Host Based Automated Digital Forensic Technique with Intrusion Detection Systems

  • M R Aher University of Pune
  • L P Jadhav
  • V B Jadhav
  • D S Yewale
Keywords: Data Mining, Insider attack, intrusion, detection, protection, system call, users behaviors

Abstract

Now a day’s lot of the users use ids and password as login pattern for the authenticate users. However making patterns is weakest point of computer security as so many user share the login pattern with the co-workers for the completed co-task, inside attacker is attacked internally and it will be valid attacker of system, As using intrusion detection systems and firewalls identify and isolate harmful behaviors generated from the outside world we can find out internal attacker of the system only. In some of the studied define examine that system calls generated by some commands and these command help to find detect accurate attacks, and attack patterns are the features of an attack. However in the paper security System define as the Internal Intrusion Detection and Protection System (IIDPS), is help to detect internally attacks by using data mining and forensic technique at SC level. For the track the information of users usages the IIDPS creates users’ personal profiles as their forensic features and investigate that the valid login user is account holder can login or not by comparing his/her current computer usage behaviors with the patterns collected in the account holder’s personal profile. The experimental results demonstrate that the IIDPS’s user identification accuracy is 94.29%, whereas the response time is less than 0.45 s, implying that it can prevent a protected system from insider attacks effectively and efficiently.

References

[1] S. Gajek, A. Sadeghi, C. Stuble, and M. Winandy, ―Compartmented security for browsers—Or how to thwart a phisher with trusted computing,‖ in Proc. IEEE Int. Conf. Avail., Rel. Security, Vienna, Austria, Apr. 2007, pp. 120–127. [2] C. Yue and H. Wang, ―BogusBiter: A transparent protection against phishing attacks,‖ ACM Trans. Int. Technol., vol. 10, no. 2, pp. 1–31, May 2010. [3] Q. Chen, S. Abdelwahed, and A. Erradi, ―A model-based approach to self-protection in computing system,‖ in Proc. ACM Cloud Autonomic Comput. Conf., Miami, FL, USA, 2013, pp. 1–10. [4] F. Y. Leu, M. C. Li, J. C. Lin, and C. T. Yang, ―Detection workload in a dynamic grid-based intrusion detection environment,‖ J. Parallel Distrib. Computer. vol. 68, no. 4, pp. 427–442, Apr. 2008. [5] H. Lu, B. Zhao, X. Wang, and J. Su, ―DiffSig: Resource differentiation based malware behavioral concise signature generation,‖ Inf. Commun. Technol., vol. 7804, pp. 271–284, 2013. [6] Z. Shan, X. Wang, T. Chiueh, and X. Meng, ―Safe side effects commitment for OS-level virtualization,‖ in Proc. ACM Int. Conf. Autonomic Comput., Karlsruhe, Germany, 2011, pp. 111–120. [7] M. K. Rogers and K. Seigfried, ―The future of computer forensics: A needs analysis survey,‖ Computer. Security, vol. 23, no. 1, pp.12–16, Feb. 2004. [8] J. Choi, C. Choi, B. Ko, D. Choi, and P. Kim, ―Detecting web based DDoS attack using MapReduce operations in cloud computing environment,‖ J. Internet Serv. Inf. Security, vol. 3, no. 3/4, pp. 28–37, Nov. 2013. [9] Q. Wang, L. Vu, K. Nahrstedt, and H. Khurana, ―MIS: Malicious nodes identification scheme in network-coding
based peer-to-peer streaming,‖ in Proc. IEEE INFOCOM, San Diego, CA, USA, 2010, pp. 1–5. [10] Z. A. Baig, ―Pattern recognition for detecting distributed node exhaustion attacks in wireless sensor networks,‖ Computer. Commun., vol. 34, no. 3, pp. 468– 484, Mar. 2011. [11] H. S. Kang and S. R. Kim, ―A new logging-based IP traceback approach using data mining techniques,‖ J. Internet Serv. Inf. Security, vol. 3, no. 3/4, pp. 72–80, Nov. 2013. [12] K. A. Garcia, R. Monroy, L. A. Trejo, and C. Mex-Perera, ―Analyzing log files for postmortem intrusion detection,‖ IEEE Trans. Syst., Man, Cybern., Part C: Appl. Rev., vol. 42, no. 6, pp. 1690–1704, Nov. 2012. [13] M. A. Qadeer, M. Zahid, A. Iqbal, and M. R. Siddiqui, ―Network traffic analysis and intrusion detection using packet sniffer,‖ in Proc. Int. Conf. Commun. Softw. Netw., Singapore, 2010, pp. 313–317. [14] S. O’Shaughnessy and G. Gray, ―Development and evaluation of a data set generator tool for generating synthetic log files containing computer attack signatures,‖ Int. J. Ambient Comput. Intell., vol. 3, no. 2, pp. 64–76, Apr. 2011. [15] S. X. Wu and W. Banzhaf, ―The use of computational intelligence in intrusion detection systems: A review,‖ Appl. Soft Computer., vol. 10, no. 1, pp. 1–35, Jan. 2010. [16] F. Y. Leu, K.W. Hu, and F. C. Jiang ―Intrusion detection and identification system using data mining and forensic techniques,‖ Adv. Inf. Computer. Security, vol. 4752, pp. 137–152, 2007. [17] Z. B. Hu, J. Su, and V. P. Shirochin ―An intelligent lightweight intrusion detection system with forensics technique,‖ in Proc. IEEE Workshop Intell. Data Acquisition Adv. Computer. Syst.: Technol. Appl., Dortmund, Germany, 2007, pp. 647–651. [18] J. T. Giffin, S. Jha, and B. P. Miller, ―Automated discovery of mimicry attacks,‖ Recent Adv. Intrusion Detection, vol. 4219, pp. 41–60, Sep. 2006. [19] U. Fiore, F. Palmieri, A. Castiglione, and A. D. Santis, ―Network anomaly detection with the restricted Boltzmann machine,‖ Neurocomputing, vol. 122, pp. 13– 23, Dec. 2013. [20] M. A. Faisal, Z. Aung, J. R. Williams, and A. Sanchez, ―Data-streambased intrusion detection system for advanced metering infrastructure in smart grid: A feasibility study,‖ IEEE Syst. J., vol. 9, no. 1, pp. 1–14, Jan. 2014.
Published
2018-03-22
How to Cite
Aher, M., Jadhav, L., Jadhav, V., & Yewale, D. (2018). Host Based Automated Digital Forensic Technique with Intrusion Detection Systems. Asian Journal For Convergence In Technology (AJCT) ISSN -2350-1146, 3(3). Retrieved from http://www.asianssr.org/index.php/ajct/article/view/144
Issue
Vol 3 (2017): Issue I
Section
Article

To ensure uniformity of treatment among all contributors, other forms may not be substituted for this form, nor may any wording of the form be changed. This form is intended for original material submitted to AJCT and must accompany any such material in order to be published by AJCT. Please read the form carefully.
The undersigned hereby assigns to the Asian Journal of Convergence in Technology Issues ("AJCT") all rights under copyright that may exist in and to the above Work, any revised or expanded derivative works submitted to AJCT by the undersigned based on the Work, and any associated written, audio and/or visual presentations or other enhancements accompanying the Work. The undersigned hereby warrants that the Work is original and that he/she is the author of the Work; to the extent the Work incorporates text passages, figures, data or other material from the works of others, the undersigned has obtained any necessary permission. See Retained Rights, below.

AUTHOR RESPONSIBILITIES
AJCT distributes its technical publications throughout the world and wants to ensure that the material submitted to its publications is properly available to the readership of those publications. Authors must ensure that The Work is their own and is original. It is the responsibility of the authors, not AJCT, to determine whether disclosure of their material requires the prior consent of other parties and, if so, to obtain it.

RETAINED RIGHTS/TERMS AND CONDITIONS
1. Authors/employers retain all proprietary rights in any process, procedure, or article of manufacture described in the Work.
2. Authors/employers may reproduce or authorize others to reproduce The Work and for the author's personal use or for company or organizational use, provided that the source and any AJCT copyright notice are indicated, the copies are not used in any way that implies AJCT endorsement of a product or service of any employer, and the copies themselves are not offered for sale.
3. Authors/employers may make limited distribution of all or portions of the Work prior to publication if they inform AJCT in advance of the nature and extent of such limited distribution.
4. For all uses not covered by items 2 and 3, authors/employers must request permission from AJCT.
5. Although authors are permitted to re-use all or portions of the Work in other works, this does not include granting third-party requests for reprinting, republishing, or other types of re-use.

INFORMATION FOR AUTHORS
AJCT Copyright Ownership
It is the formal policy of AJCT to own the copyrights to all copyrightable material in its technical publications and to the individual contributions contained therein, in order to protect the interests of AJCT, its authors and their employers, and, at the same time, to facilitate the appropriate re-use of this material by others.
Author/Employer Rights
If you are employed and prepared the Work on a subject within the scope of your employment, the copyright in the Work belongs to your employer as a work-for-hire. In that case, AJCT assumes that when you sign this Form, you are authorized to do so by your employer and that your employer has consented to the transfer of copyright, to the representation and warranty of publication rights, and to all other terms and conditions of this Form. If such authorization and consent has not been given to you, an authorized representative of your employer should sign this Form as the Author.
Reprint/Republication Policy
AJCT requires that the consent of the first-named author and employer be sought as a condition to granting reprint or republication rights to others or for permitting use of a Work for promotion or marketing purposes.

GENERAL TERMS

1. The undersigned represents that he/she has the power and authority to make and execute this assignment.
2. The undersigned agrees to indemnify and hold harmless AJCT from any damage or expense that may arise in the event of a breach of any of the warranties set forth above.
3. In the event the above work is accepted and published by AJCT and consequently withdrawn by the author(s), the foregoing copyright transfer shall become null and void and all materials embodying the Work submitted to AJCT will be destroyed.
4. For jointly authored Works, all joint authors should sign, or one of the authors should sign as authorized agent
for the others.

Licenced by :

Creative Commons Attribution 4.0 International License.

 

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.