Release of version 0.10 of the AAFID2 prototype.
This announcement was released on September 7, 1999, during
the RAID'99
workshop.
The Center for Education and Research in Information Assurance and Security
(CERIAS)
of Purdue University
announces version 0.10 (second alpha release) of the
AAFID2 system
The COAST laboratory, a part of the CERIAS at Purdue University, is proud to
announce the availability of the second public release of the
AAFID(tm) (Autonomous Agents for Intrusion Detection) system: AAFID2
version 0.10.
AAFID is a distributed monitoring and intrusion detection system that
employs small stand-alone programs (Agents) to perform monitoring
functions in the hosts of a network. AAFID uses a hierarchical
structure to collect the information produced by each agent, by each
host, and by each set of hosts, so as to be able to detect suspicious
activity. It is important to note that AAFID is not by itself a
network-based intrusion detection system. It provides the
infrastructure for distributing monitoring tasks over many hosts. Some
agents may implement network monitoring functions, while others may
implement host monitoring functions.
This is the second public release of the AAFID prototype. It is
completely implemented in Perl 5, which makes it easier to run it in
different platforms.
This distribution includes:
- Base classes for Monitors, Transceivers, Agents and Filters
(Monitors and Transceivers are the top-level entities that oversee
the operation of agents and filters on a per-host and per-hostset
basis -- this is explained in detail in the documentation).
- A number of working Agents that perform different functions, and
that allow you to run the system out-of-the-box.
- A number of working Filters that perform data collection from
different sources, and that can be used with your own agents.
- A code generation tool that makes it easy to develop new agents, as
well as documentation on how to use it.
- A graphical interface to the system.
- Documentation for the architecture, as well as for this
implementation.
We encourage interested parties to download the software, use it, and
provide any feedback that you consider appropriate. In particular, we
are interested in the following:
- Success or failure stories about getting the system to run in
different architectures, operating systems, and networks.
- New agents that you develop and that may be of interest to other
people.
- New filters for different types of data.
- Bug reports and fixes.
- Suggestions for new features.
- Comments on the documentation.
- In general, any kind of feedback!
The feedback we receive will be used to shape the next generation of
tools based on the AAFID architecture. The current release works only
on Unix systems, but we are working on porting it to Windows NT.
We invite you to visit our WWW page for more information:
http://www.cs.purdue.edu/coast/projects/aafid.html
or our FTP site to download the software:
ftp://coast.cs.purdue.edu/pub/COAST/tools/AAFID/
Please read the COPYRIGHT file included in the distribution before
using. In particular, please note that by using the code you are
required to provide us feedback about your experiences with it!
Please send any questions and feedback to aafid-feedback@cs.purdue.edu.
Enjoy,
Diego Zamboni & Eugene Spafford
zamboni@cerias.purdue.edu, spaf@cerias.purdue.edu
AAFID is a trademark of the Purdue Research Foundation. All rights
reserved.
CERIAS Autonomous Agents for Intrusion Detection Group
Last modified: Tue Sep 7 01:07:34 EST 1999
Return to COAST homepage