Participant : Hedi Benzina [ in charge ] .
The Auditd sensor was implemented as a part of the ORCHIDS intrusion detection system. Auditd permits to catch system events in linux 2.6 kernels which gives ORCHIDS the ability to detect attacks on such version of linux kernels. For instance, ORCHIDS is now able to detect a whole family of violent DOS (Denial Of Service) attacks on linux 2.6 kernels. ORCHIDS was also integrated to an hypervisor-based platform (Xen 3), which makes it able to run in a protected VM (Virtual Machine), while its sensors (auditd) are running in other VMs and reporting events to ORCHIDS. This architecture gives ORCHIDS the ability to supervise the whole architecture and to detect attacks on other virtual machines. This work was done in collaboration with Bertin technologies in the setting of the PFC, System@tic project.