Open Source Host Based Intrusion Detections System (OHIDS)

Responding to incidents in an efficient manner is critical for all CIRTS. This paper presents a new open source tool for the enterprise. With this tool, responders will be able to detect incidents using aggregated data collected from hosts and applying anomaly detection. OHIDS includes a sensitive data finder to allow appropriate escalation of the incident. This software can be utilized in a proactive manner by removing SSNs and credit card data before incidents occur or by detecting unauthorized software running.