A phased approach to network intrusion detection
Conference
·
OSTI ID:6036778
This paper describes the design and development of a prototype intrusion detection system for the Los Alamos National Laboratory's Integrated Computing Network (ICN). The development of this system is based on three basic assumptions: (1) that statistical analysis of computer system and user activates may be used to characterize normal system and user behavior, and that given the resulting statistical profiles, behavior which deviates beyond certain bounds can be detected, (2) that expert system techniques can be applied to security auditing and intrusion detection, and (3) that successful intrusion detection may take place while monitoring a limited set of network activities. The Network Anomaly Detection and Intrusion Reporter (NADIR) design intent was to duplicate and improve the audit record review activities which had previously been undertaken by security personnel, to replace the manual review of audit logs with a near realtime expert system.
- Research Organization:
- Los Alamos National Lab., NM (USA)
- Sponsoring Organization:
- DOE; USDOE, Washington, DC (USA)
- DOE Contract Number:
- W-7405-ENG-36
- OSTI ID:
- 6036778
- Report Number(s):
- LA-UR-91-334; CONF-9105126--1; ON: DE91007481
- Country of Publication:
- United States
- Language:
- English
Similar Records
An expert system application for network intrusion detection
NADIR (Network Anomaly Detection and Intrusion Reporter): A prototype network intrusion detection system
NADIR: A prototype system for detecting network and file system abuse
Conference
·
Mon Dec 31 23:00:00 EST 1990
·
OSTI ID:5386779
NADIR (Network Anomaly Detection and Intrusion Reporter): A prototype network intrusion detection system
Conference
·
Sun Dec 31 23:00:00 EST 1989
·
OSTI ID:6192985
NADIR: A prototype system for detecting network and file system abuse
Conference
·
Thu Oct 01 00:00:00 EDT 1992
·
OSTI ID:10187351