Dynamical System Approach To Host Based Intrusion Detection

Now network develop faster and faster, people's live all have already not got away from the help of computer. To ensure the safety of the network environment become more and more important. In recent years, the vast majority of attacks are happening around the host vulnerability, so the research of host based intrusion detection is very important. In order to improve the accuracy of the abnormal host intrusion detection, this paper, taking the research of host-based anomaly intrusion detection, the dynamical system theory and method of system calls and combination of intrusion detection to realize more convenient and more accurate.Firstly, it introduced the host intrusion detection and the concept of the dynamic system theory. And then through the system call trace, the simulation experiment research needed data collection, comparing the data by using the method of the dynamic system for realizing the intrusion detection. Next on the DARPA-98 data sets, system call parameters analysis, from the perspective of power system, the observation system call access values, the researchers can use this data set to detect abnormal behavior. Linux platform based on the Pro FTP service running on FTP vulnerabilities, collecting system call data and normal execution system call data, compared with a gathering subsystem analysis method, analysis the difference between daemon in attack and normal state. Finally, the Chat Sever Easy application of the API calls for analysis based on the Windows platform. The API calls can be infected from Windows platform application distinguish normal application. From their normal baseline values, and these data sets deviation existing in the method of power system graphics, strong emphasis on the theory of this paper is suitable for detecting abnormal application behavior, this paper studies the method can be detect abnormal application behavior. In the end, all the experiments were summarized in this paper, on the analysis and evaluation of the length of the data discussed in two directions.Through the study of this article, we apply the approach of dynamical system theory on system call sequences and parameters analysis, which can be used to detect abnormalities in the system dynamics deviation and improve the host intrusion detection accuracy and versatility.