The Research Of Security Based On System Call For Host Computer

With the development of Internet, people's lives have more and more deeply depended on computer networks. And then Computer networks should become more and more secure.The technology of Intrusion Detection is one of the important measures to protect the networks. Host-based intrusion detection is used to protect the key hosts, and has better detection efficiency and detection accuracy. System calls are the main object of the intruders; they often attack our system from outside using system call. In this paper, Both anomaly and misuse detection methods for the abnormities based on system calls are brought forword, At the same time particularly introducing a intrusion detection system based on immune mechanism, and some research results based on system calls are also described in the paper.At present, the system call sequences have already become one of the important data sources in host-based intrusion detection system. There are some merits which are high in accuracy, low in false fault and good in stability and so on by using the system calls analysis to judge the intrusion. This paper combines the anormaly method with misuse method to put forword a classification detection model based on system call. Abnormal detecting uses a high-efficient and low-loading method aiming at sequences. The method is based on Rough set theory and capable of extracting detection rules with the minimum size to form a normal behavior model from the record of sequences generated during the normal execution of process. Compared with other methods, the merits of using the Rough set theory to create the normal model are as follows: it is simple to get the training data; the small rules set is suitable to real-time detection, and the process' abnormal running state can be detected out effectively. Experiment results show that the efficiency of the method in this paper is obvious higher than other methods.Later,through the research of current intrusion detection systems and biological immune system, an immunity based network intrusion detection model is discussed and analyzed in full detail from the view of robustness, extensibility, scalability, adaptability and efficiency.thus the model indicates ways in which we can improve our existing intrusion detection systems.That is...