| Summary: | 碩士 === 東海大學 === 資訊工程學系 === 102 === Currently, most computer systems use user IDs and passwords as the login patterns to authenticate their users. However, many users often share the ID and password with their coworkers or crack by hacker, thereby making the two patterns as one of the weakest points of computer security. Also, internal hackers, the legal users of a system who attack the system internally, are hard to detect since most intrusion detection systems and firewalls often only identify and isolate malicious behaviors launched from outside world of the system. Therefore, in this paper, we propose a security system, named the Internal Real-Time Intrusion Detection and Protection System (IIDPS for short) which detects attacks at system call level. The IIDPS employs data mining techniques to mine users' and attackers' usage behaviors as their computer forensic features, and then establish users' personal profiles and an attacker profile to keep track of these features. The IIDPS uses a local computational grid to determine whether or not a legally login user is the account holder or an attacker by comparing his/her current computer usage behaviors with the computer forensic features collected in the account holder's personal profiles and attacker profile in a real-time manner. Once an internal hacker is discovered, the IIDPS isolates the user, alerts system manager, records digital forensic audit evidence and analyzes his/her malicious behaviors to improve its future detection capability. Our experimental results show that the IIDPS's user identification accuracy is 94%, the accuracy on detecting internal malicious attempts is up to 97% and the response time is less than 0.45 sec, implying that it can prevent a protected system from internal attacks effectively and efficiently.
|
|---|
