Determining User Behaviour Using System Calls To Prevent Internal Intrusions

Abstract

Today the most common method of authentication used in modern day systems is username and password authentication.It has been found that many coworkers share their login credentials with each other which basically makes username and password authentication as one of the most susceptible points that can be exploited. Most of the systems that are in use today protect the system against the external threats only by using firewalls and intrusion detection systems, which leaves the system susceptible to all the internal threats.Internal threats arise from the individuals who are valid and genuine users of the system and are hard to detect as nobody is looking for them. In order to solve the problem of internal attacks and prevent the system from data leaks that take place from the inside some work needs to be done.It has been found out that by analysing System calls generated by operations are helpful in determining the behaviour of a user. So, we propose a method to determine the behaviour of a user from system calls using data mining and forensic analysis to prevent the system from internal intrusions. The proposed system will keep a track of all the users in the system and make their profiles which will contain their usage habits which are used as forensic features to determine whether a user logged in the system is the valid user or not by comparing his current system usage behaviour with the patterns already collected in the users personal profile which is managed by the admin.