[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/1558607.1558673acmotherconferencesArticle/Chapter ViewAbstractPublication PagescsiirwConference Proceedingsconference-collections
research-article

File-system intrusion detection by preserving MAC DTS: a loadable kernel module based approach for LINUX kernel 2.6.x

Published: 13 April 2009 Publication History

Abstract

Every operating system has its own set of critical files, whose access is generally protected by access control mechanisms, native to the operating system. The importance of such files also simultaneously invites their inspection, unauthorized modification and tampering. So, the need for preserving the authenticity of these critical files along with tracking any unauthorized access to them demands paramount importance. This addresses the need of a good file-system intrusion detection system which is capable of monitoring and tracking any accidental, benign, malicious, intentional changes made to the files that reside in the file-system. For any file the MAC DTS, i.e. the modification, access and creation date and timestamp is a major parameter which can be helpful in detecting any unauthorized access to the documents and monitoring file system intrusion in a broader perspective. So by preserving the MAC DTS we can gain crucial evidence about unauthorized access in the file system. This paper proposes one solution to preserve the MAC DTS for the LINUX operating system (kernel version 2.6.x) with pre-installed plug-ins in the form of Loadable Kernel Modules (LKM).

References

[1]
Mridul Sankar Barik, Gaurav Gupta, Subhro Sinha, Alok Mishra, Chandan Mazumdar. "An efficient technique for enhancing forensic capabilities of Ext2 file system". Digital Investigation 4S (2007) S55--S61.
[2]
Dr. Knut Eckstein, "Forensics of Advanced Unix FS", 2004 IEE/USMA IA Workshop.
[3]
Swevson C, Philips, R Shevoi, S 2007 in IFP, Int Federation of Information Processing, Vol. 242, Advances in Digital Forensics III, eds. P Caiger K S Shevoi, (Borton, Springer), P- 231--244
[4]
Bovet Daniel P, Cesati Marco. Understanding the Linux kernel. 3rd ed. O'Reilly&Associates.
[5]
Bach Maurice J. The design of the UNIX operating system. Prentice Hall of India; 1988.

Cited By

View all
  • (2013)POSTER: Dr. Watson provides data for post-breach analysisProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2512522(1445-1448)Online publication date: 4-Nov-2013
  • (2010)A Kernel Level VFS Logger for Building Efficient File System Intrusion Detection SystemProceedings of the 2010 Second International Conference on Computer and Network Technology10.1109/ICCNT.2010.47(273-279)Online publication date: 23-Apr-2010

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences
CSIIRW '09: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
April 2009
952 pages
ISBN:9781605585185
DOI:10.1145/1558607
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 April 2009

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. access and creation date and time stamps (MAC DTS)
  2. authentic date and time stamps (ADTS)
  3. file system
  4. intrusion detection system (IDS)
  5. loadable kernel modules (LKM)
  6. modification
  7. virtual file system (VFS) layer

Qualifiers

  • Research-article

Conference

CSIIRW '09

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2013)POSTER: Dr. Watson provides data for post-breach analysisProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2512522(1445-1448)Online publication date: 4-Nov-2013
  • (2010)A Kernel Level VFS Logger for Building Efficient File System Intrusion Detection SystemProceedings of the 2010 Second International Conference on Computer and Network Technology10.1109/ICCNT.2010.47(273-279)Online publication date: 23-Apr-2010

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media