can u give me a code for host based intrusion detection using system call introspection...
I think u need to buy something like tripwire...
You could also try OSSEC it a freeware
Tripwire does not provide system call introspection.
OSSEC does not provide system call introspection. OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
System call introspection is not log analysis, etc.
Before you can define a host-based intrusion detection system using system call introspection, you must specify your operating system, your application, and the APIs into your system that would interface with an IDS.
What is your platform, your application and APIs?
----
Note: Refer to the attached paper on BlueBox, a host-based IDS research project that uses Linux kernel modifications for system call introspection. One of the main issues with system call introspection is, generally speaking, the requirement to modify the kernel so system calls can be inspected.
Also note: The attached paper describes a rule-based approach for system call introspection. A rule-based approach alone, while this approach does have value, is inefficient and labor intensive. A machine-learning algorithm that crunches events from system call introspection APIs is requires for more advanced, complex analysis.