Supported by the National Grand Fundamental Research 973 Program of China under Grant No.G1999035802 (国家重点基础研究发展规划(973)); the National Foundation of China for Palmary Youth under Grant No.60025205 (国家杰出青年基金)
Anomaly Detection techniques assume all intrusive activities deviate from the norm. In this paper a new anomaly detection model is found to improve the veracity and efficiency. The proposed model inestablishes a normal activity profile of the systemcall sequences by using Genetic Programming. One instance of the model monitors one process. If the model finds the real systemcall sequences profile of the process deviating from the normal activity profile, it will flag the process as intrusive and take some actions to respond to it. And a new method of calculating the fitness and two operators to generate the next offspring are provided. According to the comparison with some of current models, the model is more veracious and more efficient.