The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Coverage and Generalization in an Artificial Immune System
GECCO '02 Proceedings of the Genetic and Evolutionary Computation Conference
Storage-Based Intrusion Detection for Storage Area Networks (SANs)
MSST '05 Proceedings of the 22nd IEEE / 13th NASA Goddard Conference on Mass Storage Systems and Technologies
Semantically-Smart Disk Systems
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Storage-based intrusion detection: watching storage activity for suspicious behavior
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Intrusion detection using sequences of system calls
Journal of Computer Security
IEEE Communications Magazine
Storage-Based Intrusion Detection
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.00 |
Storage-based intrusion detection systems (IDS) can be valuable tools in monitoring for the intrusion on a host computer. However, because the traditional storage device works on the block-level while intrusion always happens on the file-level, this gap has to be erased by detection software, which is a hard and time-consuming task. To solve this problem and to accord with the trend of moving more processing power into storage, this paper presents a novel idea to design an IDS on object-based storage devices (OSD), and analyzes how the features of OSD can be used for intrusion detection (ID) and for violation responding. Moreover, the existing OSD standard is enhanced to own the new functions. Compared with the existing research on block-level storage devices, OSD-based ID is more straightforward for implementation. We build such a prototype based on the OSD reference implementation provided by Intel. Testing results show that the extra overhead introduced by ID is acceptable.