This is an excellent article, thank you! I still need to read you article a little closer, so maybe I missed this on the first scan, but it looks like Sebek might be used with a database of suspicious behavior to provide deep intrusion detection. Or I may be completely misunderstanding its capabilities.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1855/76#76