A progress report on UNICOS misuse detection at Los Alamos
An effective method for detecting computer misuse is the automatic monitoring and analysis of on-line user activity. During the past year, Los Alamos enhanced its Network Anomaly Detection and Intrusion Reporter (NADIR) to include analysis of user activity on Los Alamos` UNICOS Crays. In near real-time, NADIR compares user activity to historical profiles and tests activity against expert rules. The expert rules express Los Alamos` security policy and define improper or suspicious behavior. NADIR reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. This paper describes the implementation to date of the UNICOS component of NADIR, along with the operational experiences and future plans for the system.
- Los Alamos National Lab., NM (United States). Computing, Information and Communications Div.
- Publication Date:
- OSTI Identifier:
- Report Number(s):
- LA-UR--95-3330; CONF-9509232--3
ON: DE96001378; TRN: AHC29527%%111
- DOE Contract Number:
- Resource Type:
- Resource Relation:
- Conference: Cray user group meeting, Fairbanks, AK (United States), 25-29 Sep 1995; Other Information: PBD: 
- Research Org:
- Los Alamos National Lab., NM (United States)
- Sponsoring Org:
- USDOE, Washington, DC (United States)
- Country of Publication:
- United States
- 99 MATHEMATICS, COMPUTERS, INFORMATION SCIENCE, MANAGEMENT, LAW, MISCELLANEOUS; CRAY COMPUTERS; SECURITY; COMPUTER NETWORKS; USES; MONITORING; ON-LINE SYSTEMS; EXPERT SYSTEMS; SUPERCOMPUTERS; AUTOMATION; AUDITS; DATA ANALYSIS; LANL; N CODES; DISTRIBUTED DATA PROCESSING
Enter terms in the toolbar above to search the full text of this document for pages containing specific keywords.