摘要： 基于系统调用序列的入侵检测系统没有考虑所有的系统调用特性，导致一些新型的攻击行为通过伪装能绕过基于系统调用序列的入侵检测系统的检测。针对上述攻击行为，提出一种基于系统调用参数的入侵检测系统模型。实验结果表明，该系统对伪装的系统调用有很高的检测率。

关键词: 伪装攻击, 系统调用参数, 入侵检测系统

Abstract: According to the present number of new attacks found that these systems can be evaded by launching attacks that execute legitimate system call sequences. The emergence of such an attack is inevitable because the system call sequence based on the intrusion detection system is not take into account all available features of system calls. A new method is proposed to construct parameter model of detection system by using parameters of system call. Experimental results indicate that the proposed method can achieve higher hit rates for detecting the mimicry attack.

Key words: mimicry attack, parameters of system call, intrusion detection system

中图分类号: 

• TP309.2