[ISN] AAFID released by COAST

From: mea culpa (jerichot_private)
Date: Sun Oct 04 1998 - 18:36:16 PDT

  • Next message: mea culpa: "[ISN] (MS98-014) RPC Spoofing Denial of Service"

    Forwarded From: zambonit_private, spaft_private
    	      The COAST Laboratory at Purdue University
    		  announces the alpha release of the
    			     AAFID system
    The COAST laboratory, a part of the CERIAS Center at Purdue
    University, is proud to announce the availability of the first public
    release of the AAFID (Autonomous Agents for Intrusion Detection)
    AAFID is a distributed monitoring and intrusion detection system that
    employs small stand-alone programs (Agents) to perform monitoring
    functions in the hosts of a network. AAFID uses a hierarchical
    structure to collect the information produced by each agent, by each
    host, and by each set of hosts, so as to be able to detect suspicious
    activity. It is important to note that AAFID is not by itself a
    network-based intrusion detection system. It provides the
    infrastructure for distributing monitoring tasks over many hosts. Some
    agents may implement network monitoring functions, while others may
    implement host monitoring functions.
    This is the first public release of the AAFID prototype. It is
    completely implemented in Perl 5, which makes it easier to run it in
    different platforms.
    This distribution includes:
    - Base classes for Monitors, Transceivers and Agents (Monitors and
      Transceivers are the top-level entities that oversee the operation
      of agents on a per-host and per-hostset basis -- this is explained
      in detail in the documentation).
    - A number of working Agents that perform different functions, and
      that allow you to run the system out-of-the-box.
    - A code generation tool that makes it easy to develop new agents, as
      well as documentation on how to use it.
    - A graphical interface to the system.
    - Documentation for the architecture, as well as for this
    We encourage interested parties to download the software, use it, and
    provide any feedback that you consider appropriate. In particular, we
    are interested in the following:
    - Success or failure stories about getting the system to run in
      different architectures, operating systems, and networks.
    - New agents that you develop and that may be of interest to other
    - New filters for different types of data.
    - Bug reports and fixes.
    - Suggestions for new features.
    - Comments on the documentation.
    - In general, any kind of feedback!
    The feedback we receive will be used to shape the next generation of
    tools based on the AAFID architecture. The current release works only
    on Unix systems, but we are planning a future release that will also
    run on Windows NT.
    We invite you to visit our WWW page for more information:
    or our FTP site to download the software:
    Please send any questions and feedback to
    Eugene Spafford & Diego Zamboni
    spaft_private, zambonit_private
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:10 PDT