Introduction - If you have any usage issues, please Google them yourself
This paper proposes a new anomaly detection model based on rules. The system calls are classified according to the function and the risk degree, the model only for each type of key calls (that is, the risk level of 1 system calls). In the process of learning, dynamically processing each key calls, rather than a static data for data mining or statistics, which can realize incremental learning.