Michael Sobirey's Intrusion Detection Systems page

- Currently 92 host- and network based Intrusion Detection (& Response) Systems -

Remark: This list contains no (filesystem based) integrity checker and no honeypots.

AAFID . ACME! . ADS . AFJ . AID . AIMS . ALERT-PLUS . ALVA . APA . ARMD . ARMOR . ASAX . ASIM . AudES . BlackICE . Bro . Centrax . CERN-NSM . Cisco Secure IDS . CMDS . ComputerWatch . CSM . CyberCop Monitor . CyberTrace . DEC . DIDS . Discovery . DPEM . Dragon . DRISC . EASEL . EMERALD . ERIDS . ESSENSE . eTrust ID . FW-1 specific NID . GASSATA . GrIDS . Haystack . HAXOR . Hummer . Hyperview . IDA(1) . IDA(2) . IDA(3) . IDEAS . IDES . IDIOT . ID-Trak . Inspect . INTOUCH INSA . ISM . ISOA . ITA . JiNao . KSE . KSM . MIDAS . MIDS . NADIR . NAURS . NetProwler . NetStalker . NetSTAT . NFR . NID . NIDAR . NIDES . NIDX . NSM . PDAT . PRéCis . ProxyStalker . POLYCENTER Security ID . RealSecure . RETISS . RID . SecureNet PRO . SecureSwitch . SHADOW . SIDS . Snort . Stake Out . Stalker . TIM . Tivoli Cross-Site for Security . TRW-IDS . T-sight . UNICORN . USTAT . VisionIDS . WebStalker . W&S

AAFID

http://www.cs.purdue.edu/coast/projects/autonomous-agents.html

bibliography

ACME!
http://www.acme.ibilce.unesp.br/
University of Sao Paulo, Brazil

ADS (Attack Detection System)
University College Dublin, Ireland
bibliography

AFJ (Anzen Flight Jacket)
http://www.anzen.com/afj
Anzen Computing Inc., Washington
Special thanks to Allen Leibowitz (Anzen) for this addition.

AID (Adaptive Intrusion Detection system)
http://www-rnks.informatik.tu-cottbus.de/~sobirey/aid.e.html
Brandenburg University of Technology at Cottbus, Germany
bibliography

AIMS (Automated Intrusion Monitoring System)
http://www.access.gpo.gov ...
U.S. Army

ALERT-PLUS/ Protect 2000
http://www.compsec.com/html/products_and_services.html
Computer Security Products Inc., Mississauga, Canada

ALVA (Audit Log Viewer and Analyzer)
General Electric, Schenectady, New Jersey
bibliography

APA (Automated Penetration Analysis tool)
University of Maryland at College Park
bibliography

ARMD (Adaptable Real-time Misuse Detection)
http://www.isse.gmu.edu/~jllin/system/
George Mason University, Fairfax, VA
Special thanks to Jerome Carrere (CERT-ONERA, France) for this addition.

ARMOR (Adaptive Risk Management, Oberservation, and Response System)
http://www.hiverworld.com/armor.ice
Hiverworld, Inc.

ASAX (Advanced Security audit trail Analyzer on uniX)
http://www.info.fundp.ac.be/~amo/publications.html
http://www.ja.net/CERT/Software/asax/
University of Namur, Belgium
bibliography

ASIM (Automated Security Incident Measurement)
http://www.access.gpo.gov ...
U.S. Air Force Information Warfare Center and Trident Systems

AudES (Audit based Expert System)
IBM Los Angeles Scientific Center, Colorado, California
bibliography

BlackICE
http://www.networkice.com/html/products.html
Network ICE Corp., San Mateo, California
Special thanks to Robert David Graham for this addition.

Bro
http://www-nrg.ee.lbl.gov/nrg-papers.html
Lawrence Berkeley National Laboratory, Berkeley, California
Special thanks to Marc Heuse (now KPMG, Germany) for this addition.

formerly known as eNTrax
Centrax
http://www.cybersafe.com/solutions/centrax.html
Centrax Corp., San Diego, CA; now CyberSafe
Special thanks to Roland Muller (secunet Inc.) and Paul Proctor (Cybersafe Corp.) for this addition.

CERN-NSM (Network Security Monitor)
http://www.zurich.ibm.com/pub/Other/RAID/Prog_RAID98/Full_Papers/moroni_manual.html
CERN, Geneva, Switzerland

Cisco Secure IDS
formerly NetRanger
http://www.cisco.com/warp/public/cc/cisco/mkt/security/nranger/prodlit/netra_ds.htm
Cisco Systems, Inc., San Jose, TX

CMDS (Computer Misuse Detection System)
formerly: http://www.ods.com/security/products/newcmds1.shtml
ODS Networks, Inc. Richardson, Texas
bibliography
Special thanks to John Jacobi for the last news concerning CMDS.

ComputerWatch
http://www.att.com/press/0293/930202.fsa.html
http://www.att.com/press/1192/921116.fsa.html
AT&T Bell Laboratories, Whippany, New Jersey
bibliography

CSM (Cooperating Security Manager)
(formerly http://www.cs.tamu.edu/people/efisch/)
US Air Force Academy, Colorado Springs, Colorado
Texas A&M University, College Station, Texas
bibliography

CyberCop Monitor
http://www.pgp.com/asp_set/products/tns/ccmonitor_intro.asp
Network Associates International

CyberTrace
http://www.cybertrace.com/ctids.html
Ryan Net Works, LLC Fairfax, VA
Special thanx to Thomas Piergallini (Ryan Net Works) for this addition.

DECinspect Intrusion Detector
Digital Equipment Corporation, Merrimack, New Hampshire
bibliography

DIDS (Distributed Intrusion Detection System)
http://seclab.cs.ucdavis.edu/
University of California at Davis
bibliography

Discovery
TRW, Orange, California
bibliography

DPEM (Distributed Program Execution Monitor)
http://seclab.cs.ucdavis.edu/~ko/papers/thesis.ps
University of California at Davis
bibliography
Special thanks to Jerome Carrere (CERT-ONERA, France) for this addition.

Dragon
http://www.securitywizards.com/
Network Security Wizards
Special thanks to Jimmy Alderson for the link correction.

DRISC (Detect and Recover Intrusion using System Critically)
Information Intelligence Science, Inc., Aurora, Colorado
bibliography

EASEL (???)
formerly: http://www.sac.navy.mil/idresources
US Naval Special Action Office

EMERALD (Event Monitoring Enabling Responses to Anomalous Live Disturbances)
http://www2.csl.sri.com/emerald/index.html
further development of NIDES
SRI International, Menlo Park, CA
bibliography

ERIDS (External Routing Intrusion Detection System)
http://www.ir.bbn.com/projects/erids/erids-index.html
BBN Systems and Technologies

ESSENSE
Digital Equipment Corporation, Marlboro, Massachusetts
bibliography

eTrust Intrusion Detection
formerly SessionWall-3
http://www.cai.com/solutions/enterprise/etrust/intrusion_detection/
Computer Associates International, Inc., Islandia, NY, USA
Special thanks to Oliver Munchow (Inter-Networking AG, Switzerland) for this addition.

(FW-1 specific Network Intrusion Detector)
Lance Spitzner
http://www.enteract.com/~lspitz/intrusion.html
Special thanx to Jim Hutchison for this addition.

GASSATA (Genetic Algorithm for Simplified Security Audit Trail Analysis)
http://www.supelec-rennes.fr/rennes/si/equipe/lme/these/these-lm.html
SUPELEC, Cesson Sevigne, France
bibliography

GrIDS (Graph-based Intrusion Detection System)
http://olympus.cs.ucdavis.edu/arpa/grids/welcome.html
University of California at Davis
bibliography

Haystack
Tracor Applied Sciences, Inc. (later Haystack Labs, Inc.), Austin, Texas
bibliography

HAXOR
now part of Tivoli's Cross-Site
IBM Watson Research Laboratory, Nawthorne, NY

Hummer
www.cs.uidaho.edu/~hummer
University of Idaho

Hyperview
Search in the archive of the IDS mailing list.
CS Telecom, Groupe CSEE, Paris, France
bibliography

IDA (Intrusion Detection Alert)
Motorola, Rolling Meadows, Illinois
bibliography

IDA (Intrusion Detection and Avoidance system)
http://agn-www.informatik.uni-hamburg.de/people/fischer/eng.htm
University of Hamburg, Germany
bibliography

IDA(3) (Intrusion Detection Agents Systems)
http://www.ipa.go.jp/STC/IDA/index.html
Information-technology Promotion Agency, Japan
Special thanx to Cedric Michel (SUPELEC, Rennes) for this addition.

IDEAS (Intrusion Detection & Alerting System)
secunet Security Networks AG, Dresden, Germany

IDES (Intrusion Detection Expert System)
http://www.csl.sri.com/intrusion.html http://www.csl.sri.com/trlist3.html#1992
SRI International, Menlo Park, California
bibliography

IDIOT (Intrusion Detection In Our Time (-IDS))
http://www.cerias.purdue.edu/coast/coast-tools.html
ftp://coast.cs.purdue.edu/pub/doc/intrusion_detection/IDIOT_Users_Guide.ps
Purdue University, West Lafayette, Indiana
bibliography
Special thanks to Stuart Staniford-Chen (UC Davis) for this addition.

ID-Trak
http://www.axent.com/Axent/Products/Framesection
(formerly: http://www.internettools.com)
Internet Tools, Inc., Fremont, California; now AXENT

Inspect
CEFRIEL, Milano, Italy
bibliography

INTOUCH INSA - Network Security Agent
http://www.ttisms.com/tti/nsa_www.html
Touch Technologies, Inc.

ISM (Internetwork Security Monitor)
University of California at Davis
bibliography

ISOA (Information Security Officer's Assistent)
Planning Research Corp., Inc., Mc Lean, Virginia
bibliography

Intruder Alert
http://www2.axent.com/product/smsbu/ITA/default.htm
AXENT Technologies, Inc., Rockville, MD

JiNao
http://www.mcnc.org
MCNC, Research Triangle Park, NC

KSE (Kane Security Enterprise)
further development of CMDS
http://www.intrusion.com/Products/enterprise.shtml
Intrusion.com, Inc., New York, NY
Special thanks to Billy Austin (Intrusion.com) for this addition.

KSM (Kane Security Monitor)
http://www.intrusion.com/Products/monitor.shtml
Intrusion Detection, Inc., New York, NY

MIDAS (Multics Intrusion Detection and Alerting System)
National Computer Security Center, Ft. Meade, Maryland
SRI International, Menlo Park, California
bibliography

MIDS (Master Intrusion Detection System)
http://seclab.cs.ucdavis.edu/projects/idip.html
University of California at Davis
Special thanks to Jerome Carrere (ONERA CERT, France) for this addition.

NADIR (Network Anomaly Detector and Intrusion Reporter)
http://seclab.cs.ucdavis.edu/cmad/4-1996/session2.html
Los Alamos National Laboratory, New Mexico
bibliography

NAURS (Network Auditing Usage Reporting System)
SRI International, Menlo Park, California
bibliography

NetProwler
http://www2.axent.com/product/netprowler/default.htm
AXENT Technologies, Inc., Rockville, MD
Special thanks to Waltina Stanton-DiPaolo for this addition.

NetStalker
(formerly: http://www.haystack.com/netstalk.htm)
Haystack Laboratories, Inc., later TIS, now NAI

NetSTAT (Network-based State Transition Analysis Tool)
http://www.cs.ucsb.edu/~kemm/netstat.html/projects.html
further development of USTAT
University of California at Santa Barbara

NFR (Network Flight Recorder)
http://www.nfr.net
Network Flight Recorder, Inc.

NID (Network Intrusion Detector)
further development of NSM
http://ciac.llnl.gov/cstc/nid/nid.html
Lawrence Livermore National Laboratory

NIDAR
DSO National Laboratories, Singapore

NIDES (Next-generation Intrusion Detection Expert System)
further development of IDES
http://www2.csl.sri.com/nides/index.html
SRI International, Menlo Park, California
bibliography

NIDX (Network Intrusion Detection eXpert system)
Bell Communications Research, Inc., Piscataway, New Jersey
bibliography

NSM (Network Security Monitor)
University of California at Davis
bibliography

PDAT (Protocol Data Analysis Tool)
Siemens AG, Munich, Germany
bibliography

PRéCis
http://www.bellevue.prc.com/precis/
Litton PRC, McLean, VA
Special thanks to Jerry Freeman (PRC) for this addition.

ProxyStalker for NT
Haystack Laboratories, Inc.; later Trusted Information Systems

POLYCENTER Security Intrusion Detector
further development of DECinspect Intrusion Detector
http://www.digital.com/info/security/id.htm
Digital Equipment Corporation, now COMPAQ

RealSecure
http://www.iss.net/prod/rs.html
http://solutions.iss.net/products/rsecure/
Internet Security Systems, Inc., Atlanta, Georgia
Special thanks to David J. Meltzer (ISS) for this addition.

RETISS (REal-TIme expert Security System)
Universita di Milano, Italia
bibliography

RID (Reactive Intrusion Detection for Gauntlet Firewalls)
http://http://www.lurhq.com/rid/rid20info.pdf
LURHQ Corp., Conway, SC

SecureNet PRO
http://www.mimestar.com
MimeStar, Inc., Blacksburg, VA
Special thanks to Birk Richter (BTU Cottbus) for this addition.

SecureSwitch
http://www.ods.com/
ODS Networks, Inc., Richardson, Texas
Special thanks to Ed Amoroso (AT&T Labs) for this addition.

SHADOW (Secondary Heuristic Analysis for Defensive Online Warfare)
http://www.nswc.navy.mil/ISSEC/CID
Naval Surface Warfare Center, Dahlgren Division
Special thanks to travish and Laurent Levier (Argosnet) for this addition.

SIDS (Statistical Intrusion Detection System)
SRI International, Menlo Park, California
bibliography

Snort
http://www.snort.org/
Martin Roesch
Special thanks to Bob Coggeshall, Stuart Staniford-Chen & Sascha Mettler for this addition.

Stake Out
http://www.stakeout.harris.com
Harris Corporation
bibliography
Special thanks to Jim Truitt for this addition.

(RT) Stalker
(formerly: http://www.haystack.com/stalk.htm)
Haystack Laboratories, Inc.; later Trusted Information Systems
bibliography

TIM (Time-based Inductive Machine) based IDS
University of Illinois at Urbana-Champaign
bibliography

Tivoli Cross-Site for Security
http://www.tivoli.com/products/index/cross-site_sec/index.html
Tivoli Systems, Inc., TX; (an IBM company)
Special thanks to Birk Richter (secunet) for this addition.

TRW (system name unknown)
bibliography

T-sight
http://www.EnGarde.com/software/t-sight/index.html
En Garde Systems, Inc.

UNICORN (Unicos Realtime NADIR)
http://www.EnGarde.com/~mcn/unicorn.html
Los Alamos National Laboratory, Los Alamos, New Mexico
bibliography

USTAT (Unix State Transition Analysis Tool)
http://www.cs.ucsb.edu/TRs/TRCS93-26.html
University of California at Santa Barbara
bibliography

VisionIDS
http://www.whitehats.com/ids/
Developer: Max Vision (Whitehats)
Special thanks to Max for your addition.

WebStalker Pro
(formerly: http://www.haystack.com/webstalk.htm/)
Haystack Laboratories, Inc.; later Trusted Information Systems

W&S (Wisdom & Sense)
Los Alamos National Laboratory, Los Alamos, New Mexico
Oak Ridge National Laboratory, Oak Ridge, Tennessee
bibliography

Remarks, corrections or additions are appreciated.
last update: 15-06-2000

All rights reserved. This document may be only be reproduced, whole or in parts, for non-commercial purposes. All reproductions must contain this copyright notice and must not be altered, expect by permission of the author.

Dr. Michael Sobirey
secunet Security Networks AG
(im World Trade Center)
Ammonstrasse 72
D-01067 Dresden

Fon: +49 (3 51) 4 39 59-10
Fax: +49 (3 51) 4 39 59-59
Mobile: +49 (1 71) 2 21 28 83

E-mail: sobirey@secunet.de