A New Method to Detect Intrusions Using System Calls.

This paper advanced a new algorithm to detect network intrusions using sequences of system calls. This algorithm uses a data structure called weight tree, first it uses normal system call trace to build weight tree forest, which have to be pruned periodically in order to learn new pattern and eliminate impurity. Then it scans abnormal trace using those trees and gets the corresponding weight sequences. Those weight sequences can tell us if something abnormal has happened or not. It acquired good results in experiment. [ABSTRACT FROM AUTHOR]