Intrusion detection is a critical component of security information systems. The intrusion detection process attempts to detect maliciousattacks by examining various data collected during processes on the protected system. This paper examines the anomaly-based intrusion detectionbased on sequences of system calls. The point is to construct a model thatdescribes normal or acceptable system activity using the classification treesapproach. The created database is utilized as a basis for distinguishing theintrusive activity from the legal one using string metric algorithms. Themajor results of the implemented simulation experiments are presented anddiscussed as well.
展开▼