Post intrusion assessment detection

Many applications involve system that it must protect and shielded from intruders. This research studies how to recognize an attack early so we can respond quickly and prevent the similar future attacks. The systems in any network environment contain a variety of software and data files. Unexpected changes in directories and files, especially those to which access is normally restricted, may be an indication that an intrusion has occurred. Changes may include modifying, creating, or deleting directories and files. What makes such changes unexpected may depend on who changed them and where, when, and how the changes were made. Post Intrusion Detection Assessment used in this research is an application that monitors such system activities for malicious activities or policy violations and produces reports to the system administrator for actions. The system we developed consists of four modules: scanning the system, scanning the current state of the system, analysis, and assessment report generation.