UNICORN - Unicos Realtime NADIR

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: John A. Morrison: "Re: Timeline description of IDS"
• Previous message: Gene Spafford: "Re: Seeking details on KM"

URL: http://www.c3.lanl.gov/~mcn/unicorn.html

UNICORN - Unicos Realtime NADIR

NADIR (which stands for Network Anomaly Detector and Intrusion
Report) was one of the first automated intrusion detection systems
designed and implemented. Originally it was designed to accept
audit logs from a Los Alamos network security controller running
a homegrown version of Kerberos.

This year it was decided to expand NADIR to be more general
and more powerful. The result is UNICORN--Unicos Realtime
NADIR. Unicorn will accept audit logs from Unicos (Cray Unix),
Kerberos, and our common file system, then analyze them and
attempt to detect intruders in realtime. Because Unicorn was
designed for Kerberos and Unix, the design can be applied to
many other network configurations.


Documents Produced:

At some point, there'll be links here to the multitude of papers
on NADIR and Unicorn. Most recently, Unicorn was presented at
the 1994 Cray Users' Group meeting in Tours, France.


Mike Neuman (mcn@lanl.gov) 

• Next message: John A. Morrison: "Re: Timeline description of IDS"
• Previous message: Gene Spafford: "Re: Seeking details on KM"