An automated computer misuse detection system for UNICOS
An effective method for detecting computer misuse is the automatic monitoring and analysis of on-line user activity. This activity is reflected in the system audit record, in the system vulnerability posture, and in other evidence found through active testing of the system. During the last several years we have implemented an automatic misuse detection system at Los Alamos. This is the Network Anomaly Detection and Intrusion Reporter (NADIR). We are currently expanding NADIR to include processing of the Cray UNICOS operating system. This new component is called the UNICOS Realtime NADIR, or UNICORN. UNICORN summarizes user activity and system configuration in statistical profiles. It compares these profiles to expert rules that define security policy and improper or suspicious behavior. It reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. The first phase of UNICORN development is nearing completion, and will be operational in late 1994.
- Research Organization:
- Los Alamos National Lab., NM (United States)
- Sponsoring Organization:
- USDOE, Washington, DC (United States)
- DOE Contract Number:
- W-7405-ENG-36
- OSTI ID:
- 10187083
- Report Number(s):
- LA-UR-94-3385; CONF-9410212-2; ON: DE95000929; TRN: 94:009263
- Resource Relation:
- Conference: Cray user`s group conference,Tours (France),10-14 Oct 1994; Other Information: PBD: 27 Sep 1994
- Country of Publication:
- United States
- Language:
- English
Similar Records
Misuse and intrusion detection at Los Alamos National Laboratory
A progress report on UNICOS misuse detection at Los Alamos