An intrusion detection system based on system call

Intrusion detection is an efficient way to protect information system. This paper puts forward a new method of anomalous intrusion detection based on system call. It uses system calls regarded as input, and creates a FSA (finite-state automation machine) for the functions in the program. Then the FSA is used to detect the attack. Moreover, it can find the place of the vulnerability which exists in the program. This can help to alter the source program. Results are shown that this method is effective for some intrusion events.