Post-Attack Detection Using Log Files Analysis

Security has become a most important issue in recent years, for that much intrusion detection systems have been proposed. Though there are lots of systems available we still need a system which will timely detect the intrusions. Proposed system is a host based intrusion detection system can be called is Post-Attack intrusion detection. We are investigating the system log files which contain the log of all system calls. The system has two main features. 1) It reduces the time to locate a particular log with intruder activities by factoring it. 2) A classifier which will classify the normal behaviour form malicious one. To factor the log files sequitur method is used which will reduce the size of log, and a classifier is the main part of system which is using a HMM (Hidden Markov Model) and k-means to classify normal and abnormal behaviour.