[LWN Logo]

Date: Sun, 4 Oct 1998 19:36:16 -0600 (MDT)
From: mea culpa <jericho@dimensional.com>
To: InfoSec News <isn@repsec.com>
Subject: [ISN] AAFID released by COAST 


Forwarded From: zamboni@cs.purdue.edu, spaf@cs.purdue.edu

----------------------------------------------------------------------
	      The COAST Laboratory at Purdue University
		  announces the alpha release of the
			     AAFID system
----------------------------------------------------------------------

The COAST laboratory, a part of the CERIAS Center at Purdue
University, is proud to announce the availability of the first public
release of the AAFID (Autonomous Agents for Intrusion Detection)
system.

AAFID is a distributed monitoring and intrusion detection system that
employs small stand-alone programs (Agents) to perform monitoring
functions in the hosts of a network. AAFID uses a hierarchical
structure to collect the information produced by each agent, by each
host, and by each set of hosts, so as to be able to detect suspicious
activity. It is important to note that AAFID is not by itself a
network-based intrusion detection system. It provides the
infrastructure for distributing monitoring tasks over many hosts. Some
agents may implement network monitoring functions, while others may
implement host monitoring functions.

This is the first public release of the AAFID prototype. It is
completely implemented in Perl 5, which makes it easier to run it in
different platforms.

This distribution includes:

- Base classes for Monitors, Transceivers and Agents (Monitors and
  Transceivers are the top-level entities that oversee the operation
  of agents on a per-host and per-hostset basis -- this is explained
  in detail in the documentation).

- A number of working Agents that perform different functions, and
  that allow you to run the system out-of-the-box.

- A code generation tool that makes it easy to develop new agents, as
  well as documentation on how to use it.

- A graphical interface to the system.

- Documentation for the architecture, as well as for this
  implementation.

We encourage interested parties to download the software, use it, and
provide any feedback that you consider appropriate. In particular, we
are interested in the following:

- Success or failure stories about getting the system to run in
  different architectures, operating systems, and networks.

- New agents that you develop and that may be of interest to other
  people.

- New filters for different types of data.

- Bug reports and fixes.

- Suggestions for new features.

- Comments on the documentation.

- In general, any kind of feedback!

The feedback we receive will be used to shape the next generation of
tools based on the AAFID architecture. The current release works only
on Unix systems, but we are planning a future release that will also
run on Windows NT.

We invite you to visit our WWW page for more information:
	http://www.cs.purdue.edu/coast/projects/autonomous-agents.html
or our FTP site to download the software:
	ftp://coast.cs.purdue.edu/pub/COAST/tools/AAFID/

Please send any questions and feedback to
aafid-feedback@cs.purdue.edu.

Enjoy,
--
Eugene Spafford & Diego Zamboni
spaf@cs.purdue.edu, zamboni@cs.purdue.edu

-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]