KERNAL-BASED INTRUSION DETECTION USING BLOOM FILTERS

摘要

Kernel-based intrusion detection using Bloom filters is disclosed. In one of many possible embodiments for detecting an intrusion attack, a Bloom filter is provided and used to generate a Bloom filter data object. The Bloom filter data object contains data representative of expected system-call behavior associated with a computer program. The Bloom filter data object is embedded in an operating system (“OS”) kernel upon an invocation of the computer program. Actual system-call behavior is compared with the data in the Bloom filter data object.