There are two main approaches for implementing IDS Host based and Network based. While the former is implemented in

form of software deployed on a host, the latter, usually is built as a

hardware product with its own hardware platform (IDS appliance).

In this paper, a host based intrusion detection system, that uses the

idea of tracing system calls, is introduced. As a program runs, it

uses the services of the underlying operating system to do some

system calls. This system does not exactly need to know the

program codes of each process. Normal and intrusive behaviors are

collected with gathering the sequences of system calls for each

process. Analysis of data is done via data mining and fuzzy

techniques. Data mining is used to extract normal behaviors

(normal unique rules) and Fuzzy to enhance intelligence of the

System. The proposed system is shown to improve the

performance, and decrease size of database, time complexity, and

rate of false alarms.-There are two main approaches for implementing IDS　Host based and Network based. While the former is implemented in

form of software deployed on a host, the latter, usually is built as a

hardware product with its own hardware platform (IDS appliance).

In this paper, a host based intrusion detection system, that uses the

idea of tracing system calls, is introduced. As a program runs, it

uses the services of the underlying operating system to do some

system calls. This system does not exactly need to know the

program codes of each process. Normal and intrusive behaviors are

collected with gathering the sequences of system calls for each

process. Analysis of data is done via data mining and fuzzy

techniques. Data mining is used to extract normal behaviors

(normal unique rules) and Fuzzy to enhance intelligence of the

System. The proposed system is shown to improve the

performance, and decrease size of database, time complexity, and

rate of false alarms.