Abstract: The present invention is used to monitor a user specified set of files for successful attempts to change the content. Templates are used to monitor user specified directories (with exclusion rules) for successful attempts to change the content or the addition/deletion of files.

Abstract: The present application is directed to a host-based IDS on an HP-UX intrusion detection system that enhances local host-level security within the network. It should be understood that the present invention is also usable on, for example, Eglinux, solaris, aix windows 2000 operating systems. It does this by automatically monitoring each configured host system within the network for possible signs of unwanted and potentially damaging intrusions. If successful, such intrusions could lead to the loss of availability of key systems or could compromise system integrity.

Abstract: The present application is directed to a host-based IDS on an HP-UX intrusion detection system that enhances local host-level security within the network. It should be understood that the present invention is also usable on, for example, Eglinux, solaris, aix windows 2000 operating systems. It does this by automatically monitoring each configured host system within the network for possible signs of unwanted and potentially damaging intrusions. If successful, such intrusions could lead to the loss of availability of key systems or could compromise system integrity.

Abstract: An apparatus, system, and method for protecting a computing device from attacks while the computing device is in operation is provided. In one embodiment, the apparatus includes an input/output unit, a control unit, an execute unit, and first and second memory areas. The first memory area is accessible by a user of the computing device. The second memory area is not accessible by any users. The second memory area is configured to store return addresses and stack pointers.

Abstract: The creation of a file with setuid privileges owned by a member of a list of critical owners is detected. Templates are used to monitor for occurrences of the following events: modification of file permissions to enable the setuid bit; changing a setuid file owner to one owner of a list of critical owners; and creation of a file with the setuid bit set. Another embodiment monitors the occurrence of the following events: a first program executing with setuid privilege in turn executes a second program other than the first program; and a program unexpectedly gains elevated privileges without calling a well defined sequence of operating system calls. Another embodiment of the present invention detects unexpected file reference modification, or a so-called “race-condition” attack. A template monitors privileged program file accesses and generates an alert if a file reference appears to have unexpectedly changed.

Abstract: The present application is directed to a host-based IDS on an HP-UX intrusion detection system that enhances local host-level security within the network. It should be understood that the present invention is also usable on, for example, Eglinux, solaris, aix windows 2000 operating systems. It does this by automatically monitoring each configured host system within the network for possible signs of unwanted and potentially damaging intrusions. If successful, such intrusions could lead to the loss of availability of key systems or could compromise system integrity.

Abstract: The present application is directed to a host-based IDS on an HP-UX intrusion detection system that enhances local host-level security within the network. It should be understood that the present invention is also usable on, for example, Eglinux, solaris, aix windows 2000 operating systems. It does this by automatically monitoring each configured host system within the network for possible signs of unwanted and potentially damaging intrusions. If successful, such intrusions could lead to the loss of availability of key systems or could compromise system integrity.