ImSafe (Immune Security For your Enterprise) is a host-based intrusion detection tool.
ImSafe (Immune Security For your Enterprise) is a host-based intrusion detection tool. After a learning phase, it is able to detect changes in processes behavior, to detect buffer overflows, etc. It is implemented through a device driver (as a kernel patch) for the Linux kernel, but can also be run on other UNIX systems by using a "sensor" built on strace base.
- Anomaly detection by analysing audit trails of system calls
- Fast detection of Buffer Overflow Attacks through our call origin heuristic mecanism
- GTK based graphical user interface
- Created for Linux systems but works on almost every UNIX flavor
- Monitor multiple processes of one single application at a time (it's enough for testing purposes)
- React in real-time to an attack by executing the script of your choices