Abstract: Monitoring program behavior is one of the highlighted research topics of host-based anomaly detection recently. The key is to construct a program behavior-based anomaly detection model. Some existing anomaly detection techniques based on system call sequences are analyzed and discussed in this paper. They are compared from three dimensions: the information extracted from system call, the system call level used in anomaly detection and the information recorded by anomaly detector. Future work in this direction is also presented.

Key words: Host-based anomaly detection, System call sequence, Control flow

摘要： 监视程序行为是近年基于主机的异常入侵检测的研究热点，构建程序行为模型是进行异常检测的关键。该文根据构建程序行为模型时，从系统调用抽取的信息和异常检测中使用的系统调用序列的粒度以及异常检测器记录的信息，分析和比较了基于程序行为的异常检测技术，并对该项研究作了展望。

关键词: 基于主机的异常检测, 系统调用序列, 控制流