On the Feasibility of Intrusion Detection Inside Workstation Disks

Abstract

Storage-based intrusion detection systems (IDSs) can be valuable tools in monitoring for and notifying administrators of malicious software executing on a host computer, including many common intrusion tool kits. This paper makes a case for implementing IDS functionality in the firmware of workstations' locally attached disks, on which the bulk of important system files typically reside. To evaluate the feasibility of this approach, the authors built a prototype disk-based IDS into a SCSI disk emulator. Experimental results from this prototype indicate that it would indeed be feasible, in terms of CPU and memory costs, to include IDS functionality in low-cost desktop disk drives.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 01, 2003
Accession Number
ADA490208

Entities

People

  • Adam Pennington
  • Deepa Choundappan
  • Gregory R. Ganger
  • John L. Griffin
  • John S. Bucy
  • Nithya Muralidharan

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Air Force Research Laboratories
  • Computer Network Security
  • Computer Programming
  • Computer Science
  • Computers
  • Cybersecurity
  • Detection
  • Host Computers
  • Information Warfare
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Malware
  • Models
  • Monitoring
  • Operating Systems

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.