ACARM (software)
title: "ACARM (software)" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["free-software-programmed-in-java", "software-using-the-gnu-general-public-license"] topic_path: "general/free-software-programmed-in-java" source: "https://en.wikipedia.org/wiki/ACARM_(software)" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0
::data[format=table title="Infobox software"]
| Field | Value |
|---|---|
| name | ACARM |
| author | Bartłomiej Balcerek |
| Bartosz Szurgot | |
| Wojciech Waga | |
| Marcin Wojtkiewicz | |
| developer | WCSS |
| released | 2008.04.01 |
| latest release version | 0.1.0 |
| latest release date | |
| discontinued | yes |
| programming language | Java |
| operating system | cross-platform |
| replaced_by | ACARM-ng |
| genre | Intrusion-detection system |
| license | GPL |
| website | http://www.acarm.wcss.wroc.pl (no longer available for download) |
| :: |
| name = ACARM | logo = | screenshot = | caption = | collapsible = | author = Bartłomiej Balcerek Bartosz Szurgot Wojciech Waga Marcin Wojtkiewicz | developer = WCSS | released = 2008.04.01 | latest release version = 0.1.0 | latest release date = | discontinued = yes | latest preview version = | latest preview date = | programming language = Java | operating system = cross-platform | platform = | size = | replaced_by = ACARM-ng | language = | genre = Intrusion-detection system | license = GPL | website = http://www.acarm.wcss.wroc.pl (no longer available for download)
ACARM (Alert Correlation, Assessment and Reaction Module) is an open source intrusion detection system. It was developed as a part of POSITIF project between 2004 and 2007. It was written as a practical proof of concept, presented in the article.
Filters architecture
The following image shows chain-like architecture for filters, as used in the system.
::figure[src="https://upload.wikimedia.org/wikipedia/commons/b/bf/ACARM_filter_architecture.png" caption="Filters architercture"] ::
Each alert enters each filter, stays there for a specified amount of time and proceeds further in chain. Main issue with such an approach is that alter can be reported only after its processing is done, which in turn takes at least few minutes.
Notes
Project is no longer maintained. It has been replaced with new, plug-in-based ACARM-ng.
References
References
- (2004). "Comprehensive approach to intrusion detection alert correlation". IEEE Transactions on Dependable and Secure Computing.
::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::