On a pattern-oriented model for intrusion detection

Author

Shieh, Shiuh-Pyng ; Gligor, Virgil D.

Author_Institution

Dept. of Comput. Sci. & Inf. Eng., Nat. Chiao Tung Univ., Hsinchu, Taiwan

Volume

9

Issue

4

fYear

1997

Firstpage

661

Lastpage

667

Abstract

Operational security problems, which are often the result of access authorization misuse, can lead to intrusion in secure computer systems. We motivate the need for pattern-oriented intrusion detection, and present a model that tracks both data and privilege flows within secure systems to detect context-dependent intrusions caused by operational security problems. The model allows the uniform representation of various types of intrusion patterns, such as those caused by unintended use of foreign programs and input data, imprudent choice of default privileges, and use of weak protection mechanisms. As with all pattern-oriented models, this model cannot be used to detect new, unanticipated intrusion patterns that could be detected by statistical models. For this reason, we expect that this model will complement, not replace, statistical models for intrusion detection

Keywords

authorisation; data flow analysis; directed graphs; statistical analysis; access authorization misuse; context-dependent intrusions; data flows; default privileges; directed graph; foreign programs; input data; intrusion detection; operational security problems; pattern-oriented model; privilege flows; statistical models; weak protection mechanisms; Access control; Authentication; Authorization; Computer security; Context modeling; Data security; Intrusion detection; Performance analysis; Protection; Statistical analysis;

fLanguage

English

Journal_Title

Knowledge and Data Engineering, IEEE Transactions on

Publisher

ieee

ISSN

1041-4347

Type

jour

DOI

10.1109/69.617059

Filename

617059