| The problem of computer security has existed since the naissance of computer. With the rapid development of Internet and electric commerce, people find it's becoming more and more difficult to protect the digital resource from intrusion. Intrusion Detection System(IDS) is invented to solve this problem. It's a mixture of digital processing, audit, pattern matching and stat. Through analyzing the audit digital or the network packet, It can find the attack to the computer and network.In the filed of intrusion detection, anomaly detection is an important branch. It first summarizes the actions of a program and creates the profit, and then monitors the program. If the following actions don't match the profit, maybe an attack is being done. The system call is an effective input for the IDS, we can use it to set up a model to describe the program for anomaly detection.This paper will introduce a new anomalous intrusion detection method. It uses system calls as input, and creates a FSA for the functions in the program. Then the FSA is used to detect the attack. Moreover, It can find the place where the vulnerability exists in the program. This can help to alter the source program. Experiment has proved this method is effective for many intrusion events. |
PDF Full Text Request