Enhancing NCSA's Host-based IDS

Host-based intrustion detection systems (IDSs) are used to detect changes to key files on a host that could indicate an intrusion has occurred. NCSA currently uses the open-source TripWire software for this task. While TripWire has been very useful at NCSA, it has limitations that cause it to have a high false positive rate which consumes a large amount of time of the production security staff.

The goal of this project is to evaluate requirements for host-based IDS and implement a replace for, or enhancements to, TripWire to reduce the false positive rate and maintainence overhead in general.

Project Staff:

• Neil Gorsuch
• Von Welch

This project is funded under the NCSA NSF core program plan.