An Internal Real-Time Intrusion Detection and Protection System at System Call Level by using Data Mining and Profiling Techniques under the Assistance of a Grid
碩士 === 東海大學 === 資訊工程學系 === 102 === Currently, most computer systems use user IDs and passwords as the login patterns to authenticate their users. However, many users often share the ID and password with their coworkers or crack by hacker, thereby making the two patterns as one of the weakest points...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | en_US |
| Published: |
2014
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/67089784396160514084 |
| id |
ndltd-TW-102THU00394022 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-TW-102THU003940222016-02-21T04:27:25Z http://ndltd.ncl.edu.tw/handle/67089784396160514084 An Internal Real-Time Intrusion Detection and Protection System at System Call Level by using Data Mining and Profiling Techniques under the Assistance of a Grid 在系統呼叫層級上使用資料探勘、個人化特徵與叢集運算之即時內部入侵偵測與保護系統 Hsiao Yi-Ting 蕭義庭 碩士 東海大學 資訊工程學系 102 Currently, most computer systems use user IDs and passwords as the login patterns to authenticate their users. However, many users often share the ID and password with their coworkers or crack by hacker, thereby making the two patterns as one of the weakest points of computer security. Also, internal hackers, the legal users of a system who attack the system internally, are hard to detect since most intrusion detection systems and firewalls often only identify and isolate malicious behaviors launched from outside world of the system. Therefore, in this paper, we propose a security system, named the Internal Real-Time Intrusion Detection and Protection System (IIDPS for short) which detects attacks at system call level. The IIDPS employs data mining techniques to mine users' and attackers' usage behaviors as their computer forensic features, and then establish users' personal profiles and an attacker profile to keep track of these features. The IIDPS uses a local computational grid to determine whether or not a legally login user is the account holder or an attacker by comparing his/her current computer usage behaviors with the computer forensic features collected in the account holder's personal profiles and attacker profile in a real-time manner. Once an internal hacker is discovered, the IIDPS isolates the user, alerts system manager, records digital forensic audit evidence and analyzes his/her malicious behaviors to improve its future detection capability. Our experimental results show that the IIDPS's user identification accuracy is 94%, the accuracy on detecting internal malicious attempts is up to 97% and the response time is less than 0.45 sec, implying that it can prevent a protected system from internal attacks effectively and efficiently. Leu Fang-Yie 呂芳懌 2014 學位論文 ; thesis 62 en_US |
| collection |
NDLTD |
| language |
en_US |
| format |
Others
|
| sources |
NDLTD |
| description |
碩士 === 東海大學 === 資訊工程學系 === 102 === Currently, most computer systems use user IDs and passwords as the login patterns to authenticate their users. However, many users often share the ID and password with their coworkers or crack by hacker, thereby making the two patterns as one of the weakest points of computer security. Also, internal hackers, the legal users of a system who attack the system internally, are hard to detect since most intrusion detection systems and firewalls often only identify and isolate malicious behaviors launched from outside world of the system. Therefore, in this paper, we propose a security system, named the Internal Real-Time Intrusion Detection and Protection System (IIDPS for short) which detects attacks at system call level. The IIDPS employs data mining techniques to mine users' and attackers' usage behaviors as their computer forensic features, and then establish users' personal profiles and an attacker profile to keep track of these features. The IIDPS uses a local computational grid to determine whether or not a legally login user is the account holder or an attacker by comparing his/her current computer usage behaviors with the computer forensic features collected in the account holder's personal profiles and attacker profile in a real-time manner. Once an internal hacker is discovered, the IIDPS isolates the user, alerts system manager, records digital forensic audit evidence and analyzes his/her malicious behaviors to improve its future detection capability. Our experimental results show that the IIDPS's user identification accuracy is 94%, the accuracy on detecting internal malicious attempts is up to 97% and the response time is less than 0.45 sec, implying that it can prevent a protected system from internal attacks effectively and efficiently.
|
| author2 |
Leu Fang-Yie |
| author_facet |
Leu Fang-Yie Hsiao Yi-Ting 蕭義庭 |
| author |
Hsiao Yi-Ting 蕭義庭 |
| spellingShingle |
Hsiao Yi-Ting 蕭義庭 An Internal Real-Time Intrusion Detection and Protection System at System Call Level by using Data Mining and Profiling Techniques under the Assistance of a Grid |
| author_sort |
Hsiao Yi-Ting |
| title |
An Internal Real-Time Intrusion Detection and Protection System at System Call Level by using Data Mining and Profiling Techniques under the Assistance of a Grid |
| title_short |
An Internal Real-Time Intrusion Detection and Protection System at System Call Level by using Data Mining and Profiling Techniques under the Assistance of a Grid |
| title_full |
An Internal Real-Time Intrusion Detection and Protection System at System Call Level by using Data Mining and Profiling Techniques under the Assistance of a Grid |
| title_fullStr |
An Internal Real-Time Intrusion Detection and Protection System at System Call Level by using Data Mining and Profiling Techniques under the Assistance of a Grid |
| title_full_unstemmed |
An Internal Real-Time Intrusion Detection and Protection System at System Call Level by using Data Mining and Profiling Techniques under the Assistance of a Grid |
| title_sort |
internal real-time intrusion detection and protection system at system call level by using data mining and profiling techniques under the assistance of a grid |
| publishDate |
2014 |
| url |
http://ndltd.ncl.edu.tw/handle/67089784396160514084 |
| work_keys_str_mv |
AT hsiaoyiting aninternalrealtimeintrusiondetectionandprotectionsystematsystemcalllevelbyusingdataminingandprofilingtechniquesundertheassistanceofagrid AT xiāoyìtíng aninternalrealtimeintrusiondetectionandprotectionsystematsystemcalllevelbyusingdataminingandprofilingtechniquesundertheassistanceofagrid AT hsiaoyiting zàixìtǒnghūjiàocéngjíshàngshǐyòngzīliàotànkāngèrénhuàtèzhēngyǔcóngjíyùnsuànzhījíshínèibùrùqīnzhēncèyǔbǎohùxìtǒng AT xiāoyìtíng zàixìtǒnghūjiàocéngjíshàngshǐyòngzīliàotànkāngèrénhuàtèzhēngyǔcóngjíyùnsuànzhījíshínèibùrùqīnzhēncèyǔbǎohùxìtǒng AT hsiaoyiting internalrealtimeintrusiondetectionandprotectionsystematsystemcalllevelbyusingdataminingandprofilingtechniquesundertheassistanceofagrid AT xiāoyìtíng internalrealtimeintrusiondetectionandprotectionsystematsystemcalllevelbyusingdataminingandprofilingtechniquesundertheassistanceofagrid |
| _version_ |
1718194642672943104 |