An Internal Intrusion Detection and Protection System by Using Data Mining and Forensic Techniques ABSTRACT Over the past several years, the Internet environment has become more complex and untrusted. Enterprise networked systems are inevitably exposed to the increasing threats posed by hackers as well as malicious users internal to a network. IDS technology is one of the important tools used now-a-days, to counter such threats. Various IIDS techniques has been proposed, which identifies and alarms for such threats or attacks. IIDS are an essential component of the network to be secured. The traditional IIDS are unable to manage various newly arising attacks. To deal with these new problems of networks, data mining based IIDS are opening new research avenues. Data mining provides a wide range of techniques to classify these attacks. The paper provides a study on the various data mining based intrusion detection techniques. In this paper, we propose a security system, named the Internal Intrusion Detection and Protection System (IIDPS for short) at system call level, which creates personal profiles for users to keep track of their usage habits as the forensic features, and determines whether a legally login users is the owner of the account or not by comparing his/her current computer usage behaviors with the user’s computer usage habits collected in the account holder’s personal profile. The IIDPS uses a local computational grid to detect malicious behaviors in a realtime manner. Our experimental results show that the IIDPS’s user identification accuracy is 93%, the accuracy on detecting its internal malicious attempts is up to 99% and the response time is less than 0.45 sec., implying that it can prevent a protected system from internal attacks effectively and efficiently. SYSTEM REQUIREMENTS Hardware Requirements Processor : Any Processor above 500 MHz RAM : 512 MB. Hard Disk : 320 GB. Input Device : Standard Keyboard & Mouse. Output Device : VGA & High Resolution Monitor. Software Requirements Domain : Cloud Computing Operating System : Windows XP. Front End : C# .NET Back End : SQLServer 2008R2