Abstract

The use of computers and the internet has spread rapidly over the course of the past few decades. Every day, more and more people are coming to rely heavily on the internet. When it comes to the field of information security, the subject of security is one that is becoming an increasingly important focus. It is vital to design a powerful intrusion detection system in order to prevent computer hackers and other intruders from effectively getting into computer networks or systems. This can be accomplished by: (IDS). The danger and attack detection capabilities of the computer system are built into the intrusion detection system. Abuse has occurred and can be used to identify invasions when there is a deviation between a preset pattern of intrusion and an observed pattern of intrusion. An intrusion detection system (IDS) is a piece of hardware (or software) that is used to generate reports for a Management Station as well as monitor network and/or system activities for unethical behaviour or policy violations. In the current study, an approach known as machine learning is suggested as a possible paradigm for the development of a network intrusion detection system. The results of the experiment show that the strategy that was suggested improves the capability of intrusion detection.

Introduction

Over the past few years, there has been an increase in the usage of computer systems to make the lives of consumers easier and more convenient. When people try to takeadvantage of the amazing capabilities and processing capacity of computer systems, however, security has been one of the most significant problems in the field of computer science. This is because attackers frequently try to break into systems and act maliciously, such as stealing vital information from a corporation, rendering the systems useless, or even destroying the systems. Internal attacks, such as pharming, distributed denial-of-service (DDoS), eavesdropping, and spear-phishing attempts, are often among the most difficult to identify of all well-known attacks. This is due to the fact that firewalls and intrusion detection systems (also known as IDSs) often guard against attacks from the outside. At this time, the majority of systems authenticate users by analysing a login pattern consisting of the user ID and password. As a result of this, we have proposed in this study a security solution that we have dubbed the Internal Intrusion Detection and Protection System (IIDPS) [1]. This solution recognises hostile or malicious behaviour carried out against a system at the System call level. IIDPS uses data mining and forensic profiling techniques in order to mine system call patterns, also known as SC-patterns, which are the longest system call sequences (SC-sequences) that have repeatedly appeared numerous times in a user’s log file for the user. SC-patterns can be used to identify malicious activity. The user’s computer usage history is used to compile the user’s forensic features, which are then defined as a SCpattern that commonly appears in the user’s own submitted SCsequences but is rarely utilised by other users. This information is gleaned from the user’s computer.

Conclusion

As a consequence of this, within this work, we suggest asecurity system that we refer to as the Internal Intrusion Detection and Protection System (IIDPS). This system is capable of identifying hostile behaviour that is aimed towardsa system at the SC level. The IIDPS minessystem call patterns, also known as SC-patterns, which are defined as the longest system call sequences (System Call-sequences) that have repeatedly appeared numerous times in a user’s log file for the user. These are the operations carried out by the user, such as sending a file, updating a file, or viewing a file, and they are validated by an administrator. The user’s computer usage history is used to compile the user’s forensic features, which are then defined as a SC-pattern that commonly appearsin the user’s own submitted SC-sequences but is rarely utilised by other users. This information is gleaned from the user’s computer.