Choure Chaitali, Patil Leena .H, International Journal of Advance Research, Ideas and Innovations in Technology. © 2018, www.IJARIIT.com All Rights Reserved Page | 61 ISSN: 2454-132X Impact factor: 4.295 (Volume 4, Issue 1) Available online at www.ijariit.com A Literature Survey on Intrusion Detection and Protection System using Data Mining Chaitali Choure Priyadarshini Institute of Engineering and Technology, Nagpur, Maharashtra chaitalichoure13@gmail.com Leena H. Patil Priyadarshini Institute of Engineering and Technology, Nagpur, Maharashtra lhpatil10@gmail.com Abstract: In the modern world of security many researchers have proposed various new approaches; among those techniques application of data mining for Intrusion detection is one of the best suitable approaches. The system proposes a security system, name the Intrusion Detection and Protection System (IDPS) at system call level, which creates a personal profile for the user to keep track of user usage habits as the forensic features. The IDP uses a local computational grid to detect malicious behavior in a real time manner. In this paper, a security system named the IDPS is proposed to detect insider attacker at SC level by using data mining and forensic techniques. Keywords: Forensic Features, Identify User, Data Mining, Internal Intrusion Detection and Protection, System call (SC). I. INTRODCTION The complexity of security attacks is very high. these attacks are difficult to handle. The solution of these issues is a creating an effective Intrusion Detection system(IDS).Intrusion means any set of activity that tries to harm the security goals of the information.It is very difficult to identify who the attacker is because attacks packages are often issued with valid login pattern. Most current computers check UID and password as an authentication. But hackers may install Trojans to pilfer victim’s security patterns or issue a large scale of trials with the assistance of a dictionary to access users ’ passwords before they can legally log in to a system. When successful, hackers may access user’s private files or even destroy system settings. Most host-based security systems can discover an intrusion from a user’s logged history afterward. And most network-based systems can detect an intrusion online. However, to identify who the attacker is in real-time is difficult since attack packets are often issued with forged IPs. In this paper, we propose a security system, named the Intrusion Detection and Identification System (IDIS), which mines log data to identify commands and their sequences(together named command sequences ) that a user habitually submits and follows respectively as the user’s forensic features. When an unknown user logs in to a computer, the IDIS starts monitoring the user's input commands to detect whether the users are issuing an attack. IIDPS can block internal intruders and identify the attacker in the network. II. LITRATURE SURVEY [1] Analyzing log Files for Postmortem Intrusion Detection AUTHORS: K. A. Garcia, R. Monroy, L. A. Trejo, and C. Mex-Perera Description: Upon associate degree intrusion, staff should analyze the IT system that has been compromised, so as to see however the aggressor gained access to that, and what he did afterwards. Usually, this associate degree analysis reveals that the aggressor has run an exploit that takes advantage of a system vulnerability. Pinpointing, during a given log file, the execution of 1 such associate degree exploits, if any, is extremely valuable for pc security. this can be each as a result of it accelerates the method of gathering proof of the intrusion, and since it helps taking measures to stop an extra intrusion, e.g., by building associate degreed applying an applicable attack signature for intrusion detection system maintenance.