Based On System Call Anomaly Detection Technology

Nowadays, the network security question has been prominent more and more. Intrusion Detection System has become the essential security means. The so-called intrusion detection is to detect and identify the illegal attack and intrusion behavior that aim at the computer system, information system and the network. This technique has been used to protect the information of the companies in the world. But the traditional IDS still has flaw such as slow detection speed and high leaks detection rate.This thesis analyzes the traditional IDS system architecture and detection techniques, the neural network NN (Neural Network) technology and its application in IDS conducted an in-depth study. From accelerated testing speed, improved accuracy rate perspective, a neural network-based Intrusion Detection new model, the model used BP (Back Propagation) neural network detection, pattern recognition will be converted into numerical calculation, thereby speeding up the detection rate, at the same time combining expert system auxiliary detection and neural network to provide real-time training set, increase the accuracy of detection. At the same time against BP neural network in the practical application of the existing problems in the back-propagation algorithm for an in-depth study.This thesis adopts two different intrusion detection approaches: the approach based on neural network and the approach based on text categorization. The privilege process and system calls are used as research objects. By comparing the traditional detection approaches, this thesis analyzes the disadvantages of these approaches and more over, proposes the idea of applying neural network, leaky bucket, distance metric and text categorization in the intrusion detection. The experiments show that such approaches can effectively detect intrusive attacks and achieve a low false positive rate. We also use the ROC curves to evaluate the effectiveness of different detection approaches which show the better performance of the new approaches.This thesis first introduces intrusion detection system, and then analyzes the feasibility of viewing the privilege process and system calls as research objects. In order to evaluate the effectiveness of the proposed detection method, this thesis uses the DARPA data sets and meanwhile shows the process of pretreatment of these data sets.In the end, the thesis summarizes the research work, compares the performance of the two different detection approaches and indicates the future research work left.