A host-based real-time intrusion detection system with data mining and forensic techniques

Host-based detective methods play an important role in developing an intrusion detection system (IDS). One of the major concerns of the development is its latency delay. Host-based IDS systems inspecting log files provided by operating systems or applications need more time to analyze log content. It demands a large number of computer resources, such as CPU time and memory. Besides, there still a crucial problem about how to transform human behavior into numbers so as measurement can be easily performed. In order to improve the problem addressed we promote IDS called host-based real time intrusion detection system (HRIDS). HRIDS monitors users´ activities in a real-time aspect. By defining user profiles, we can easily find out the anomalies and malicious accesses instantly. With the help of user profiles, we cannot only find which account has been misused, but also realize the true intruders. There is no need to update the knowledge databases of HRIDS. It is a self-organized and self-training system. Furthermore, we discover cooperative attacks submitted by users at the same time by using data mining and forensic techniques.