ImSafe (Immune Security For your Enterprise) is a host-based intrusion detection tool. After a learning phase, it is able to detect changes in processes behavior, to detect buffer overflows, etc. It is implemented through a device driver (as a kernel patch) for the Linux kernel, but can also be run on other UNIX systems by using a "sensor" built on strace base.
Here are some key features of "ImSafe":
· Anomaly detection by analysing audit trails of system calls
· Fast detection of Buffer Overflow Attacks through our call origin heuristic mecanism
· GTK based graphical user interface
· Created for Linux systems but works on almost every UNIX flavor
· Monitor multiple processes of one single application at a time (it's enough for testing purposes)
· React in real-time to an attack by executing the script of your choices