fupids2 is a so-called human oriented IDS based on the FUPIDS project. fupids2 calculates an attacker level for every user on all Unix/Linux/BSD systems in the network. It looks at the behavior of the user (the programs the user uses, the daytime the user is active, the building and room the user uses, the part of the room in which the user sits, and so on) and reports if the user engages in behavior that is unusual for that person. This method can often detect accounts overtaken by attackers.
|Operating Systems||POSIX BSD OpenBSD Linux NetBSD Windows Cygwin Mac OS X FreeBSD Unix Solaris|
Release Notes: This release includes the 'day of the week' input in the calculation of the attacker level. It can detect accounts that are used on unusual days in this way.
Release Notes: This release adds a script that creates sorted HTML output of fupids2's logs. The logging system was improved.
Release Notes: The calculation system for the attacker level of users' behavior is now replaced by a calculation through a neural network.
Release Notes: Fupids should now run under win32 and Solaris.
Release Notes: The code now compiles under Mac OS without problems.