A Grid System Detecting Internal Malicious Behaviors at System Call Level

In our previous work, we developed a security system which detects malicious behaviors at systemcall level. It first creates users’ personal profiles for all users of a close environment and an attacker profile for all hackers to keep track of their usage behaviors as the computer forensic features, and then determines whether or not a legally login user u is the account holder or a hacker by comparing u’s current computer usage behaviors with the computer forensic features collected in u’s personal profiles and the attacker profile. In this study, we implement this security system by using a grid and parallel Message Passing Interface. Experimental results show that the grid system’s user identification accuracy is 94%, the accuracy on detecting internal malicious attempts is up to 97% and the response time is less than 0.45 sec, implying that it can prevent a protected system from internal attacks effectively and efficiently.