FABS: file and block surveillance system for determining anomalous disk accesses

Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop Pub Date : 2005-06-15 DOI:10.1109/IAW.2005.1495954

P. Stanton, W. Yurcik, L. Brumbaugh

引用次数: 7

Abstract

Despite increasingly sophisticated security measures, attackers have continued to find ways to gain access to stored data with impacts including data disclosure, modification, or deletion. There currently exist no tools independent of the operating system to monitor storage status. The authors introduced FABS as a comprehensive tool to monitor storage for anomalous accesses. A scalable GUI prototype, VisFlowConnect-SS, which represents storage accesses visually to human operators, was also introduced. The goal is an integrated storage-based monitoring system that provides intrusion detection, minimizes attack damage, and assists with post-attack forensic analysis.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

用于确定异常磁盘访问的文件和块监视系统

尽管越来越复杂的安全措施，攻击者仍在继续寻找访问存储数据的方法，其影响包括数据披露、修改或删除。目前还没有独立于操作系统的工具来监控存储状态。作者介绍了FABS作为监控存储异常访问的综合工具。还介绍了一种可扩展的GUI原型VisFlowConnect-SS，它将存储访问可视化地呈现给人类操作员。目标是一个集成的基于存储的监控系统，提供入侵检测，最小化攻击损害，并协助攻击后的取证分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop

自引率

0.00%

发文量

期刊最新文献

Safe renewal of a random key pre-distribution scheme for trusted devices Visualization techniques for intrusion behavior identification An e-mail honeypot addressing spammers' behavior in collecting and applying addresses Application of zeta function to quantum cryptography Reverse code engineering: an in-depth analysis of the Bagle virus