| Designing a new-style computer intrusion detection system based on the basic principles and ideas of biological immune is a new direction of research in the field of computer security, and its main purpose is to accurately distinguish between "self" and "nonself".In this paper, features of system call and immune theory are investigated first. By combining the advantages of fixed-length and variable-length system call sequential pattern, a new intrusion detection model based on ARTIS model and system call is designed, making the model more suitable for real-time intrusion detection and more accurately to distinguish between "self" and "nonself".By cutting down the system call number and introducing the "red flowers" and "green leaves" concepts, we focus on the design problems of the detector. By improving the definition of detector mode and generation and detection methods, we put forward processing techniques of variable-length sequence of red flowers and fixed-length sequence of green leaves, in order to maximize characterization behavior of programs and increase the accuracy of detection. Time efficiency of detection is achieved by improving the invasion determination mechanism where the red flower judgment is the main method but green judgment is the complementary. Finally, an automatic co-stimulatory mechanism is put forward in detection process. Since the new system call sequence model can describe the meaningful behavior of the program, and establish some mappings between the sequential pattern types and intrusion types, it provides us a new solution for the response mechanism which is relatively weak in intrusion detection technology.The computer immune technology studied in this paper is still in primary stage, but it is very significant to the development of computer security technology. |
PDF Full Text Request