Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
TISSEC
2010
2010
Storage-Based Intrusion Detection
Storage-based intrusion detection allows storage systems to transparently watch for suspicious activity. Storage systems are well-positioned to spot several common intruder actions, such as adding backdoors, inserting Trojan horses, and tampering with audit logs. Further, an intrusion detection system (IDS) embedded in a storage device continues to operate even after client systems are compromised. This paper describes a number of specific warning signs visible at the storage interface. It describes and evaluates a storage IDS, embedded in an NFS server, demonstrating both feasibility and efficiency of storage-based intrusion detection. In particular, both the performance overhead and memory required (40 KB for a reasonable set of rules) are minimal. With small extensions, storage IDSs can also be embedded in block-based storage devices. We thank the members and companies of the PDL Consortium (including EMC, Hewlett-Packard, Hitachi, IBM, Intel, Microsoft, Network Appliance, Panasas,...
Real-time TrafficAir Force Research Laboratory | Education | Intrusion Detection | Storage-based Intrusion Detection | TISSEC 2010 |
Related Content
| Added | 22 May 2011 |
| Updated | 22 May 2011 |
| Type | Journal |
| Year | 2010 |
| Where | TISSEC |
| Authors | Adam G. Pennington, John Linwood Griffin, John S. Bucy, John D. Strunk, Gregory R. Ganger |
Comments (0)
Researcher Info
|
