An Intrusion Detection Method(RHDID) Based on Relative Hamming Distance

A new kind of method for anomaly intrusion detection, which is named RHDID(An Intrusion Detection Method Based on Relative Hamming Distance) is brought forward, in which "normal behavior" is defined by the sequences of system calls and parameters in a privileged process. Based on HD (Hamming Distance), a novel algorithm, which is named as Relative Hamming Distance (RHD), is presented to decrease false positive rate. This method (RHDID) can effectively reduce false positives and negative positives and can be applied to real time intrusion detection. Finally, the operational prototypical system demonstrates its feasibility and gets the effectiveness of real time intrusion detection. The experimental results show that the proposed detection method based on RHD is more powerful and more efficient than the classical one.