数据挖掘技术在基于系统调用的入侵检测中的应用

数据挖掘是人工智能、机器学习与数据库技术等多学科相结合的产物。作为当前重要的前沿课题之一。研究人员提出了许多数据挖掘理论和方法，并取得了许多重要的研究成果。系统调用序列已经成为基于主机的入侵检测系统重要的数据源之一，通过对系统调用的分析来判断入侵事件，具有准确性高、误警率低和稳定性好等优点。本文运用统计、比较方法对当前国际上利用数据挖掘技术分析系统调用序列的相关著作和论文进行了详细讨论和分析，最后设计一个基于数据挖掘技术入侵检测的通用模型。

Data mining technology's application on IDS based on system call

Data mining is the production of artificial intelligence and machine study and database and so on. Because it is a new important problem, researchers have put forward many theories and techniques about data mining and the harvest is significant. The system calls have already become one of the important data sources of host-based intrusion detection system. There are some merits which are the high accuracy, the low false fault and the good stability and so on by using of the system calls analysis to judge the intrusion. At present, the international research about this aspect mainly focuses on how to design effective detecting algorithms and using data mining technology to analyz the system calls sequences of improving detective effect. By means of statistics and comparison, the emphases and correlative productions about system calls sequences based on the data mining technology in resent years were discussed and analyzed in detail. Finally, a universal model based on the system calls IDS was designed.