In this thesis, we apply classification models to anomaly-based intrusion detection using system call traces. Several feature extraction techniques commonly used for vectorizing system call traces are examined, including the Boolean Model, Simple Vector Space Model, Traditional N-Gram Vector Space Model, and the N-Gram TF-IDF Model. We then propose a novel variable-length feature extraction framework based on the N-Gram TF-IDF Model, whereby n-gram terms of various length are included in the feature set. We then evaluate the performance of each feature extraction approach with the Australian Defense Force Academy Linux Dataset (ADFA-LD) using three classification models: linear discriminant analysis, random forest classification, and logistic regression. By computing performance metrics, including accuracy, precision, recall, F-measure, false positive rate, and area under the curve (AUC), we obtain insight into the trade-off between model complexity and performance.