Title :
Detection of anomalous computer session activity
Author :
Vaccaro, H.S. ; Liepins, G.E.
Author_Institution :
Los Alamos Nat. Lab., NM, USA
Abstract :
The authors discusses Wisdom and Sense (W&S), a computer security anomaly detection system. W&S is statistically based. It automatically generates rules from historical data and, in terms of those rules, identifies computer transactions that are at variance with historically established usage patterns. Issues addressed include how W&S generates rules from a necessarily small sample of all possible transactions, how W&S deals with inherently categorical data, and how W&S assists system security officers in their review of audit logs. Preliminary results with W&S show that the software does periodically detect anomalies of high interest even in data though to be free of such events
Keywords :
DP management; security of data; Wisdom and Sense; anomalous computer session activity; audit logs; categorical data; historical data; rules; system security officers; usage patterns; Computer security; Computer viruses; Data security; Event detection; Humans; Information security; Invasive software; Laboratories; National security; Physics computing;
Conference_Titel :
Security and Privacy, 1989. Proceedings., 1989 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-1939-2
DOI :
10.1109/SECPRI.1989.36302
