| A Hidden Markov Model (HMM) based Host Intrusion Detection System (HIDS) is designed and tested in this thesis.First, the state-of-the-art of IDS and its characteristics are introduced. After carefully comparing various intrusion detection techniques, the research on HMM applied in HIDS is proposed, which is based on monitoring Linux system calls.The characteristics of Linux kernel are analyzed as well as the key technique of monitoring system calls. Then, some anomaly detection models based on monitoring system calls are discussed, especially the theory, algorithm, advantage and weakness of the Hidden Markov Model.The normal states of processes are modeled using HMM, which is improved by reducing the detection range.An HIDS based on monitoring Linux system calls is designed and implemented according to Common Intrusion Detection Framework (CIDF). The improved HMM algorithm is applied in this HIDS.The test results indicate that the HIDS has a better detection rate and lower misinformation rate. |
PDF Full Text Request