NADIR: An Automated System for Detecting Network Intrusions and Misuse*

Get BibTex-formatted data

Author

Judith Hochberg,Kathleen Jackson,Cathy Stallings,J. F. McClary,David DuBois,Josephine Ford

Entry type

article

Abstract

This paper describes a misuse detection system for Los Alamos National Laboratory's Integrated Computing Network (ICN). This automated expert system, the Network Anomaly Detection and Intrusion Reporter (NADIR), streamlines and supplements the manual audit record review traditionally performed by security auditors. NADIR compares network activity, as summarized in weekly profiles of individual users and the ICN as a whole, against expert rules that define security policy and improper or suspicious behavior. NADIR reports suspicious behavior to security auditors and provides tools to aid in follow-up investigations. This paper describes analysis by NADIR of two types of ICN activity: user authentication and access control, and mass file storage. It highlights system design issues of data handling, exploiting exsisting auditing systems, and performing audit analysis at the network level.

Date

1993 – May

Address

New York, NY 10010

Institution

Elsevier Science Publishers Ltd

Key alpha

Hochberg

Number

Pages

235-248

Volume

Publication Date

0000-00-00

Keywords

Computer security, intrusion detection, misuse detection, anomaly detection, expert systems

Location

A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Hochberg,
	title = "NADIR: An Automated System for Detecting Network Intrusions and Misuse*",
	author = "Judith Hochberg,Kathleen Jackson,Cathy Stallings,J. F. McClary,David DuBois,Josephine Ford",
	year = "1993",
	month = "May",
	address = "New York, NY 10010",
	institution = "Elsevier Science Publishers Ltd",
	number = "3",
	pages = "235-248",
	volume = "12",
	abstract = "This paper describes a misuse detection system for Los Alamos National Laboratory's
Integrated Computing Network (ICN). This automated expert system, the Network
Anomaly Detection and Intrusion Reporter (NADIR), streamlines and supplements the
manual audit record review traditionally performed by security auditors. NADIR
compares network activity, as summarized in weekly profiles of individual users and
the ICN as a whole, against expert rules that define security policy and improper
or suspicious behavior. NADIR reports suspicious behavior to security auditors
and provides tools to aid in follow-up investigations. This paper describes analysis
by NADIR of two types of ICN activity: user authentication and access control, and
mass file storage. It highlights system design issues of data handling, exploiting
exsisting auditing systems, and performing audit analysis at the network level.",
	keywords = "Computer security, intrusion detection, misuse detection, anomaly detection, expert systems",
}