Storage-Based Intrusion Detection

ADAM G. PENNINGTON; JOHN LINWOOD GRIFFIN; JOHN S. BUCY; JOHN D. STRUNK; GREGORY R. GANGER

首页> 外文期刊>ACM Transaction on Information and System Security >Storage-Based Intrusion Detection

【24h】

Storage-Based Intrusion Detection

机译：基于存储的入侵检测

获取原文

获取原文并翻译 | 示例

开具论文收录证明 >>

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

Storage-based intrusion detection consists of storage systems watching for and identifying data access patterns characteristic of system intrusions. Storage systems can spot several common intruder actions, such as adding backdoors, inserting Trojan horses, and tampering with audit logs. For example, examination of 18 real intrusion tools reveals that most (15) can be detected based on their changes to stored files. Further, an Intrusion Detection System (IDS) embedded in a storage device continues to operate even after client operating systems are compromised. We describe and evaluate a prototype storage IDS, built into a disk emulator, to demonstrate both feasibility and efficiency of storage-based intrusion detection. In particular, both the performance overhead (< 1%) and memory required (1.62MB for 13995 rules) are minimal.

机译：基于存储的入侵检测由存储系统组成，这些存储系统监视并识别系统入侵特有的数据访问模式。存储系统可以发现几种常见的入侵者操作，例如添加后门，插入特洛伊木马和篡改审核日志。例如，对18种真实入侵工具的检查表明，大多数（15）可以基于它们对存储文件的更改而被检测到。此外，即使在客户端操作系统受到威胁后，嵌入在存储设备中的入侵检测系统（IDS）仍可继续运行。我们描述并评估了内置在磁盘仿真器中的原型存储IDS，以演示基于存储的入侵检测的可行性和效率。特别是，性能开销（<1％）和所需的内存（对于13995规则为1.62MB）都是最小的。

著录项

来源
《ACM Transaction on Information and System Security》 |2010年第4期|p.30:1-30:27|共27页
作者
ADAM G. PENNINGTON; JOHN LINWOOD GRIFFIN; JOHN S. BUCY; JOHN D. STRUNK; GREGORY R. GANGER;
展开▼
作者单位

Carnegie Mellon University;

Carnegie Mellon University;

Carnegie Mellon University;

Carnegie Mellon University;

Carnegie Mellon University;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
storage; intrusion detection;

机译：存储;入侵检测;

相似文献

外文文献
中文文献
专利

1. SwiftIDS: Real-time intrusion detection system based on LightGBM and parallel intrusion detection mechanism [J] . Dongzi Jin, Yiqin Lu, Jiancheng Qin, Computers & Security . 2020,第Octa期

机译：SWIFTID：基于灯光的实时入侵检测系统和并联入侵检测机构
2. Software Intrusion Detection Evaluation System: A Cost-Based Evaluation of Intrusion Detection Capability [J] . Agbotiname L. Imoize, Taiwo Oyedare, Michael E. Otuokere, Communications and Network . 2018,第4期

机译：软件入侵检测评估系统：基于成本的入侵检测能力评估
3. Software Intrusion Detection Evaluation System: A Cost-Based Evaluation of Intrusion Detection Capability [J] . Agbotiname L. Imoize, Taiwo Oyedare, Michael E. Otuokere, Communications and network . 2018,第4期

机译：软件入侵检测评估系统：基于成本的入侵检测能力评估
4. Storage-Based Intrusion Detection Using Artificial Immune Technique [C] . Yunliang Chen, Jianzhong Huang, Changsheng Xie, Advances in computation and intelligence . 2009

机译：基于人工免疫技术的基于存储的入侵检测
5. Machine Learning Methods for Network Intrusion Detection and Intrusion Prevention Systems [D] . Stefanova, Zheni Svetoslavova. 2018

机译：用于网络入侵检测和入侵防御系统的机器学习方法
6. Intrusion-Aware Alert Validation Algorithm for Cooperative Distributed Intrusion Detection Schemes of Wireless Sensor Networks [O] . Riaz Ahmed Shaikh, Hassan Jameel, Brian J. d’Auriol, 2009

机译：无线传感器网络协同分布式入侵检测方案的入侵感知警报验证算法
7. Storage-Based Intrusion Detection [O] . Adam G. Pennington, John Linwood Griffin, John S. Bucy, 2015

机译：基于存储的入侵检测
8. Storage-based Intrusion Detection: Watching storage activity for suspicious behavior [R] . Pennington, A. G. , Strunk, J. D. , Griffin, J. L. , 2002

机译：基于存储的入侵检测：监视存储活动是否存在可疑行为

Storage-Based Intrusion Detection

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅