The document proposes an intrusion detection model that uses a modified Apriori algorithm to identify frequent patterns in a database transaction log and detect anomalous queries. The model consists of three stages: 1) initialization where Apriori is used to generate a list of trusted rules from the database, 2) periodic follow up where Apriori is rerun to detect new rules which are compared to the trusted list with outliers flagged as suspected intrusions, and 3) action where a database administrator reviews the suspected intrusions. While effective, the model has limitations such as potentially missing patterns for large datasets and reduced performance from multiple scans of transaction logs.