NADIR (Network Anomaly Detection and Intrusion Reporter): A prototype network intrusion detection system
The Network Anomaly Detection and Intrusion Reporter (NADIR) is an expert system which is intended to provide real-time security auditing for intrusion and misuse detection at Los Alamos National Laboratory's Integrated Computing Network (ICN). It is based on three basic assumptions: that statistical analysis of computer system and user activities may be used to characterize normal system and user behavior, and that given the resulting statistical profiles, behavior which deviates beyond certain bounds can be detected, that expert system techniques can be applied to security auditing and intrusion detection, and that successful intrusion detection may take place while monitoring a limited set of network activities such as user authentication and access control, file movement and storage, and job scheduling. NADIR has been developed to employ these basic concepts while monitoring the audited activities of more than 8000 ICN users.
- Research Organization:
- Los Alamos National Lab., NM (USA)
- Sponsoring Organization:
- USDOE; USDOE, Washington, DC (USA)
- DOE Contract Number:
- W-7405-ENG-36
- OSTI ID:
- 6192985
- Report Number(s):
- LA-UR-90-3726; CONF-910596-1; ON: DE91004823
- Resource Relation:
- Conference: IEEE symposium on research in security and privacy, Oakland, CA (USA), May 1991
- Country of Publication:
- United States
- Language:
- English
Similar Records
NADIR: A prototype system for detecting network and file system abuse
A phased approach to network intrusion detection