Issue No. 04 - July-August (1997 vol. 9)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/69.617059
<p><b>Abstract</b>—Operational security problems, which are often the result of access authorization misuse, can lead to intrusion in secure computer systems. We motivate the need for pattern-oriented intrusion detection, and present a model that tracks both data and privilege flows within secure systems to detect context-dependent intrusions caused by operational security problems. The model allows the uniform representation of various types of intrusion patterns, such as those caused by unintended use of foreign programs and input data, imprudent choice of default privileges, and use of weak protection mechanisms. As with all pattern-oriented models, this model cannot be used to detect new, unanticipated intrusion patterns that could be detected by statistical models. For this reason, we expect that this model will complement, not replace, statistical models for intrusion detection.</p>
Access misuse, audit analysis, context-dependent intrusion, intrusion detection, operational security problems, statistical methods, rule-based methods, secure systems.
Virgil D. Gligor, Shiuh-Pyng Shieh, "On a Pattern-Oriented Model for Intrusion Detection", IEEE Transactions on Knowledge & Data Engineering, vol. 9, no. , pp. 661-667, July-August 1997, doi:10.1109/69.617059