| The technique of intrusion detection based on sequence of host system call mainly focused on the data set of host system call, which is the kernel function of an operating system. As the character of kernel of operating system, sequence of system call can be used to detect the behavior of system without care of differentiation of user, and can be more effective in controlling the usage of privilege program and in preventing abusing.The paper mainly studys the detection categorization algorithm of intrusion detection system based system call. Key of the model of HIDS is how to categorize the systems got from processions well and truly. For this reason, we introduce into the KNN algorithm which is used in text categorization system. KNN namely K-Nearest Neighbor, is used to test the word right or nor in WORD. Here each system call in the processes treated as a word and the collection of system calls over each program execution as a document, and thus the method dealing text process is applied to intrusion detection. KNN analysis is a new intrusion detection method which bases KNN categorization.We apply KNN into HIDS, and design a HIDS based KNN algorithm. The research, design and realizing working mainly of the thesis include several following respects: 1 Analyses the current situation of the network security, make a summary of intrusion technology and development;Through the study of basic construction and algorithm realizing of intrusion detection system on sequence of host system call, introduce the KNN algorithm and describe the vector space of KNN. 3 Design the model of intrusion detection system based system call and introduce the function of each module and realization;3 Finally, we do a test of KNN algorithm through experimentation, and the result show that the KNN algorithm's accurately leads is satisfying, and is a good categorization algorithm in intrusion detection. |
PDF Full Text Request