由授权进程产生的系统调用短序列可作为计算机免疫系统中的“自我”标识。介绍如何利用数据挖掘技术在应用程序的系统调用数据集上进行分类挖掘,从而生成计算机免疫系统中的入侵检测规则,给出并分析了实验结果,发现用此方法生成的规则对未知数据进行分类有较高的准确率。 The short sequences of system calls generated by the authorizing process can be identified as “self” in the computer’s immune system. This paper introduces how to use data mining technology to classify and mine the system call datasets of applications to generate intrusion detection rules in the computer immune system. The experimental results are given and analyzed. The rules generated by this method are used to classify the unknown data Have a higher accuracy.