OpenBSD Gains "Fuzzy" User Profiling IDS

NaveWeiss writes "According to the OpenBSD Journal, major work has been done on an innovative new OpenBSD feature termed 'fuzzy user profile' intrusion detection system' - or 'fupids.' According to Steffen Wendzel, the code 'creates profiles for every user who does an execve() syscall on obsd systems.'"

Re:Link?

[OldMiner (589872)]

Oh, it really is hard to click on the link on the linked page, or, even worse, search Google for FUPIDS and find the page in, as he puts it, "my poor English" [doomed-reality.org]. Pretty sparse on details when you get to it anyhow. Use the source, Luke.

Courtest of Babelfish

[thelaw (100964)]

FUPIDS (fuzzy user of profiles intrusion detection system) is a Patch for the OpenBSD -- Kernel. FUPIDS produces user profiles and supervises their activities. Momentarily is limited to the evaluation of the programs used by the user, however still by some intelligent ueberwachungsstrategien will extend. Which I still planned at nice features experience one as soon as I it programmed and/or for any reasons directly into the ton DO -- list on the project side wrote.

babelfish. [altavista.com]

Re:Courtest of Babelfish

[Valar (167606)]

Now if I only knew what 'ueberwachungsstrategien' was...

Re:Courtest of Babelfish

[chthonicdaemon (670385)]

Looks like supervisory strategies to me (my german is not great).

Re:Courtest of Babelfish

[CableModemSniper (556285)]

I would agree. (with as bad or worse german then you of course).

Re:Courtest of Babelfish

[vidnet (580068)]

I'd agree too, with no german skills.

German: ueber wachungs strategien
English: over watching strategy
(Latin-ish: super visio strategy)

Yay for germanic languages!

Yes, you are right

[foobsr (693224)]

CC.

...noexec/ro on partitions...

[Hobart (32767)]

Another good move along these lines, I think, might be to mount all partitions as noexec, and mount all the partitions with executable content as read-only...

Re:...noexec/ro on partitions...

[anthonyrcalgary (622205)]

That would be a major pita if they did it by default...

Re:...noexec/ro on partitions...

[Anonymous Coward]

Mmm, major pita...

Re:...noexec/ro on partitions...

[irc.goatse.cx troll (593289)]

And you get to go singleuser every time you want to make a software upgrade.

Re:...noexec/ro on partitions...

[tiger99 (725715)]

I wonder how that would compare to a well-known badly broken OS, where you can't even make some executable files, and dlls, RO without breaking everything. Keeping all the executable stuff in RO partitions has its attractions, if it is possible to work that way.

Taking this a step further, if it was not for the performance problem, could you not just put the executables on a CD (in a read-only drive of course), which could be updated only by having physical access, and a suitably equipped PC with writer to t

Does it log activity?

[fuzzybunny (112938)]

He mentions that it sets a threshhold of user activity, such as using too many new programs within a limited space of time.

Any indication that it does some sort of observation of user activity (think bayesian learning for spam filters) to build profiles which, if exceeded by too high a metric within too short a time, would also trigger a log error?

Fupids is not in OpenBSD's tree

[OttoM (467655)]

The summary suggests fupids is imported into the OpenBSD tree.

This is not true. Fupids is work by a single person, who is not an OpenBSD developer. At this point in time, nothing suggests it will be put into the OpenBSD tree.

NOT in the tree

[Geekboy(Wizard) (87906)]

This code is not in the tree, and it doesn't look like it will be.

Re:BSD for Windows XP?

[Paleomacus (666999)]

All I can say is -- HUH?

Re:BSD for Windows XP?

[Guido von Guido (548827)]

Troll/smartass remark.

Re:BSD for Windows XP?

[mattjb0010 (724744)]

Actually it's not quite as crazy it sounds. Cygwin is basically a Linux-esque environment running on top of a Windows kernel, the BSD layer in Mac OS X runs directly on top of the Mach-based microkernel (side-by-side with Aqua, not Aqua on top of BSD as many believe).