Fuzzy Userprofile IDS v2
fupids2 is a so-called human oriented IDS based on the FUPIDS project. fupids2 calculates an attacker level for every user on all Unix/Linux/BSD systems in the network. It looks at the behavior of the user (the programs the user uses, the daytime the user is active, the building and room the user uses, the part of the room in which the user sits, and so on) and reports if the user engages in behavior that is unusual for that person. This method can often detect accounts overtaken by attackers.
| Tags | Security Monitoring |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX BSD OpenBSD Linux NetBSD Windows Windows Cygwin Mac OS X FreeBSD Unix Solaris |
| Implementation | C++ |
Recent releases
- 15 Feb 2006 14:45
Changes: This release includes the 'day of the week' input in the calculation of the attacker level. It can detect accounts that are used on unusual days in this way.
- 03 Jan 2006 10:44
Changes: This release adds a script that creates sorted HTML output of fupids2's logs. The logging system was improved.
- 16 Dec 2005 11:23
Changes: The calculation system for the attacker level of users' behavior is now replaced by a calculation through a neural network.
- 09 Dec 2005 08:21
Changes: Fupids should now run under win32 and Solaris.
- 08 Dec 2005 11:22
Changes: The code now compiles under Mac OS without problems.
