A pattern-oriented intrusion-detection model and its applications

Abstract

Operational security problems can lead to intrusion in secure computer systems. The authors justify the need for, and present, a pattern-oriented intrusion-detection model that can be used to analyze object privilege and data flows in secure computer systems to detect operational security problems. This model can address context-dependent intrusion, such as use of covert-storage channels and virus propagation, and has been used to build an intrusion detection system for Trusted XENIX. Pattern-oriented intrusion detection is expected to complement, not replace, current statistical approaches to intrusion detection.<>