Fupids2 is a human-oriented intrusion detection system that utilizes the FUPIDS project. It focuses on detecting aberrant user behavior to improve security measures.
FUPIDS has now been upgraded to fupids2 with more advanced features to offer. It is capable of calculating the "attacker level" for every user on all linux/bsd and hopefully unix systems within the network. Unlike FUPIDS, fupids2 not only utilizes the tool-using-behavior of every user but also has knowledge of their preferred buildings and rooms. It even detects where the user likes to sit, either near the window, near the floor or the backside of the workstation-room. Furthermore, this software knows at what times users are usually logged in, and all these factors are included in the calculation of the attacker level.
Some key features of Fuzzy Userprofile IDS include the ability to alert administrators via syslog if the attacker levels become too high, using its own logfile too. Another feature is that FUPIDS has a profile of used programs for every user, and if an attacker takes over an account, the attacker level will increase if there is a sudden surge in program usage. Fupids2 has an improved attacker-level calculation system (beta) that accounts for the following factors, in addition to program usage:
- The time when users are usually logged in
- The building, etage, and room the user is usually logged in from
- The user's preferred sitting position, whether near the window, in the middle, or near the floor side of the room
Fupids2 now has increased capabilities, being able to collect network-wide data using the client-shellscript and ssh. Additionally, this release includes the 'day of the week' input which FUPIDS lacked, making it more effective in detecting accounts being used on unusual days.
In conclusion, fupids2 is an excellent software tool to use for intrusion detection since it effectively calculates attacker levels, giving ample warning to administrators in case of any security breaches. Despite still being in beta, this software guarantees more features and improved capabilities that are sure to provide a more efficient way of recognizing intrusions.
Version 0.8.5: N/A