Entry Pennington:2010:SBI from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Pennington:2010:SBI,
  author =       "Adam G. Pennington and John Linwood Griffin and John
                 S. Bucy and John D. Strunk and Gregory R. Ganger",
  title =        "Storage-Based Intrusion Detection",
  journal =      j-TISSEC,
  volume =       "13",
  number =       "4",
  pages =        "30:1--30:??",
  month =        dec,
  year =         "2010",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/1880022.1880024",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Wed Jan 12 17:10:07 MST 2011",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "Storage-based intrusion detection consists of storage
                 systems watching for and identifying data access
                 patterns characteristic of system intrusions. Storage
                 systems can spot several common intruder actions, such
                 as adding backdoors, inserting Trojan horses, and
                 tampering with audit logs. For example, examination of
                 18 real intrusion tools reveals that most (15) can be
                 detected based on their changes to stored files.
                 Further, an Intrusion Detection System (IDS) embedded
                 in a storage device continues to operate even after
                 client operating systems are compromised. We describe
                 and evaluate a prototype storage IDS, built into a disk
                 emulator, to demonstrate both feasibility and
                 efficiency of storage-based intrusion detection.",
  acknowledgement = ack-nhfb,
  articleno =    "30",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
}

Related entries

action, 2(2)177, 11(1)3, 11(4)21, 12(1)1, 12(2)12, 12(3)19, 14(1)10, 14(4)28, 16(1)3, 17(1)2, 17(4)13
adding, 12(3)18, 12(4)22, 16(2)6
audit, 2(2)159, 15(2)9
based, 1(1)3, 2(1)34, 2(2)177, 2(3)230, 2(3)295, 2(3)332, 3(3)161, 7(2)319, 9(2)162, 9(2)181, 9(4)421, 10(1)2, 10(1)4, 10(2)6, 11(1)3, 11(2)1, 11(2)4, 11(3)12, 11(3)15, 11(4)17, 11(4)18, 12(1)1, 12(1)4, 12(2)13, 12(3)16, 12(3)17, 12(3)18, 13(3)24, 13(3)27, 13(3)28, 13(4)29, 13(4)31, 13(4)41, 14(1)3, 14(1)4, 14(1)8, 14(1)9, 14(1)10, 14(4)30, 15(2)6, 15(2)7, 15(3)13, 16(2)8, 16(4)16, 17(1)3, 17(2)7, 17(3)12, 17(4)13, 17(4)14, 17(4)15, 17(4)16, 18(1)1, 18(1)4, 18(3)10, 18(3)11, 18(4)14
both, 1(1)26, 1(1)93, 2(1)65, 2(4)416, 9(2)181, 10(1)4, 10(3)12, 11(1)3, 11(1)4, 11(2)2, 11(3)14, 11(3)15, 11(3)16, 11(4)22, 12(1)2, 12(2)13, 12(3)15, 12(4)20, 13(4)33, 14(3)24, 15(1)5, 15(2)10, 15(3)11, 15(3)13, 16(1)4, 16(2)5, 16(3)10, 16(4)17, 17(3)9, 18(1)1, 18(4)13, 18(4)14
built, 12(2)11, 16(3)9, 18(1)1
change, 2(3)332, 12(3)14, 13(4)34, 14(1)2, 15(3)13, 15(4)16, 15(4)17, 16(4)17, 17(4)15, 18(3)9
characteristic, 2(4)416, 11(4)17, 12(2)13, 13(4)32, 17(1)1, 18(4)12
client, 2(3)230, 2(4)390, 10(2)8, 10(4)4, 11(2)2, 11(3)16, 12(3)14, 12(3)16, 14(1)12, 14(3)27, 14(4)32, 16(2)5, 16(3)11, 16(3)12, 16(4)13, 17(2)5, 17(4)15
common, 2(1)65, 9(2)181, 11(2)3, 12(1)2, 12(1)3, 12(3)19, 13(4)34, 16(4)13, 17(1)3, 18(1)1
compromised, 2(3)332, 10(4)6, 11(3)12, 11(3)15, 11(4)18, 12(2)13, 13(4)38, 15(1)5
consist, 2(2)177, 2(4)390, 12(1)4, 12(3)18
demonstrate, 2(3)295, 10(1)4, 10(4)1, 10(4)4, 10(4)6, 11(1)3, 11(3)16, 11(4)22, 12(1)4, 12(3)19, 13(1)10, 13(4)31, 13(4)38, 14(3)27, 15(1)2, 15(1)4, 15(2)7, 15(3)12, 15(3)13, 15(4)16, 16(3)9, 16(3)10, 17(2)8, 17(3)10, 17(3)12, 17(4)16, 18(2)8, 18(4)12, 18(4)14
describe, 1(1)66, 2(1)3, 2(1)34, 2(1)105, 2(2)159, 2(2)177, 2(3)230, 2(4)354, 2(4)390, 7(2)319, 10(4)3, 11(4)21, 12(1)1, 12(2)11, 12(3)16, 12(4)21, 13(4)34, 14(3)24, 14(3)27, 15(3)11, 15(3)13, 16(3)10, 16(3)12, 16(4)14, 17(2)5, 18(2)8
detected, 11(2)5, 16(4)14
detection, 2(2)159, 2(3)295, 3(1)1, 3(3)186, 3(4)227, 3(4)262, 4(4)407, 5(3)203, 6(2)173, 6(4)443, 7(4)591, 9(1)61, 10(1)4, 11(2)2, 11(3)12, 11(3)15, 11(4)19, 11(4)20, 12(2)11, 12(2)12, 12(2)13, 12(4)22, 13(2)12, 14(1)13, 14(3)27, 15(2)6, 15(3)11, 15(4)17, 17(4)13, 17(4)15, 18(1)2, 18(2)7, 18(3)9
device, 2(3)230, 10(4)3, 10(4)4, 11(2)2, 11(3)14, 12(3)15, 14(1)7, 15(1)4, 15(2)7, 16(2)6, 16(3)10, 17(3)10, 17(4)14, 17(4)16, 18(2)7
disk, 17(2)6
efficiency, 9(4)461, 10(2)6, 10(3)12, 11(2)1, 11(4)17, 11(4)18, 11(4)23, 12(1)3, 13(4)31, 13(4)33, 15(1)4, 15(2)9, 16(4)17, 18(2)5
embedded, 10(4)4, 17(4)16
evaluate, 2(2)138, 2(4)354, 10(4)3, 11(2)3, 11(3)12, 11(3)14, 13(3)26, 13(4)35, 14(1)3, 15(3)13, 15(4)17, 16(1)2, 16(2)6, 17(1)1, 17(2)8, 17(4)14, 18(4)14
even, 1(1)66, 2(3)332, 2(4)416, 10(1)2, 11(1)4, 11(2)6, 11(4)22, 12(2)11, 12(4)20, 13(1)10, 13(4)35, 13(4)41, 14(3)25, 14(3)27, 15(1)5, 16(3)12, 17(3)11, 17(3)12, 18(1)1
examination, 18(4)13
example, 10(4)5, 12(1)1, 12(2)11, 12(3)19, 12(4)20, 13(3)20, 13(4)35, 13(4)39, 13(4)40, 15(2)10, 16(1)3, 16(2)5, 16(3)10, 17(1)2, 17(1)4, 18(1)1, 18(2)8, 18(4)13
feasibility, 11(1)3, 13(3)28, 15(2)7, 15(3)13, 16(3)10
files, 2(2)159, 12(3)16, 17(4)15
further, 2(1)105, 2(3)230, 2(4)354, 10(2)8, 10(3)12, 11(1)2, 11(3)15, 11(4)21, 12(2)11, 13(3)25, 13(3)27, 13(4)29, 14(3)27, 15(2)7, 16(4)16, 16(4)17
horses, 14(3)24
identifying, 10(4)2, 11(2)2, 11(3)12, 15(2)6, 15(2)7, 15(3)14, 17(3)12
IDS, 11(4)19
intrusion, 2(2)159, 3(1)1, 3(3)186, 3(4)227, 3(4)262, 4(4)407, 6(2)173, 6(4)443, 7(2)274, 7(4)591, 10(1)4, 11(3)12, 11(4)19, 11(4)20, 18(2)7
log, 2(2)159, 10(4)6, 15(2)9, 17(3)12, 18(2)7
most, 2(3)332, 9(4)391, 11(2)2, 11(3)12, 11(4)22, 12(2)8, 12(2)12, 12(3)14, 12(4)21, 13(1)10, 13(3)27, 14(3)27, 15(1)5, 15(2)6, 15(4)15, 15(4)18, 16(1)4, 16(2)6, 16(4)13, 16(4)14, 17(3)11, 17(3)12, 17(4)16, 18(1)1
operate, 1(1)66, 12(4)22
operating, 2(2)138, 2(2)177, 2(3)295, 2(4)354, 4(1)72, 5(1)36, 11(4)20, 12(3)14, 13(1)10, 14(1)6, 14(1)8, 14(3)24, 15(4)16, 17(4)14, 18(2)5, 18(3)11
pattern, 10(4)5, 11(2)3, 16(3)12, 18(1)4, 18(3)11, 18(4)14
prototype, 1(1)3, 2(1)34, 10(1)4, 10(4)4, 11(1)2, 11(1)3, 11(4)18, 12(1)4, 12(2)13, 14(1)3, 16(1)1, 16(2)6, 17(2)5
real, 10(1)2, 10(4)1, 10(4)4, 11(2)3, 11(3)16, 11(4)17, 12(2)10, 12(2)11, 12(2)13, 14(4)30, 16(3)10, 16(4)14, 16(4)17, 17(4)16, 18(1)3, 18(3)9, 18(4)12
reveal, 12(1)6, 12(2)13, 13(1)10, 15(4)17, 17(1)1
several, 1(1)93, 2(1)65, 2(2)138, 2(3)230, 2(3)295, 10(1)2, 10(1)4, 10(2)6, 10(2)7, 10(3)12, 10(4)6, 11(1)4, 11(2)4, 11(4)17, 12(2)8, 12(4)20, 13(3)27, 13(4)39, 13(4)41, 14(3)27, 14(4)29, 14(4)31, 15(2)6, 15(2)10, 16(3)12, 17(1)4, 17(3)9, 17(3)10, 18(1)1
spot, 11(4)19
storage, 2(3)295, 2(4)354, 9(1)1, 10(4)3, 11(1)4, 12(1)3, 12(3)15, 12(3)16, 12(3)18, 13(3)22, 13(4)37, 14(1)12, 14(2)20, 15(2)6, 15(2)9, 16(3)12, 17(3)10, 17(4)15
stored, 11(2)2, 12(3)16, 12(3)18, 13(3)22, 14(1)12, 17(4)15
tampering, 10(4)4, 11(3)14
tool, 1(1)66, 2(3)332, 2(4)390, 7(2)274, 9(2)181, 10(4)2, 12(2)10, 13(3)24, 13(3)26, 13(4)40, 14(1)6, 15(1)3, 15(4)18, 16(1)4, 16(2)7, 17(2)7, 18(1)1, 18(1)4
Trojan, 14(3)24