Intrusion Detection Model Based On Confidence Of Relation Among System Call Arguments

In recent years, with the rise of the rapid development of the Internet and mobile terminal applications, information technology has spawned a family of networking, car networking, mobile networks and other new members, there has also been a growing number of network security incidents. Because of malicious attacks in the traditional PC and the payment system vulnerabilities in mobile, public information and other issues of user privacy gradually come into the sight of general public from the study of science laboratory. Among the many safety study, intrusion detection based on system call has been the research focus. To improve the accuracy of the model based on the control stream, we proposed an intrusion detection model based on credibility of parameter relationship with data flow information.First of all, to address the complexity in analyzing software behavior, we suggest to divide the sequence by mode. According to the repeatability and consistency of software behavior, we have to classify and divide the action sequences. Then extract different modes sequences for getting the control flow characteristics of software behavior. Now we can directly determine the sequences for the different modes from training and abnormal behavior of the model.Secondly, to describe the characteristics of the data flow between system calls, the model introduced the call attributes and relationships between them. For that the traditional model of behavior detection system only focus on control flow characteristics, we introduced the concept of data stream, as well as the relationship of the extracted parameters from the software behavior. For describing accurately the behavior of the software process and improving the completeness of the model, we take the control flow and data flow into account.Again, in order to improve the accuracy of the model, we introduce Accident probability and support value. Then we obtain the credibility of behavior rules by calculating, and make the normal rules library of software. In determining whether an act invasion, according to the confidence of its violation of all rules to calculate the extent of abnormal behavior, loss caused by late intrusions assessment to provide more accurate data.Finally, we describe the overall design of the prototype system and i design experiments to detect the proposed algorithm and existing algorithms to compare and analyze the behavior detection software for real data.