OpenBSD Gains "Fuzzy" User Profiling IDS

← Back to Stories (view on slashdot.org)

OpenBSD Gains "Fuzzy" User Profiling IDS

Posted by timothy on Tuesday December 9, 2003 @02:15PM from the and-who-the-hell-are-you dept.

NaveWeiss writes "According to the OpenBSD Journal, major work has been done on an innovative new OpenBSD feature termed 'fuzzy user profile' intrusion detection system' - or 'fupids.' According to Steffen Wendzel, the code 'creates profiles for every user who does an execve() syscall on obsd systems.'"

54 comments

Min score:

Reason:

Sort:

Re:Link? by OldMiner · 2003-12-09 14:43 · Score: 3, Informative

Oh, it really is hard to click on the link on the linked page, or, even worse, search Google for FUPIDS and find the page in, as he puts it, "my poor English". Pretty sparse on details when you get to it anyhow. Use the source, Luke.

--
You like splinters in your crotch? -Jon Caldara
Re:Link? by ejungle · 2003-12-09 17:51 · Score: 0, Troll

Here's your cookie, bitch.

--
Remember: umount it before you fsck it.
Courtest of Babelfish by thelaw · 2003-12-09 18:11 · Score: 3, Informative

FUPIDS (fuzzy user of profiles intrusion detection system) is a Patch for the OpenBSD -- Kernel. FUPIDS produces user profiles and supervises their activities. Momentarily is limited to the evaluation of the programs used by the user, however still by some intelligent ueberwachungsstrategien will extend. Which I still planned at nice features experience one as soon as I it programmed and/or for any reasons directly into the ton DO -- list on the project side wrote.

babelfish.

--
-- http://www.cerastes.org
1. Re:Courtest of Babelfish by Valar · 2003-12-10 14:13 · Score: 1
  
  Now if I only knew what 'ueberwachungsstrategien' was...
  
  --
  
  ====
  Crudely Drawn Games
2. Re:Courtest of Babelfish by chthonicdaemon · 2003-12-11 19:10 · Score: 2, Informative
  
  Looks like supervisory strategies to me (my german is not great).
  
  --
  Languages aren't inherently fast -- implementations are efficient
3. Re:Courtest of Babelfish by CableModemSniper · 2003-12-11 22:18 · Score: 1
  
  I would agree. (with as bad or worse german then you of course).
  
  --
  Why not fork?
4. Re:Courtest of Babelfish by vidnet · 2003-12-13 02:27 · Score: 1
  
  I'd agree too, with no german skills.
  
  German: ueber wachungs strategien
  English: over watching strategy
  (Latin-ish: super visio strategy)
  
  Yay for germanic languages!
...noexec/ro on partitions... by Hobart · 2003-12-09 18:25 · Score: 4, Interesting

Another good move along these lines, I think, might be to mount all partitions as noexec, and mount all the partitions with executable content as read-only...

--
o/~ Join us now and share the software ...
1. Re:...noexec/ro on partitions... by anthonyrcalgary · 2003-12-09 21:33 · Score: 2, Interesting
  
  That would be a major pita if they did it by default...
  
  --
  When someone might yell at me, it has to be OpenBSD.
2. Re:...noexec/ro on partitions... by irc.goatse.cx+troll · 2003-12-10 05:29 · Score: 0, Troll
  
  And you get to go singleuser every time you want to make a software upgrade.
  
  --
  Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
3. Re:...noexec/ro on partitions... by Anonymous Coward · 2003-12-10 07:37 · Score: 1, Funny
  
  Mmm, major pita...
4. Re:...noexec/ro on partitions... by tiger99 · 2003-12-11 07:34 · Score: 3, Interesting
  
  I wonder how that would compare to a well-known badly broken OS, where you can't even make some executable files, and dlls, RO without breaking everything. Keeping all the executable stuff in RO partitions has its attractions, if it is possible to work that way.
  Taking this a step further, if it was not for the performance problem, could you not just put the executables on a CD (in a read-only drive of course), which could be updated only by having physical access, and a suitably equipped PC with writer to to the update.
  Or, would this cause some undesireable effect as a result of configuring the OS to boot from CD?
  Thinking a bit more, how about putting the lot in flash with the write disabled in hardware (keyswitch for example)? Would that achieve the same effect, or at least something useful?
Does it log activity? by fuzzybunny · 2003-12-10 02:11 · Score: 3, Interesting

He mentions that it sets a threshhold of user activity, such as using too many new programs within a limited space of time.

Any indication that it does some sort of observation of user activity (think bayesian learning for spam filters) to build profiles which, if exceeded by too high a metric within too short a time, would also trigger a log error?

--
Cole's Law: Thinly sliced cabbage
OPENBSD is the best firewall OS ever! by Anonymous Coward · 2003-12-10 17:23 · Score: 0

Thank goodness for OPENBSD, we have set many customers up with OPENBSD firewalls. It allows us to charge for services while at the same time offer customers huge savings over commercial products.
Fupids is not in OpenBSD's tree by OttoM · 2003-12-11 00:17 · Score: 3, Informative

The summary suggests fupids is imported into the OpenBSD tree.
This is not true. Fupids is work by a single person, who is not an OpenBSD developer. At this point in time, nothing suggests it will be put into the OpenBSD tree.
NOT in the tree by Geekboy(Wizard) · 2003-12-11 05:12 · Score: 2, Informative

This code is not in the tree, and it doesn't look like it will be.
Yes, you are right by foobsr · 2003-12-12 14:54 · Score: 1

CC.

--
TaijiQuan (Huang, 5 loosenings)
BSD for Windows XP? by Anonymous Coward · 2003-12-12 17:25 · Score: 0

Is there a version of *BSD that works under WinXP? Please provide a BiTt0rReNt link to the installer. TIA!
PS It's WinXP Professional, no service packs installed.
1. Re:BSD for Windows XP? by Paleomacus · 2003-12-13 17:41 · Score: 2, Funny
  
  All I can say is -- HUH?
2. Re:BSD for Windows XP? by Guido+von+Guido · 2003-12-18 10:06 · Score: 1
  
  Troll/smartass remark.
3. Re:BSD for Windows XP? by mattjb0010 · 2003-12-21 18:27 · Score: 1
  
  Actually it's not quite as crazy it sounds. Cygwin is basically a Linux-esque environment running on top of a Windows kernel, the BSD layer in Mac OS X runs directly on top of the Mach-based microkernel (side-by-side with Aqua, not Aqua on top of BSD as many believe).
RIP by Anonymous Coward · 2003-12-14 22:21 · Score: 0

I close my eyes, only for a moment, and the moment's gone
All my dreams, pass before my eyes, a curiosity
Dust in the wind, all they are is dust in the wind.
Same old song, just a drop of water in an endless sea
All we do, crumbles to the ground, though we refuse to see

Dust in the wind, all we are is dust in the wind

[Now] Don't hang on, nothing lasts forever but the earth and sky
It slips away, and all your money won't another minute buy.

Dust in the wind, all we are is dust in the wind
Dust in the wind, everything is dust in the wind.