A Unikernel is a special type of a Library OS. A library OS offer all of it's functionality as a libraries, typically linked into the application compile-time.
The distinction is not really clear, but originally when Anil Madhavapeddy coined the term Unikernel he meant a single threaded application, with everything running in single address space, using a library operating system created in a high level, type-safe language, running on a hypervisor.
It should be noted that the IncludeOS project doesn't strictly adhere to the definition. It is written in C++ which isn't type-safe, it supports multiple CPU-cores, threads and boots on bare metal hardware.
I've heard Anil characterize IncludeOS as a Unikernel so I guess he isn't too strict about it.
The motivations writing your application using a Unikernel varies, but mostly it is footprint (unikernels are tiny), performance (function call are faster than system calls) and security.
The gains in security comes from the nature of Unikernels. Unikernels are built as immutable. So if you are building a virtual firewall appliance with a Unikernel the firewall rules should be code and the firewall hardcoded to execute exactly that ruleset. This as opposed to a traditional monolithic kernel where the all the configuration is dynamic.
Unikernels aren't meant to be reconfigured. They are meant to be replaced. So they don't have the features to support reconfiguration which makes them hard to exploit.