Intrusion Detection and Prevention Systems (IDPS) are being widely implemented to prevent suspicious threats in computer networks. Intrusion detection and prevention systems are security systems that are used to detect and prevent security threats to computer networks. In order to understand the security risks and IDPS, in this chapter, the authors make a quick review on classification of the IDPSs and categorize them in certain groups. Further, in order to improve accuracy and security, data mining techniques have been used to analyze audit data and extract features that can distinguish normal activities from intrusions. Experiments have been conducted for building efficient intrusion detection and prevention systems by combining online detection and offline data mining. During online data examination, real-time data are captured and are passed through a detection engine that uses a set of rules and parameters for analysis. During offline data mining, necessary knowledge is extracted about the process of intrusion.
AN INTERNAL INTRUSION DETECTION AND PROTECTION SYSTEM BY USING DATA MINING AND FORENSIC TECHNIQUES
