关键词: 入侵检测，异常检测，异常分析，系统调用，服务器程序，结构模式识别

Abstract: In terms of methods describing normal program behavior, anomaly detection based on program can be grouped into several broad categories; specification-based, frectuency-based, control-flow-based, and data-flow-based. After reviewing systematically the basic ideas and various models used in these approaches, discussing the new advances of the technique, pointing out and analyzing some problems and weaknesses which exist in current research, this paper formulcted a notion that anomaly detection based on program should focus attention on various server programs. A system prototype based on the hierarchical structure of server programs' traces and validated by a preliminary experiment was simply introduced. The prototype is capable of analyzing anomalous events and providing detailed information with resped to intrusion,and these abilities are just the trend for more research of anomaly detection.

Key words: Intrusion detection, Anomaly detection, Anomaly analysis, System call, Server programs, Structural pattern recognition