An intrusion detection system based on system call

Intrusion detection is an efficient way to protect information system. This paper puts forward a new method of anomalous intrusion detection based on system call. It uses system calls regarded as input, and creates a FSA (finite-state automation machine) for the functions in the program. Then the FSA is used to detect the attack. Moreover, it can find the place of the vulnerability which exists in the program. This can help to alter the source program. Results are shown that this method is effective for some intrusion events.

[1]  Weibo Gong,et al.  Anomaly detection using call stack information , 2003, 2003 Symposium on Security and Privacy, 2003..

[2]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[3]  YUFei,et al.  An Intrusion Alarming System Based on Self-Similarity of Network Traffic , 2005 .

[4]  R. Sekar,et al.  A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[5]  Karl N. Levitt,et al.  Automated detection of vulnerabilities in privileged programs by execution monitoring , 1994, Tenth Annual Computer Security Applications Conference.

[6]  Bin Jiang,et al.  An intrusion detection system based on FRete net algorithm , 2004, Fifth World Congress on Intelligent Control and Automation (IEEE Cat. No.04EX788).

[7]  Guan Xiao-hong Design and Realization of Evaluation Environment for Intrusion Detection Systems , 2002 .