Description: A new rule-based anomaly detection model. The system call function and the degree of risk in accordance with the classified, the model only in the key of each type of call (that is, the danger level for the system call one). In the learning process, dynamically deal call for each key, rather than the static data for data mining or statistics, so that we can realize the incremental learning. At the same time through a predefined, refining the rules, the rules effectively reduces the number of rules in the database, reducing the testing process time in the match rules.
File list (Check if you may need any files):