skip to main content

Title: A progress report on UNICOS misuse detection at Los Alamos

An effective method for detecting computer misuse is the automatic monitoring and analysis of on-line user activity. During the past year, Los Alamos enhanced its Network Anomaly Detection and Intrusion Reporter (NADIR) to include analysis of user activity on Los Alamos` UNICOS Crays. In near real-time, NADIR compares user activity to historical profiles and tests activity against expert rules. The expert rules express Los Alamos` security policy and define improper or suspicious behavior. NADIR reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. This paper describes the implementation to date of the UNICOS component of NADIR, along with the operational experiences and future plans for the system.
Authors:
; ; ; ; ;  [1]
  1. Los Alamos National Lab., NM (United States). Computing, Information and Communications Div.
Publication Date:
OSTI Identifier:
119968
Report Number(s):
LA-UR--95-3330; CONF-9509232--3
ON: DE96001378; TRN: AHC29527%%111
DOE Contract Number:
W-7405-ENG-36
Resource Type:
Conference
Resource Relation:
Conference: Cray user group meeting, Fairbanks, AK (United States), 25-29 Sep 1995; Other Information: PBD: [1995]
Research Org:
Los Alamos National Lab., NM (United States)
Sponsoring Org:
USDOE, Washington, DC (United States)
Country of Publication:
United States
Language:
English
Subject:
99 MATHEMATICS, COMPUTERS, INFORMATION SCIENCE, MANAGEMENT, LAW, MISCELLANEOUS; CRAY COMPUTERS; SECURITY; COMPUTER NETWORKS; USES; MONITORING; ON-LINE SYSTEMS; EXPERT SYSTEMS; SUPERCOMPUTERS; AUTOMATION; AUDITS; DATA ANALYSIS; LANL; N CODES; DISTRIBUTED DATA PROCESSING