Detection of Anomalous Computer Session Activity.

摘要

This paper describes recent Los Alamos National Laboratory (LANL) applications of research into automated anomaly detection. In the context of computer security, anomaly detection seeks to identify events shown in audit records that are inconsistent with routine operation and therefore may be indicative of an intrusion into the computer, serious human errors, or malicious behavior by a legitimate user. Access by an intruder, execution of 'Trojan horses' and 'viruses,' as well as malicious, destructive behavior are all assumed to produce anomalous events that are recorded in a computer audit trail. This trail, perhaps with augmented data collection capabilities, is processed, in real-time, to detect such events, alert a knowledgeable computer security officer to the threat, and help resolve the situation. 3 refs., 6 figs. (ERA citation 14:026170)