[asterisk-biz] Seeking Collaboration in Development and Validation of an Anomaly Detection System for Asterisk

[Hira Agrawal]

>> > Our approach involves examining "events" that get generated as a 
>> side > effect of normal call processing and analyzing them, or some 
>> appropriate > transformations of those events, against "normal", 
>> expected application > behavior.
> so its like systrace.org?  A free open source security tool that lets
> you filter system calls limiting what can be called, which arguments are
> valid, how many times a particular thing can be called, what sections of
> the filesystem are allowed, etc?
It is like systrace.org, except that it enables "policies" to be defined 
in terms of higher, application level events such as AMI events or AGI 
calls, instead of restricting them to be defined in terms of lower, 
operating system level system calls. Thus, unlike systrace.org, which 
can be attached to any process, our monitor is more application 
specific. Its underlying infrastructure, once ready, can, however, be 
easily adapted to other applications provided they make appropriate 
management interfaces available. The upside of doing this is that many 
more application level policies, such as what types of calls are allowed 
or not allowed (irrespective of the the underlying dialplans), can be 
defined and enforced than would otherwise be possible.

-- Hira.