SLGP Header

Decision Tree and Forensic Methodology for Detecting and Preventing Internal Attackers

IJCSEC Front Page

At present many computer systems log in pattern as user id and passwords to authenticate users. In an organization the people share their log in with colleagues and request these colleagues to complete the co tasks, there by affect the computer domain security. Internal attackers are known users of the system, who attack the system internally and it’s difficult to detect. In this paper, we propose Decision Tree and Forensic Methodology for Detecting and preventing internal attackers. Decision Tree and forensic Methodology creates user profile for users to keep track of their usage habits called as forensic features. Decision Tree and forensic Methodology work with intrusion detection mechanism. Network based attacks are identified by predefined algorithm. Decision Tree and forensic Methodology collected in the class limited system call list, as a key component of the system call monitor and filter. Decision Tree and forensic Methodology feasibility and accuracy are verified by Decisive rate threshold. User’s Forensic features are identified and analyzed by corresponding system call sequence. Decision Tree and forensic Methodology able to port into parallel system to enhance the accuracy of attack detection and shorten the attacker’s response time.
Keywords:Decision Tree, forensic features, system call monitor and filter, system call list, system call sequence.


  1. M. Jayamagarajothi and P. Murugeswari, “Decision tree and forensic methology for detecting and preventing internal attackers”, International Journal of Advanced Research in Computer and Communication Engineering (IJARCCE), Vol. 4, Issue 11, November 2015.
  2. Fang-Yie Leu, Kun-Lin Tsai, Member, IEEE, Yi-Ting Hsiao, and Chao-Tung Yang “An Internal Intrusion Detection and Protection System by Using Data Mining and Forensic Techniques“ IEEE Systems journal ,21 Apr ,2015
  3. F. Y. Leu, M. C. Li, J. C. Lin, and C. T. Yang, “Detection workload in a dynamic grid-based intrusion detection environment,” J. Parallel Distribute. Comput, vol. 68, no. 4, Apr. 2008, pp. 427–442.
  4. Z. Shan, X. Wang, T. Chiueh, and X. Meng, “Safe side effects commitment for OS-level virtualization,” in Proc. ACM Int. Conf. AutonomicComput., Karlsruhe, Germany, 2011, pp. 111.
  5. Fang-Yie Leu , Kai-Wei Hu “A Real-Time Intrusion Detection System using Data Mining Technique “systemics, cybernetics and informatics volume 6 - number 2 ,2012.
  6. Grant Pannell and Helen Ashman “ Anomaly Detection over User Profiles for Intrusion Detection “ in proc . 8th Australian Information Security Management Conference ,2010.
  7. Al-Khanjari, Z.Alanee, A.Kraiem, N.vJamoussi, Y. “proposing a real time internal intrusion detection system towards a secured development of e-government web site “in Proc . European Scientific Journal vol.3, December 2013.
  8. S. X. Wu and W. Banzhaf, “The use of computational intelligence in intrusion detection systems: A review,” Appl. Soft Comput., vol. 10,no. 1, Jan. 2010, pp. 1–35.
  9. J. T. Giffin, S. Jha, and B. P. Miller, “Automated discovery of mimicry attacks,” Recent Adv. Intrusion Detection, vol. 4219, Sep. 2006, pp. 41–60.
  10. S. Gajek, A. Sadeghi, C. Stuble, and M. Winandy, “Compartmented security for browsers—Or how to thwart a phisher with trusted computing,” in Proc. IEEE Int. Conf. Avail., Rel. Security, Vienna, Austria, Apr , 2007, pp. 120–127.
  11. Tarek Abbes LORIA/INRIA-Lorraine, Adel Bouhoula SUP’COM , Michaël Rusinowitch LORIA/INRIA-Lorraine “Protocol Analysis in Intrusion Detection Using Decision Tree “ in proc. International Conference on Information Technology Coding and Computing (ITCC’04) ,2004.
  12. A. Kartit, A. Saidi, F. Bezzazi, M. El marraki, A. Radi “ a new approach to intrusion detection system “journal of theoretical and applied information technology , 29th february 2012. Vol. 36 no.2
  13. K. A. Garcia, R. Monroy, L. A. Trejo, and C. Mex-Perera, “Analyzing log files for postmortem intrusion detection,” IEEE Trans. Syst., Man,Cybern., Part C: Appl. Rev., vol. 42, no. 6, Nov. 2012, pp. 1690–1704.
  14. Q. Chen, S. Abdelwahed, and A. Erradi, “A model-based approach to self-protection in computing system,” in Proc. ACM Cloud Autonomic Comput. Conf., Miami, FL, USA, 2013, pp. 1–10.