[Ilgun93] K. Ilgun, USTAT: A Real-Time Intrusion Detection System for UNIX, Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy, May, 1993 pp16-28. [This paper describes a rule-based penetration identification method based on maintaining a set of state-transition diagrams that describe the sequences of events being sought. If a described sequence is found, and intrusion detection is alarmed. The stated goal is to analyze state information rather than audit information, but in the end, audit trails are the only thing analyzed.]