Detecting the deviations of privileged process execution

Most intruders access system unauthorizedly by exploiting vulnerabilities of privileged processes. Respectively monitoring privileged processes via system call sequences is one of effective methods to detect intrusions. Based on the analysis of popular attacks, we bring forward a new intrusion detection model monitoring the system call sequences, which use locally fuzzy matching to improve the detection accuracy. And the model adopts a novel profile generation method, which could easily generate better profile. The experimental results show that both the accuracy and the efficiency have been improved.