On a pattern-oriented model for intrusion detection

Shiuhpyng Shieh*, Virgil D. Gligor

*Corresponding author for this work

Research output: Contribution to journalArticle

51 Scopus citations


Operational security problems, which are often the result of access authorization misuse, can lead to intrusion in secure computer systems. We motivate the need for pattern-oriented intrusion detection, and present a model that tracks both data and privilege flows within secure systems to detect context-dependent intrusions caused by operational security problems. The model allows the uniform representation of various types of intrusion patterns, such as those caused by unintended use of foreign programs and input data, imprudent choice of default privileges, and use of weak protection mechanisms. As with all pattern-oriented models, this model cannot be used to detect new, unanticipated intrusion patterns that could be detected by statistical models. For this reason, we expect that this model will complement, not replace, statistical models for intrusion detection.

Original languageEnglish
Pages (from-to)661-667
Number of pages7
JournalIEEE Transactions on Knowledge and Data Engineering
Issue number4
StatePublished - 1 Dec 1997


  • Access misuse
  • Audit analysis
  • Context-dependent intrusion
  • Intrusion detection
  • Operational security problems
  • Rule-based methods
  • Secure systems
  • Statistical methods

Fingerprint Dive into the research topics of 'On a pattern-oriented model for intrusion detection'. Together they form a unique fingerprint.

  • Cite this