Saint Jude is a wholly kernel-based intrusion
detection and intrusion response system that
implements the Saint Jude Model for detection of
improper privilege transitions. Saint Jude can
detect the presence of ongoing and successful
attacks, from sources both local and remote, that
would yield root-level access to the attacking
individual. Detection is performed using a
rule-based anomaly detector that uses a model of
normal system behavior that is generated on the
protected machine during a training phase. By
comparing actual actions against a fully developed
model, it is possible to detect attacks against
vulnerabilities that are both known and unknown
with no false positives or negatives.
