A progress report on UNICOS misuse detection at Los Alamos
- Los Alamos National Lab., NM (United States). Computing, Information and Communications Div.
An effective method for detecting computer misuse is the automatic monitoring and analysis of on-line user activity. During the past year, Los Alamos enhanced its Network Anomaly Detection and Intrusion Reporter (NADIR) to include analysis of user activity on Los Alamos` UNICOS Crays. In near real-time, NADIR compares user activity to historical profiles and tests activity against expert rules. The expert rules express Los Alamos` security policy and define improper or suspicious behavior. NADIR reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. This paper describes the implementation to date of the UNICOS component of NADIR, along with the operational experiences and future plans for the system.
- Research Organization:
- Los Alamos National Lab., NM (United States)
- Sponsoring Organization:
- USDOE, Washington, DC (United States)
- DOE Contract Number:
- W-7405-ENG-36
- OSTI ID:
- 119968
- Report Number(s):
- LA-UR--95-3330; CONF-9509232--3; ON: DE96001378
- Country of Publication:
- United States
- Language:
- English
Similar Records
Misuse and intrusion detection at Los Alamos National Laboratory
UNICORN: Misuse detection for UNICOS