A progress report on UNICOS misuse detection at Los Alamos
- Los Alamos National Lab., NM (United States). Computing, Information and Communications Div.
An effective method for detecting computer misuse is the automatic monitoring and analysis of on-line user activity. During the past year, Los Alamos enhanced its Network Anomaly Detection and Intrusion Reporter (NADIR) to include analysis of user activity on Los Alamos` UNICOS Crays. In near real-time, NADIR compares user activity to historical profiles and tests activity against expert rules. The expert rules express Los Alamos` security policy and define improper or suspicious behavior. NADIR reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. This paper describes the implementation to date of the UNICOS component of NADIR, along with the operational experiences and future plans for the system.
- Research Organization:
- Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
- Sponsoring Organization:
- USDOE, Washington, DC (United States)
- DOE Contract Number:
- W-7405-ENG-36
- OSTI ID:
- 119968
- Report Number(s):
- LA-UR-95-3330; CONF-9509232-3; ON: DE96001378; TRN: AHC29527%%111
- Resource Relation:
- Conference: Cray user group meeting, Fairbanks, AK (United States), 25-29 Sep 1995; Other Information: PBD: [1995]
- Country of Publication:
- United States
- Language:
- English
Similar Records
Misuse and intrusion detection at Los Alamos National Laboratory
An automated computer misuse detection system for UNICOS