ACARM (software)

ACARM
Original author(s) Bartłomiej Balcerek
Bartosz Szurgot
Wojciech Waga
Marcin Wojtkiewicz
Developer(s) WCSS
Initial release 2008.04.01
Stable release
0.1.0 / October 5, 2009 (2009-10-05)
Development status discontinued
Written in Java
Operating system cross-platform
Type Intrusion-detection system
License GPL
Website http://www.acarm.wcss.wroc.pl (no longer available for download)

ACARM (Alert Correlation, Assessment and Reaction Module) is an open source intrusion detection system. It was developed as a part of POSITIF project between 2004 and 2007. It was written as a practical proof of concept, presented in the article.[1]

Filters architecture

The following image shows chain-like architecture for filters, as used in the system.

Each alert enters each filter, stays there for a specified amount of time and proceeds further in chain. Main issue with such an approach is that alter can be reported only after its processing is done, which in turn takes at least few minutes.

Notes

Project is no longer maintained. It has been replaced with new, plug-in-based ACARM-ng.

See also

References

  1. Fredrik Valeur; Giovanni Vigna; Christopher Kruegel; Richard A. Kemmerer (2004). "A comprehensive approach to intrusion detection alert correlation". IEEE Transactions On Dependable And Secure Computing.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.