ImSafe 0.2.2 review

Download
by rbytes.net on

ImSafe (Immune Security For your Enterprise) is a host-based intrusion detection tool

License: GPL (GNU General Public License)
File size: 0K
Developer: Laurent Eschenauer
0 stars award from rbytes.net

ImSafe (Immune Security For your Enterprise) is a host-based intrusion detection tool. After a learning phase, it is able to detect changes in processes behavior, to detect buffer overflows, etc. It is implemented through a device driver (as a kernel patch) for the Linux kernel, but can also be run on other UNIX systems by using a "sensor" built on strace base.

Here are some key features of "ImSafe":
Anomaly detection by analysing audit trails of system calls
Fast detection of Buffer Overflow Attacks through our call origin heuristic mecanism
GTK based graphical user interface
Created for Linux systems but works on almost every UNIX flavor
Monitor multiple processes of one single application at a time (it's enough for testing purposes)
React in real-time to an attack by executing the script of your choices

ImSafe 0.2.2 keywords