入侵检测是一种积极主动的网络系统安全防护技术,提供了对内部攻击、外部攻击和误操作的实时保护.系统调用是用户程序和操作系统之间交互的接口,基于系统调用的入侵检测,就是针对主机的系统调用数据进行监控和分析的技术.基于系统调用序列的主机入侵检测技术具有准确率高、误报率低和稳定性好的特性,是开发入侵检测系统的一个很好的选择.主要从异常检测出发,利用两种不同分析方法,分别对基于系统调用序列的主机入侵检测进行较为深入的研究,并分析和验证了两种方法各自的优点和不足.%Intrusion detection is a proactive network system security technology,which provides the real-time protection of internal attacks,external attacks and host misuse.The system call is the interactive interface of user programs and operating systems.The intrusion detection based on the system call based on host,is a technology which monitors and analyzes the host's data of the system call.Intrusion detection based on the system call sequences shows great advantages of high accuracy,low false alarm rate and good stability,so it is a good technology to be used for host security systems.The paper focuses on the host anomaly detection,using two kind of algorithms to study the intrusion detection based on the system calls and compare the two methods on detection accuracy and efficiency in detail.
展开▼
