Misuse and intrusion detection at Los Alamos National Laboratory
An effective method for detecting computer misuse is the automatic auditing and analysis of on-line user activity. This activity is reflected in system audit records, in system vulnerability postures, and in other evidence found through active system testing. Since 1989 we have implemented a misuse and intrusion detection system at Los Alamos. This is the Network Anomaly Detection and Intrusion Reporter, or NADIR. NADIR currently audits a Kerberos distributed authentication system, file activity on a mass, storage system, and four Cray supercomputers that run the UNICOS operating system. NADIR summarizes user activity and system configuration in statistical profiles. It compares these profiles to expert rules that define security policy and improper or suspicious behavior. It reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations, As NADIR is constantly evolving, this paper reports its development to date.
- Research Organization:
- Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
- Sponsoring Organization:
- USDOE, Washington, DC (United States)
- DOE Contract Number:
- W-7405-ENG-36
- OSTI ID:
- 42500
- Report Number(s):
- LA-UR-95-1039; CONF-9505191-1; ON: DE95009413; TRN: 95:003544
- Resource Relation:
- Conference: 17. Department of Energy computer security group training conference, Milwaukee, WI (United States), 1-4 May 1995; Other Information: PBD: [1995]
- Country of Publication:
- United States
- Language:
- English
Similar Records
An automated computer misuse detection system for UNICOS
A progress report on UNICOS misuse detection at Los Alamos