摘要： 针对广泛使用的Windows 平台，建立了一个基于主机的入侵检测实验系统。在深入分析Windows 主机的安全特性的基础上，利用安全日志、系统日志、性能日志及文件完整性校验、注册表等多种信息，提出了18 项入侵检测特征，并利用支持向量机建立入侵检测器，实现了对多种攻击的检测。实验结果表明，特征选取合理、检测方法有效。

关键词: 入侵检测系统；异常检测；Windows 主机；特征选取；支持向量机

Abstract: A kind of intrusion detection experimental system on the widely used Windows platform is put forward. On the basis of a thorough analysis of Windows’ security properties, 18 variables are suggested to be extracted as intrusion features from Windows’ security log, system log, performance log, file integrity check, the changes of registry keys et al, and then support vector machines are used as intrusion detector to find out all sorts of intrusions. The experiment results demonstrate that the extracted features are reasonable selected and the detection method is effective

Key words: Intrusion detection system; Anomaly detection; Windows host; Feature selection; Support vector machines