(Page 10 of 12)   < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >

Category: Intrusion Detection » Network

Added 2001-10-22
by Christoph Schuba/Gene Spafford
Scan-detector is a simple detector for automated scans of TCP/ UDP ports on a host. It works by opening a socket on specified ports, and watches for a connection. When a connection is established, the host name, source port, destination host, destination port, and a number of other pieces of information are logged.

L0pht NFR IDS Modules
Added 2001-10-22
by Silicosis and Mudge
These are a number of IDS modules for NFR written by members of the L0pht.

AIM Automated Intrusion Monitoring System
Added 2001-10-22
by US Army
The Automated Intrusion Monitoring System - has been in development since June 1995 for the US Army and is intended to provide local and "theater-level" monitoring of computer attacks. The system is currently installed at the Army's 5th Signal Command in Worms, Germany and will be used to monitor Army computers scattered throughout Europe. AIMS is not available to the public.

AAFID - Autonomous Agents for Intrusion Detection
Added 2001-10-22
by Gene Spafford,Mikhail Atallah,David Cole,David Cole,Frederic Dumont,Joshua Gray,Benjamin Kuper
AAFID is a distributed monitoring and intrusion detection system that employs small stand-alone programs (Agents) to perform monitoring functions in the hosts of a network. AAFID uses a hierarchical structure to collect the information produced by each agent, by each host, and by each set of hosts, so as to be able to detect suspicious activity. It is important to note that AAFID is not by itself a network-based intrusion detection system. It provides the infrastructure for distributing monitoring tasks over many hosts. Some agents may implement network monitoring functions, while others may implement host monitoring functions. This is the second public release of the AAFID prototype. It is completely implemented in Perl 5, which makes it easier to run it in different platforms.

CSM (Cooperating Security Manager)
Added 2001-10-22
by Gregory White, Eric Fisch, Udo Pooch
The Cooperating Security Manager (CSM) is an intrusion detection system designed to be used in a distributed network environment. Developed at Texas A&M, this system runs on UNIX based systems connected to any size network. The goal of CSMs is to provide a system that can detect intrusive activity in a distributed environment without the use of a centralized director. A system with a central director coordinating all activity severely limits the size of the network. Instead of reporting significant network activity to a central director, the CSMs communicate among themselves to cooperatively detect anomalous activity.

DIDS (Distributed Intrusion Detection System)
Added 2001-10-22
by Steven R. Snapp , James Brentano , Gihan V. Dias, Terrance L. Goan, L. Todd Heberlein, Che-Lin Ho,
The risk intrusion detection system that aggregates audit reports from a collection of hosts on a single network. Unique to DIDS is its ability to track a user as he establishes connections across the network.

Emerald - Event Monitoring Enabling Response to Anomolous Live Disturbances
Added 2001-10-22
by SRI International, Phillip A. Porras, Peter G. Neumann
EMERALD, a scalable surveillance and response architecture for large distributed networks. The architecture is novel in its use of highly distributed, independently tunable, surveillance and response monitors that are deployed at various abstract layers in the network. EMERALD's analysis scheme is hierarchically layered and extensible, providing a range of security coverage from the localized analysis of key domain services and assets, to coordinated global attacks against multiple domains and network infrastructure. EMERALD targets external threat agents who attempt to subvert or bypass network interfaces and controls to gain unauthorized access to domain resources. In addition, EMERALD provides a framework for correlating the results from its distributed analyses to provide a global detection and response capability to network-wide coordinated attacks. EMERALD represents a considerable extension to past research and development in anomaly and misuse detection to accommodate the monitoring of large distributed systems and networks. Because the real-time analysis itself can be distributed and applied where most effective at different layers of abstraction, EMERALD has significant advantages over more centralized approaches in terms of event detectability and response capabilities, and yet can be computationally realistic. It is intended to detect not only local attacks, but also coordinated attacks such as distributed denials of service or repeated patterns of attack against multiple domains. The EMERALD design addresses interoperability within its own scope, and in so doing enables its interoperability with other analysis platforms as well. Its inherent generality and flexibility in terms of what is being monitored and how the analysis is accomplished suggest that EMERALD can be readily adapted to evolving threats as the system and network infrastructure change.

GrIDS - Graphic Intrusion Detection System
Added 2001-10-22
by The GrIDS project is part of UC Davis's Intrusion Detection for Large Networks project, which is fun
GrIDS is designed to detect large-scale automated attacks on networked systems. The mechanism that we propose is to build activity graphs which approximately represent the causal structure of large scale distributed activities. The nodes of an activity graph correspond to hosts in a system, while edges in the graph correspond to network activity between those hosts. Activity in a monitored network causes graphs representing that activity to be built. These graphs are then compared against known patterns of intrusive or hostile activities, and if they look similar a warning (or perhaps a reaction) is generated.

IDIOT - Intrusion Detection In Our Time
Added 2001-10-22
by Sandeep Kumar - Purdue University
IDIOT is Intrusion Detection In Our Time, a project to develop a new approach to efficient misuse detection methods. This work was started by Sandeep Kumar, who recently completed his Ph.D. He designed a new method of employing complex pattern matching to intrusion signatures. His design made use of a new classification of intrusion methods based on complexity of matching and temporal characteristics. He also designed a generic matching engine based on colored Petri nets.

ISOA (Information Security Officer's Assistant)
Added 2001-10-22
by Planning Research Corp.
PRC's Information Security Officer's Assistant (ISOA) is a state-of-the-art system for monitoring security relevant behavior in computer networks. The ISOA serves as the central point for real-time collection and analysis of audit information. When an anomalous situation is identified, associated indicators are triggered. The ISOA automates analysis of audit trails, allowing indications and warnings of security threats to be generated in a timely manner so that threats can be countered. ISOA allows a single designated workstation to perform automated security monitoring, analysis, and warning

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus