On a pattern-oriented model for intrusion detection

IEEE Transactions on Knowledge and Data Engineering

Volumn 9, Issue 4, 1997, Pages 661-667

  Shieh, Shiuh Pyng ^a,b   Gligor, Virgil D ^a,c  

^a IEEE   (Taiwan)

^b NATIONAL CHIAO TUNG UNIVERSITY   (Taiwan)

^c UNIVERSITY OF MARYLAND   (United States)

Author keywords

Access misuse; Audit analysis; Context dependent intrusion; Intrusion detection; Operational security problems; Rule based methods; Secure systems; Statistical methods

Indexed keywords

COMPUTER SYSTEMS; DATA HANDLING; KNOWLEDGE BASED SYSTEMS; PATTERN RECOGNITION; STATISTICAL METHODS;

ACCESS MISUSE; CONTEXT DEPENDENT INTRUSIONS; OPERATIONAL SECURITY PROBLEMS; PATTERN ORIENTED INTRUSION DETECTION;

SECURITY OF DATA;

EID: 0031190354     PISSN: 10414347     EISSN: None     Source Type: Journal    
DOI: 10.1109/69.617059     Document Type: Article

References (22)

1. A Guide to Understanding Audit in Trusted Systems, NCSC-TG-001 Version 2, June 1988.
2. R.W. Baldwin, "Rule Based Analysis of Computer Security," technical report, Massachusetts Inst. of Technology, Mar. 1988.
3. D.S. Bauer and M.E. Koblentz, "NIDX - A Real-Time Intrusion Detection Expert System," Proc. Summer Usenix, San Francisco, pp. 261-273, June 1988.
4. M. Bishop, "Security Problems with the Unix Operating System," technical report, Dept. of Computer Sciences, Purdue Univ., West Lafayette, Ind., pp. 1-28, 1983.
5. M. Bishop, "How To Write a Setuid Program," Proc. Winter Usenix, vol. 12, no. 1, pp. 5-11, 1987
6. M. Bishop, "Theft of Information in the Take-Grant Protection Model," Proc. Computer Security Foundations Workshop, Franconia, N.H., pp. 194-218, June 1988.
7. A.R. Clyde, "Insider Threat Identification Systems," Proc. 10th National Computer Security Conf., Baltimore, pp. 343-356, Oct. 1987.
8. D.E. Denning, "An Intrusion Detection Model," IEEE Trans. Software Eng., vol 13, no. 2, pp. 222-226, Feb. 1987.
9. T.D. Garvey and T.F. Lunt, "Model-Based Intrusion Detection," Proc. 14th Nat'l Computer Security Conf., Washington D.C., Oct. 1991.
10. V.D. Gligor et al.," Design and Implementation of Secure XENIX," IEEE Trans. Software Eng., vol. 13, no. 2, pp. 208-221, Feb. 1987.
11. K. Ilgun, P.A. Porras, and R.A. Kemmerer, "State Transition Analysis: A Rule-Based Intrusion Detection Approach," IEEE Trans. Software Eng., vol. 21, no. 3, pp. 181-199, Mar. 1995. (This paper is an extended version of two previous conference papers:
12. P.A. Porras and R.A. Kemmerer, "Penetration State Transition Analysis: A Rule-Based Intrusion Detection Approach," Proc. Eighth Ann. Computer Security Applications Conf., San Antonio, Texas, pp. 220-229, Dec. 1992;
13. K. Ilgun, "A Real-Time Intrusion Detection System for Unix," Proc. 1993 IEEE Symp. Research in Security and Privacy, Oakland, Calif., pp. 16-28, May 1993.)
14. H.S. Javitz and A. Valdes, "The SRI Statistical Anomaly Detector," Proc. IEEE Symp. Research in Security and Privacy, Oakland, Calif., pp. 316-326, May 1991.
15. T.F. Lunt and R. Jagannathan, "A Prototype Real Time Intrusion Detection Expert System," Proc. IEEE Symp. Security and Privacy, Oakland, Calif., pp. 59-66, Apr. 1988.
16. T.F. Lunt, "Automated Audit Trail Analysis and Intrusion Detection: A Survey," Proc. 11th Nat'l Computer Security Conf., Baltimore, pp. 65-73, Oct. 1988.
17. S.P. Shieh and V.D. Gligor, "A Pattern-Oriented Intrusion Detection System and Its Applications," Proc. IEEE Symp. Research in Security and Privacy, Oakland, Calif., pp. 327-342, May 1991.
18. S.E. Smaha, "Haystack: An Intrusion Detection System," Proc. Fourth Aerospace Computer Security Application Conf., Orlando, Fla., pp. 37-44, Dec. 1988.
19. M. Sebring, E. Shellhouse, and M. Hanna, "Expert Systems in Intrusion Detection: A Case Study," Proc. 11th Nat'l Computer Security Conf., Baltimore, pp. 74-81, Oct. 1988.
20. L. Snyder, "Theft and Conspiracy in the Take-Grant Protection Model," J. Computer and System Sciences, vol. 23, pp. 333-347, Dec. 1981.
21. S.H. Teng, K. Chen, and S.C. Lu, "Adaptive Real-time Anomaly Detection Using Inductively Generated Sequential Patterns," Proc. IEEE Symp. Research in Security and Privacy, Oakland, Calif., pp. 278-284, May 1990.
22. H.S. Vaccaro and G.E. Liepins, "Detection of Anomalous Computer Session Activity," Proc. IEEE Symp. Security and Privacy, Oakland, Calif., pp. 280-289, May 1989.