Skip to Main Content
Three intrusion detection systems that use trails of system calls have been investigated. The three techniques used to generate the pattern database have been adapted from sequence method, lookahead-pairs method and variable-length-with-overlap-relationship method. Testing against Trojan horse and denial of service attacks was analyzed. None of the systems is capable of defeating the system-call denial-of-service-attack. Modification is necessary to indicate maximum threshold value for the number of times a pattern may be contiguously repeated. Furthermore, Lookahead-pairs method had the best space cost performance with a window size less than 24.