You might want to check out a linux-system-call based IDS called Process
Homeostatis (pH) by Professor Anil Somayaji at Carleton U. I believe
you can still download it from his site:
http://www.scs.carleton.ca/~soma/pH/index.html
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
