Name
Abstract | ||
|---|---|---|
Storage-based intrusion detection consists of storage systems watching for and identifying data access patterns characteristic of system intrusions. Storage systems can spot several common intruder actions, such as adding backdoors, inserting Trojan horses, and tampering with audit logs. For example, examination of 18 real intrusion tools reveals that most (15) can be detected based on their changes to stored files. Further, an Intrusion Detection System (IDS) embedded in a storage device continues to operate even after client operating systems are compromised. We describe and evaluate a prototype storage IDS, built into a disk emulator, to demonstrate both feasibility and efficiency of storage-based intrusion detection. In particular, both the performance overhead ( |
Year | DOI | Venue |
|---|---|---|
2010 | 10.1145/1880022.1880024 | ACM Trans. Inf. Syst. Secur. |
Keywords | DocType | Volume |
real intrusion tool,prototype storage IDS,Trojan horse,Intrusion Detection System,storage system,Storage-based intrusion detection,Storage-Based Intrusion Detection,system intrusion,audit log,client operating system,intrusion detection,storage device,storage | Journal | 13 |
Issue | ISSN | Citations |
4 | 1094-9224 | 3 |
PageRank | References | Authors |
0.42 | 22 | 5 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Adam G. Pennington | 1 | 67 | 5.25 |
| John Linwood Griffin | 2 | 476 | 35.66 |
| John S. Bucy | 3 | 26 | 2.21 |
| John D. Strunk | 4 | 538 | 47.56 |
| Gregory R. Ganger | 5 | 4560 | 383.16 |