Intrusion Detection and Identification System Using Data Mining and Profiling Techniques

碩士 === 東海大學 === 資訊工程與科學系 === 96 === Presently, most computers authenticate a user’s ID and password before the user can log in. However, if the two items are known to hackers, there is a risk of security breach. In this paper, we propose a system, named the Intrusion Detection and Identification Sys...

Full description

Bibliographic Details
Main Authors: Kai-Wei Hu, 胡凱崴
Other Authors: Fang-Yie Leu
Format: Others
Language:en_US
Published: 2007
Online Access:http://ndltd.ncl.edu.tw/handle/10740359320702429798
Description
Summary:碩士 === 東海大學 === 資訊工程與科學系 === 96 === Presently, most computers authenticate a user’s ID and password before the user can log in. However, if the two items are known to hackers, there is a risk of security breach. In this paper, we propose a system, named the Intrusion Detection and Identification System (IDIS), which builds a profile for each user in an intranet to keep track of his/her usage habits as forensic features. In this way, the IDIS can identify who the underlying user in the intranet is by comparing the user’s current inputs with the features collected in the profiles established for all users. User habits are extracted from their usage histories by using data mining techniques. When an attack is discovered, the IDIS switches the user’s inputs to a honey pot not only to isolate the user from the underlying system, but also to collect many more attack features to enrich attack patterns which will improve performance of future detection. Our experimental results show that the recognition accuracy of students in the computer science department of our university is nearly 98.51% since they are sophisticated users. The recognition accuracy of those other than computer science students is 98.09%.