| With the developing of computer and network technology, information security has become an increasingly important area of research. Traditional information security technologies including firewalls and intrusion detection, etc. Firewalls can isolate illegal access, but once been break then invalid. Intrusion detection system(IDS) is considered as the second security gate behind firewalls, it determines whether been invasion by audit data sources, providing real-time protection for internal and external attacks and misoperation.IDS uses a wide range of technologies one is system call related. But whether it based on system call sequence or other parameters all have defects. Such as can not detecting attacks without changing calling sequence, or high system overhead and low detection capability cause of feature selection have not optimized.This paper proposed an IDS model based on system call arguments and context of process according to previous studies. First study the relationship between system calls and invasions, to select key system calls and its argument. Second study the context when system call invocations, to select key context information which can indicate different stages of process and security-related. Then proved the system call argument and context are closely related in the model through a mathematical method. That is this model is feasible in theory.Finally, experiments proved this model not only can detect attacks without changing calling sequence but just changing calling arguments, but also had concise and effective feature selection, improved the capability of the IDS, made a superior detection results, remedied the shortcomings of other related intrusion detection technologies. |
PDF Full Text Request