UNICORN: Misuse detection for UNICOS

PDF Version Also Available for Download.

Description

An effective method for detecting computer misuse is the automatic auditing and analysis of on-line user activity. This activity is reflected in the system audit record, by changes in the vulnerability posture of the system configuration, and in other evidence found through active testing of the system. In 1989 we started developing an automatic misuse detection system for the Integrated Computing Network (ICN) at Los Alamos National Laboratory. Since 1990 this system has been operational, monitoring a variety of network systems and services. We call it the Network Anomaly Detection and Intrusion Reporter, or NADIR. During the last year and ... continued below

Physical Description

22 p.

Creation Information

Christoph, G.G; Jackson, K.A.; Neuman, M.C.; Siciliano, C.L.B.; Simmonds, D.D.; Stallings, C.A. et al. March 29, 1995.

Context

This article is part of the collection entitled: Office of Scientific & Technical Information Technical Reports and was provided by UNT Libraries Government Documents Department to Digital Library, a digital repository hosted by the UNT Libraries. It has been viewed 14 times . More information about this article can be viewed below.

Who

People and organizations associated with either the creation of this article or its content.

Sponsor

Publisher

Provided By

UNT Libraries Government Documents Department

Serving as both a federal and a state depository library, the UNT Libraries Government Documents Department maintains millions of items in a variety of formats. The department is a member of the FDLP Content Partnerships Program and an Affiliated Archive of the National Archives.

Contact Us

What

Descriptive information to help identify this article. Follow the links below to find similar items on the Digital Library.

Description

An effective method for detecting computer misuse is the automatic auditing and analysis of on-line user activity. This activity is reflected in the system audit record, by changes in the vulnerability posture of the system configuration, and in other evidence found through active testing of the system. In 1989 we started developing an automatic misuse detection system for the Integrated Computing Network (ICN) at Los Alamos National Laboratory. Since 1990 this system has been operational, monitoring a variety of network systems and services. We call it the Network Anomaly Detection and Intrusion Reporter, or NADIR. During the last year and a half, we expanded NADIR to include processing of audit and activity records for the Cray UNICOS operating system. This new component is called the UNICOS Real-time NADIR, or UNICORN. UNICORN summarizes user activity and system configuration information in statistical profiles. In near real-time, it can compare current activity to historical profiles and test activity against expert rules that express our security policy and define improper or suspicious behavior. It reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. UNICORN is currently operational on four Crays in Los Alamos` main computing network, the ICN.

Physical Description

22 p.

Notes

OSTI as DE95009488

Source

  • ACM/IEEE-CS supercomputing conference, San Diego, CA (United States), 4-8 Dec 1995

Language

Item Type

Identifier

Unique identifying numbers for this article in the Digital Library or other systems.

  • Other: DE95009488
  • Report No.: LA-UR--95-1108
  • Report No.: CONF-951207--3
  • Grant Number: W-7405-ENG-36
  • Office of Scientific & Technical Information Report Number: 114493
  • Archival Resource Key: ark:/67531/metadc620819

Collections

This article is part of the following collection of related materials.

Office of Scientific & Technical Information Technical Reports

Reports, articles and other documents harvested from the Office of Scientific and Technical Information.

Office of Scientific and Technical Information (OSTI) is the Department of Energy (DOE) office that collects, preserves, and disseminates DOE-sponsored research and development (R&D) results that are the outcomes of R&D projects or other funded activities at DOE labs and facilities nationwide and grantees at universities and other institutions.

What responsibilities do I have when using this article?

When

Dates and time periods associated with this article.

Creation Date

  • March 29, 1995

Added to The UNT Digital Library

  • June 16, 2015, 7:43 a.m.

Description Last Updated

  • March 1, 2016, 2:09 p.m.

Usage Statistics

When was this article last used?

Yesterday: 0
Past 30 days: 1
Total Uses: 14

Interact With This Article

Here are some suggestions for what to do next.

Start Reading

PDF Version Also Available for Download.

Citations, Rights, Re-Use

Christoph, G.G; Jackson, K.A.; Neuman, M.C.; Siciliano, C.L.B.; Simmonds, D.D.; Stallings, C.A. et al. UNICORN: Misuse detection for UNICOS, article, March 29, 1995; New Mexico. (digital.library.unt.edu/ark:/67531/metadc620819/: accessed November 18, 2017), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT Libraries Government Documents Department.