Skip to Main Content
Intrusion detection systems could rely on short sequences of system calls to distinguish between legitimate and illegitimate activities. We found that the frequencies of system calls in a particular process generally follow the Zipf's law. It means that there are many sequences which are meaningless to differentiate the ongoing behavior but generate lots of computing waste. Due to improve the performance of existing intrusion detection methods which are implemented in the kernel of operating system, this paper focuses on the negative selection algorithm using maximum entropy model to avoid the degeneration caused by the valueless repetition of system calls. The improved scheme uses negative selection method to remove the useless computing which is predicted by maximum entropy model. Experimental results demonstrate that the computing cost has a reduction of 50~80% with the same detection rate.