ICT-EurAsia 2014: Information and Communication Technology pp 375-385 | Cite as
A Real-Time Intrusion Detection and Protection System at System Call Level under the Assistance of a Grid
Abstract
In this paper, we propose a security system, named the Intrusion Detection and Protection System (IDPS for short) at system call level, which creates personal profiles for users to keep track of their usage habits as the forensic features, and determines whether a legally login users is the owner of the account or not by comparing his/her current computer usage behaviors with the user’s computer usage habits collected in the account holder’s personal profile. The IDPS uses a local computational grid to detect malicious behaviors in a real-time manner. Our experimental results show that the IDPS’s user identification accuracy is 93%, the accuracy on detecting its internal malicious attempts is up to 99% and the response time is less than 0.45 sec., implying that it can prevent a protected system from internal attacks effectively and efficiently.
Keywords
Forensic Features Intrusion Detection and Protection Data Mining Identifying Malicious behaviors Computational GridReferences
- 1.Shan, Z., Wang, X., Chiueh, T., Meng, X.: Safe side effects commitment for OS-level virtualization. In: The ACM International Conference on Autonomic Computing, NY, USA, pp. 111–120 (2011)Google Scholar
- 2.Shyu, S.J., Tsai, C.Y.: Finding the longest common subsequence for multiple biological sequences by ant colony optimization. Computers & Operations Research 36(1), 73–91 (2009)MathSciNetCrossRefMATHGoogle Scholar
- 3.O’Shaughnessy, S., Gray, G.: Development and evaluation of a dataset generator tool for generating synthetic log files containing computer attack signatures. International Journal of Ambient Computing and Intelligence 3(2), 64–76 (2011)CrossRefGoogle Scholar
- 4.O’Mahony, M.P., Hurley, N.J., Silvestre, G.C.M.: Promoting recommendations: An attack on collaborative filtering. In: Hameurlain, A., Cicchetti, R., Traunmüller, R. (eds.) DEXA 2002. LNCS, vol. 2453, pp. 494–503. Springer, Heidelberg (2002)CrossRefGoogle Scholar
- 5.Leu, F.-Y., Hu, K.-W., Jiang, F.-C.: Intrusion detection and identification system using data mining and forensic techniques. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 137–152. Springer, Heidelberg (2007)CrossRefGoogle Scholar
- 6.Giffin, J.T., Jha, S., Miller, B.P.: Automated discovery of mimicry attacks. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 41–60. Springer, Heidelberg (2006)CrossRefGoogle Scholar
- 7.Choi, J., Choi, C., Ko, B., Choi, D., Kim, P.: Detecting web based DDoS attack using MapReduce operations in cloud computing environment. Journal of Internet Services and Information Security 3(3/4), 28–37 (2013)Google Scholar
- 8.Kang, H.-S., Kim, S.-R.: A new logging-based IP traceback approach using data mining techniques. Journal of Internet Services and Information Security 3(3/4), 72–80 (2013)Google Scholar
- 9.Roger, R.J., Geatz, M.W.: Data Mining: A tutorial-based primer. Addison-Wesley, New York (2002)Google Scholar
- 10.Zhu, D., Xiao, J.: R-tfidf, a variety of tf-idf term weighting strategy in document categorization. In: The IEEE International Conference on Semantics, Knowledge and Grids, Washington, DC, USA, pp. 83–90 (2011)Google Scholar
- 11.Angin, P., Bhargava, B.: An agent-based optimization framework for mobile-cloud computing 4(2), 1–17 (2013)Google Scholar
- 12.Ling, A.P.A., Kokichi, S., Masao, M.: Enhancing smart grid system processes via philosophy of Security -case study based on information security systems. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 3(3), 94–112 (2012)Google Scholar