Quote:
Originally Posted by
aravind007
can u give me a code for host based intrusion detection using system call introspection...
Before you can define a host-based intrusion detection system using system call introspection, you must specify your operating system, your application, and the APIs into your system that would interface with an IDS.
What is your platform, your application and APIs?
----
Note: Refer to the attached paper on BlueBox, a host-based IDS research project that uses Linux kernel modifications for system call introspection. One of the main issues with system call introspection is, generally speaking, the requirement to modify the kernel so system calls can be inspected.
Also note: The attached paper describes a rule-based approach for system call introspection. A rule-based approach alone, while this approach does have value, is inefficient and labor intensive. A machine-learning algorithm that crunches events from system call introspection APIs is requires for more advanced, complex analysis.