Storage-based Intrusion Detection: Watching Storage Activity for Suspicious Behavior
نویسندگان
چکیده
Storage-based intrusion detection allows storage systems to watch for data modifications characteristic of system intrusions. This enables storage systems to spot several common intruder actions, such as adding backdoors, inserting Trojan horses, and tampering with audit logs. Further, an intrusion detection system (IDS) embedded in a storage device continues to operate even after client systems are compromised. This paper describes a number of specific warning signs visible at the storage interface. Examination of 18 real intrusion tools reveals that most (15) can be detected based on their changes to stored files. We describe and evaluate a prototype storage IDS, embedded in an NFS server, to demonstrate both feasibility and efficiency of storage-based intrusion detection. In particular, both the performance overhead and memory required (152 KB for 4730 rules) are minimal.
منابع مشابه
Design issues of ‘ Vulnerabilities and Suspicious behavior detection system ’ in Storage Area Network ( SAN )
Current accelerated demand of business continuity of operations in 24 × 7 work environment has increased the importance and amount of the data stored on computers and Storage Area Networks (SAN). A lot of security issues are pending related to the performance and ability of such high-speed network architecture. There is tremendous risk in the available intrusion detection systems and the securi...
متن کاملA Clustering based Intrusion Detection System for Storage Area Network
A storage area network (SAN) is a high-speed and widely used special-purpose network that interconnects different kinds of storage devices with associated data servers on behalf of a larger network of users. SAN security is a specialized field dealing with issues related to the storage industry, it follows the same established principles found in all modern IT security. Therefore, it requires a...
متن کاملDesigning an Intelligent Intrusion Detection System in the Electronic Banking Industry Using Fuzzy Logic
One of the most important obstacles to using Internet banking is the lack of Stability of transactions and some misuse in the course of transactions it is financial. That is why preventing unauthorized access Crime detection is one of the major issues in financial institutions and banks. In this article, a system of intelligence has been designed that recognizes Suspicious and unusual behaviors...
متن کاملKey Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage
ISSN: 2231-5381 http://www.ijettjournal.org Page 95 ABSTRACT: Cloud computing provides the flexible architecture to share the applications as well as the other network resources. Cloud storage enables networked online storage. Key management and key sharing plays the main role in the data sharing concept of cloud computing. While cloud computing brings new and challenging security threats to th...
متن کاملIntrusion Detection Scheme for Network Storage Based on Sequences of System Calls
Rapid increase of information resources speeds the development of network storage. And security of network storage satisfies the demands of privacy and safety of the information. Data encryption and personal identity authentication which are based on cryptography can protect the storage against non-authorized access, while they are ineffective for malicious authorized users and inherent attacks...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003