Research on Object-Storage-Based Intrusion Detection

Authors:
Youhui Zhang;Dongsheng Wang
Affiliations:
Tsinghua University, China;Tsinghua University, China
Venue:
ICPADS '06 Proceedings of the 12th International Conference on Parallel and Distributed Systems - Volume 1
Year:
2006

Citing 9
Cited 1

The design and implementation of tripwire: a file system integrity checker

CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Firewalls and Internet security: repelling the wily hacker

Firewalls and Internet security: repelling the wily hacker
Active Disks for Large-Scale Data Processing

Computer
Coverage and Generalization in an Artificial Immune System

GECCO '02 Proceedings of the Genetic and Evolutionary Computation Conference
Storage-Based Intrusion Detection for Storage Area Networks (SANs)

MSST '05 Proceedings of the 22nd IEEE / 13th NASA Goddard Conference on Mass Storage Systems and Technologies
Semantically-Smart Disk Systems

FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Storage-based intrusion detection: watching storage activity for suspicious behavior

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Intrusion detection using sequences of system calls

Journal of Computer Security
Object-based storage

IEEE Communications Magazine

Storage-Based Intrusion Detection

ACM Transactions on Information and System Security (TISSEC)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Storage-based intrusion detection systems (IDS) can be valuable tools in monitoring for the intrusion on a host computer. However, because the traditional storage device works on the block-level while intrusion always happens on the file-level, this gap has to be erased by detection software, which is a hard and time-consuming task. To solve this problem and to accord with the trend of moving more processing power into storage, this paper presents a novel idea to design an IDS on object-based storage devices (OSD), and analyzes how the features of OSD can be used for intrusion detection (ID) and for violation responding. Moreover, the existing OSD standard is enhanced to own the new functions. Compared with the existing research on block-level storage devices, OSD-based ID is more straightforward for implementation. We build such a prototype based on the OSD reference implementation provided by Intel. Testing results show that the extra overhead introduced by ID is acceptable.