Saint Jude
by Tim Lawless
Platforms: Linux, Solaris, SunOS
Categories: Auditing, Host, Host, Intrusion Detection, Solaris, System Security Management
Version: v0.10 (Solaris)
Saint Jude is a wholly kernel-based intrusion detection and intrusion response system that implements the Saint Jude Model for detection of improper privilege transitions. Saint Jude can detect the presence of ongoing and successful attacks, from sources both local and remote, that would yield root-level access to the attacking individual. Detection is performed using a rule-based anomaly detector that uses a model of normal system behavior that is generated on the protected machine during a training phase. By comparing actual actions against a fully developed model, it is possible to detect attacks against vulnerabilities that are both known and unknown with no false positives or negatives.

Comments Mode:


Privacy Statement
Copyright 2010, SecurityFocus