An Internal Intrusion Detection and Protection System

by Using Data Mining and Forensic Technique

Group Members:

1)

2)

3)

4)

Internal Guide: H.O.D:

Index
 Introduction
 Literature Survey
 Problem Statement
 Motivation
 Objectives
 Existing System and Drawbacks
 Proposed System and Drawbacks
 System Architecture
 Working
 Software and Hardware Requirements
 Modules
 ER Diagrams
 Conclusion
 References
Introduction
 Intrusion detection basically refers to an act of detecting network
system for malicious or harmful activity. It is an application which
tries to identify and rise an alarm/inform if any suspicious activity
is tracked and observed.

 However we have propose a security system, named Hybrid

Intrusion Detection based on Data Mining.We are going to use data
mining techniques to identify internal intruders and take action
accordingly
Literature Survey :
Sr. No. Paper Name Author name Description

1 Diff Sig: Resource Differentiation Based Huabiao Lu This paper proposes an anti-obfuscation and
Malware Behavioral Concise Signature Baokang Zhao scalable behavioral signature generation
Generation Xiaofeng Wang system, DiffSig, which voids information-flow
Jinshu Su tracking which is the chief culprit for the
complex and inefficiency of graph behavior

2 Automated Discovery Of Internal Attacks Saiteja, Generally, among all well known attacks such
Abdul Azeez as pharming attack, distributed denial of
service (DDoS), eavesdropping
attack, and spear phishing attack insider attack
is one of the most difficult ones to be detected
because firewalls and intrusion
detection systems (IDSs) usually defend
against outside attacks.
Problem Statement
 Security has been one of the serious problems in the computer
domain since attackers very usually try to penetrate computer
systems and behave maliciously to authenticate users. To solve this
issue we propose a security system, which detects malicious
behaviors launched toward a system.
Motivation :
 The main aim is to Catch unauthorized activity in workspace in
very less time.

 Capture the Photo of unauthorized Person.

 Getting IP address of affected System.

 Getting Screenshot of unofficial Activity.

 Send all this data to Admin.

Objectives :
 1. One time password (OTP) based authentication system.

 2. Capturing the suspicions attacks.

 3. Capturing the screen when suspicions attacks detected

 3. Taking photo of misbehavior of normal user.

 Get IP Address of the System.

 send that information to victim.

Existing System & its drawbacks
Several information security techniques are available today to protect
information systems against unauthorized use, duplication, alteration,
destruction and virus attacks The main purpose of a firewall is to
prevent unauthorised access between networks. That means protecting
a sites inner network from internet.
But disadvantage of firewall is that a firewall looks outwardly for
intrusion in order to stop them from happening. Firewall limits access
between networks to prevent intrusion and do not signal an attack from
inside network.

CCTV Camera – Using CCTV Camera we Can keep watch on people

but we can not monitor the System Activities in Details
Drawbacks of existing system

1. Detection accuracy is less.

2. Difficult to detect the malicious behaviors of users.

3. Tools used to detect malicious user which is not efficient technique.

Proposed System
 Our proposed system aims at providing highly efficient and robust intrusion detection
system.

 The self analysis method continuously monitors and provides details of user activities
for detecting unauthorized entities.

 As internal system calls (SC) are used to detect the intrusion attacks, this can be
implemented using data mining and forensic techniques.

 It would help to identify and provide detailed information about a user and its SC
patterns.

 Normal Activities of user will be Ignored.

 But if restricted Activity is found then it needs to be alarmed/informed and reported

to the right authorities.
Advantageous Of Proposed Work
 This would help in any harmful anonymous intrusion effect and
prevent from any type of attacks.

 This helps to stop threat of attacks and is typically located between

companies firewall and rest of network.
System Architecture
Working:
 Step 1: let's consider the U as the user of system who logins to the system.
U= U1, U2, ............Un.

 Step 2: Let say S as System that will authenticate the user U by sending the
OTP to user mail and verify the user.

 Step 3: The user U will perform some activities like inserting USB device in
USB port, copying some content from highly secured drive or folder to
another place, installing new software etc.;(Activities which are restricted by
Admin). System monitors the user activities by reading the log files
generated by system.

 Step 4: The System will reads the user log files i.e. user infrequent activities
from attack list A with the help of detection unauthorized access D.

 Step 5: The system S will alert the malicious user activities by capturing
Snapshot of Activity, Photo of User and IP Address of the System.
Testing Techniques:
White-box testing
Black-box testing
Grey-box testing
Unit testing
Integration testing
Functional test
System Test
Software Requirement :
Operating system : Windows XP/7.
Implementation : JAVA/J2EE.
Front End :JSP.
IDE : Eclipse
Back End :MySQL database.
Web server : Apache Tomcat.
Hardware Requirement :
System : Pentium IV 2.4 GHz.
Hard Disk : 40 GB.
Ram : 512 Mb.
Modules:

1. Admin - Add Users in the System with Permissions.

User should able to add new Users in the System, and Admin can give Permission fo Activities as per
Role.

2. User Login.
User can login into System after Successfully OTP Authentication only.

3. Capture Attack.
System capture attacks by self Monitoring.

4. Capture Photo.
System activate camera and capture the photo in background without notification to user if illegal
activity happens.

5. Capture Screen shot.

System capture Screen shot of illegal Activity.

6. Capture IP Address of the System.

7. System sends the IP Address, Captured Photo of User and Snapshot of illegal Activity to the Admin.
Use case Diagram
Activity Diagram:
Conclusion
We are going to Develop the system that prevents and alert intrusion
attacks and our system. We have various modules that store and keep
track of all the users in system. All the users’ activities will be
monitored and get recorded in log file. If system finds the abnormal
activities .i.e. the activity which matches with the activities restricted
for the user, then system will generate an alert message to the admin.
System has self monitoring function that means it continuously keep on
monitoring the user activities.
 References
1. C. Yue and H. Wang, “BogusBiter: A transparent protection against phishing attacks,” ACM Trans. Int.
Technol., vol. 10, no. 2, pp. 1–31, May 2010.

2. Q. Chen, S. Abdelwahed, and A. Erradi, “A model-based approach to self-protection in computing

system,” in Proc. ACM Cloud Autonomic Comput. Conf., Miami, FL, USA, 2013, pp. 1–10.

3. H. Lu, B. Zhao, X. Wang, and J. Su, “DiffSig: Resource differentiation based malware behavioral concise
signature generation,” Inf. Commun. Technol., vol. 7804, pp. 271–284, 2013.

4. Z. Shan, X. Wang, T. Chiueh, and X. Meng, “Safe side effects commitment for OS-level virtualization,”
in Proc. ACM Int. Conf. Autonomic Comput., Karlsruhe, Germany, 2011, pp. 111–120.

5. J. Choi, C. Choi, B. Ko, D. Choi, and P. Kim, “Detecting web based DDoS attack using MapReduce
operations in cloud computing environment,” J. Internet Serv. Inf. Security, vol. 3, no. 3/4, pp. 28–37, Nov.
2013.

6. Q. Wang, L. Vu, K. Nahrstedt, and H. Khurana, “MIS: Malicious nodes identification scheme in network-
coding-based peer-to-peer streaming,” in Proc. IEEE INFOCOM, San Diego, CA, USA,