Abstract
Intrusion detection systems are often used to collect and analyze network traffic to help administrators prepare and deal with attacks. In behavioral approach, these detection systems work on the entire network to detect anomalies after establishing the network's normal profile involving all users. In this article we present a new method for intrusion detection based on behavioral approach where we show that IDSs could also be host-based so that the behavior of an individual user could be profiled using characteristics extracted from system log data. A new user behavior is considered abnormal when it deviates from its profile. When detected, this anomaly can prove to be an intrusion. This method help decrease U2R(exploring vulnerabilities to gain root access to the system) and R2L(obtaining access to remote system without having a user account) attacks that exploit operating system or software vulnerabilities and which are the most dangerous attacks towards confidentiality and integrity. It also demonstrates the effectiveness of data-mining techniques using the k-means algorithm. Our experimental results will be applied to the hospital information system (HIS).