to detect insider attacks at SC level by using data mining and forensic techniques. The IIDPS creates users personal profiles to keep track of users usage habits astheir forensic features and determines whether a valid login user is the account holder ornot by comparing his/her current computer usage behaviors with the patterns collectedin the account holders personal pro le. The experimental results demonstrate that the IIDPSs user identification accuracy is 94.29 percentage, whereas the response time is less than 0.45s, implying that it can prevent a protected system from insider attacks effectively and efficiently.
Keywords: Data Mining, Internal Intrusion Detection and Protection System (IIDPS), SC level, forensic techniques.