An Encroachment Detection and Protection Using Data Mining and Forensic Techniques

User IDs and passwords are the main login patterns used by the computer systems for the authentication purpose. By sharing the passwords with a third party there will exists a security issue. Internal encroachment is hard to detect. Because most encroachment detection systems and firewalls identify and isolate malicious behaviors launched from the outside world of the system only. To accurately detect the attacks, we have to analyze the system calls (SC) generated by commands. Here we propose a security system to detect insider attacks at SC level with the help of data mining and forensic techniques. The security system is named as Encroachment Detection and Protection System (EDPS). The EDPS creates users' personal profiles to keep track of users' usage habits as their forensic features and determines whether a valid login user is the account holder or not by comparing his/her current computer usage behaviors with the patterns collected in the account holder's personal profile. The EDPS prevents a system from insider attacks with an identification accuracy of 94.29% and response time is less than 0.45 s.