Detection of anomalous computer session activity
This paper describes recent Los Alamos National Laboratory (LANL) applications of research into automated anomaly detection. In the context of computer security, anomaly detection seeks to identify events shown in audit records that are inconsistent with routine operation and therefore may be indicative of an intrusion into the computer, serious human errors, or malicious behavior by a legitimate user. Access by an intruder, execution of ''Trojan horses'' and ''viruses,'' as well as malicious, destructive behavior are all assumed to produce anomalous events that are recorded in a computer audit trail. This trail, perhaps with augmented data collection capabilities, is processed, in real-time, to detect such events, alert a knowledgeable computer security officer to the threat, and help resolve the situation. 3 refs., 6 figs.
- Research Organization:
- Los Alamos National Lab., NM (USA)
- DOE Contract Number:
- W-7405-ENG-36
- OSTI ID:
- 6062487
- Report Number(s):
- LA-UR-88-3656; CONF-890536-2; ON: DE89003607
- Country of Publication:
- United States
- Language:
- English
Similar Records
Towards a testbed for malicious code detection
An expert system application for network intrusion detection
Automated assistance for detecting malicious code
Conference
·
Mon Dec 31 23:00:00 EST 1990
·
OSTI ID:6242460
An expert system application for network intrusion detection
Conference
·
Mon Dec 31 23:00:00 EST 1990
·
OSTI ID:5386779
Automated assistance for detecting malicious code
Technical Report
·
Fri Jun 18 00:00:00 EDT 1993
·
OSTI ID:10176903