ANOMALY BASED – INTRUSION DETECTION SYSTEM USING USER PROFILE GENERATED FROM SYSTEM LOGS

Abstract

Intrusion Detection System (IDS) is a form of defense that aims to detect suspicious activities and attack against information systems in general. With new types of attacks appearing continuously, developing adaptive and flexible security oriented approaches is a severe challenge. In this scenario, this thesis presents an anomaly-based intrusion detection technique as a valuable technology to protect target system against malicious activities. This technique uses a semi-supervised learning model to identify and learn from past events as manifested in system logs and build a user behavior profile. The observed behavior of the user is analyzed to infer whether or not the normal profile supports the observed one. This is carried out using two class classifier. A new hybrid approach using SVM and NB is proposed that provides better accuracy and reduces the problem of high false alarm ratio. The comparison of the proposed approach is made with other SVM and NB techniques. Also, user profile training technique is enhanced by addition of new feature derived from the existing dataset. With these two proposed approaches detection rate is improved considerably. For the validation of the result cross validation is employed and the result is presented using ROC curve. The experimentation is implemented in two datasets from two different organizations.