Entry Pennington:2010:SBI from tissec.bib
Last update: Sun Oct 15 02:58:48 MDT 2017
Top |
Symbols |
Numbers |
Math |
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z
BibTeX entry
@Article{Pennington:2010:SBI,
author = "Adam G. Pennington and John Linwood Griffin and John
S. Bucy and John D. Strunk and Gregory R. Ganger",
title = "Storage-Based Intrusion Detection",
journal = j-TISSEC,
volume = "13",
number = "4",
pages = "30:1--30:??",
month = dec,
year = "2010",
CODEN = "ATISBQ",
DOI = "https://doi.org/10.1145/1880022.1880024",
ISSN = "1094-9224 (print), 1557-7406 (electronic)",
ISSN-L = "1094-9224",
bibdate = "Wed Jan 12 17:10:07 MST 2011",
bibsource = "http://portal.acm.org/;
http://www.math.utah.edu/pub/tex/bib/tissec.bib",
abstract = "Storage-based intrusion detection consists of storage
systems watching for and identifying data access
patterns characteristic of system intrusions. Storage
systems can spot several common intruder actions, such
as adding backdoors, inserting Trojan horses, and
tampering with audit logs. For example, examination of
18 real intrusion tools reveals that most (15) can be
detected based on their changes to stored files.
Further, an Intrusion Detection System (IDS) embedded
in a storage device continues to operate even after
client operating systems are compromised. We describe
and evaluate a prototype storage IDS, built into a disk
emulator, to demonstrate both feasibility and
efficiency of storage-based intrusion detection.",
acknowledgement = ack-nhfb,
articleno = "30",
fjournal = "ACM Transactions on Information and System Security",
journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J789",
}
Related entries
- action,
2(2)177,
11(1)3,
11(4)21,
12(1)1,
12(2)12,
12(3)19,
14(1)10,
14(4)28,
16(1)3,
17(1)2,
17(4)13
- adding,
12(3)18,
12(4)22,
16(2)6
- audit,
2(2)159,
15(2)9
- based,
1(1)3,
2(1)34,
2(2)177,
2(3)230,
2(3)295,
2(3)332,
3(3)161,
7(2)319,
9(2)162,
9(2)181,
9(4)421,
10(1)2,
10(1)4,
10(2)6,
11(1)3,
11(2)1,
11(2)4,
11(3)12,
11(3)15,
11(4)17,
11(4)18,
12(1)1,
12(1)4,
12(2)13,
12(3)16,
12(3)17,
12(3)18,
13(3)24,
13(3)27,
13(3)28,
13(4)29,
13(4)31,
13(4)41,
14(1)3,
14(1)4,
14(1)8,
14(1)9,
14(1)10,
14(4)30,
15(2)6,
15(2)7,
15(3)13,
16(2)8,
16(4)16,
17(1)3,
17(2)7,
17(3)12,
17(4)13,
17(4)14,
17(4)15,
17(4)16,
18(1)1,
18(1)4,
18(3)10,
18(3)11,
18(4)14
- both,
1(1)26,
1(1)93,
2(1)65,
2(4)416,
9(2)181,
10(1)4,
10(3)12,
11(1)3,
11(1)4,
11(2)2,
11(3)14,
11(3)15,
11(3)16,
11(4)22,
12(1)2,
12(2)13,
12(3)15,
12(4)20,
13(4)33,
14(3)24,
15(1)5,
15(2)10,
15(3)11,
15(3)13,
16(1)4,
16(2)5,
16(3)10,
16(4)17,
17(3)9,
18(1)1,
18(4)13,
18(4)14
- built,
12(2)11,
16(3)9,
18(1)1
- change,
2(3)332,
12(3)14,
13(4)34,
14(1)2,
15(3)13,
15(4)16,
15(4)17,
16(4)17,
17(4)15,
18(3)9
- characteristic,
2(4)416,
11(4)17,
12(2)13,
13(4)32,
17(1)1,
18(4)12
- client,
2(3)230,
2(4)390,
10(2)8,
10(4)4,
11(2)2,
11(3)16,
12(3)14,
12(3)16,
14(1)12,
14(3)27,
14(4)32,
16(2)5,
16(3)11,
16(3)12,
16(4)13,
17(2)5,
17(4)15
- common,
2(1)65,
9(2)181,
11(2)3,
12(1)2,
12(1)3,
12(3)19,
13(4)34,
16(4)13,
17(1)3,
18(1)1
- compromised,
2(3)332,
10(4)6,
11(3)12,
11(3)15,
11(4)18,
12(2)13,
13(4)38,
15(1)5
- consist,
2(2)177,
2(4)390,
12(1)4,
12(3)18
- demonstrate,
2(3)295,
10(1)4,
10(4)1,
10(4)4,
10(4)6,
11(1)3,
11(3)16,
11(4)22,
12(1)4,
12(3)19,
13(1)10,
13(4)31,
13(4)38,
14(3)27,
15(1)2,
15(1)4,
15(2)7,
15(3)12,
15(3)13,
15(4)16,
16(3)9,
16(3)10,
17(2)8,
17(3)10,
17(3)12,
17(4)16,
18(2)8,
18(4)12,
18(4)14
- describe,
1(1)66,
2(1)3,
2(1)34,
2(1)105,
2(2)159,
2(2)177,
2(3)230,
2(4)354,
2(4)390,
7(2)319,
10(4)3,
11(4)21,
12(1)1,
12(2)11,
12(3)16,
12(4)21,
13(4)34,
14(3)24,
14(3)27,
15(3)11,
15(3)13,
16(3)10,
16(3)12,
16(4)14,
17(2)5,
18(2)8
- detected,
11(2)5,
16(4)14
- detection,
2(2)159,
2(3)295,
3(1)1,
3(3)186,
3(4)227,
3(4)262,
4(4)407,
5(3)203,
6(2)173,
6(4)443,
7(4)591,
9(1)61,
10(1)4,
11(2)2,
11(3)12,
11(3)15,
11(4)19,
11(4)20,
12(2)11,
12(2)12,
12(2)13,
12(4)22,
13(2)12,
14(1)13,
14(3)27,
15(2)6,
15(3)11,
15(4)17,
17(4)13,
17(4)15,
18(1)2,
18(2)7,
18(3)9
- device,
2(3)230,
10(4)3,
10(4)4,
11(2)2,
11(3)14,
12(3)15,
14(1)7,
15(1)4,
15(2)7,
16(2)6,
16(3)10,
17(3)10,
17(4)14,
17(4)16,
18(2)7
- disk,
17(2)6
- efficiency,
9(4)461,
10(2)6,
10(3)12,
11(2)1,
11(4)17,
11(4)18,
11(4)23,
12(1)3,
13(4)31,
13(4)33,
15(1)4,
15(2)9,
16(4)17,
18(2)5
- embedded,
10(4)4,
17(4)16
- evaluate,
2(2)138,
2(4)354,
10(4)3,
11(2)3,
11(3)12,
11(3)14,
13(3)26,
13(4)35,
14(1)3,
15(3)13,
15(4)17,
16(1)2,
16(2)6,
17(1)1,
17(2)8,
17(4)14,
18(4)14
- even,
1(1)66,
2(3)332,
2(4)416,
10(1)2,
11(1)4,
11(2)6,
11(4)22,
12(2)11,
12(4)20,
13(1)10,
13(4)35,
13(4)41,
14(3)25,
14(3)27,
15(1)5,
16(3)12,
17(3)11,
17(3)12,
18(1)1
- examination,
18(4)13
- example,
10(4)5,
12(1)1,
12(2)11,
12(3)19,
12(4)20,
13(3)20,
13(4)35,
13(4)39,
13(4)40,
15(2)10,
16(1)3,
16(2)5,
16(3)10,
17(1)2,
17(1)4,
18(1)1,
18(2)8,
18(4)13
- feasibility,
11(1)3,
13(3)28,
15(2)7,
15(3)13,
16(3)10
- files,
2(2)159,
12(3)16,
17(4)15
- further,
2(1)105,
2(3)230,
2(4)354,
10(2)8,
10(3)12,
11(1)2,
11(3)15,
11(4)21,
12(2)11,
13(3)25,
13(3)27,
13(4)29,
14(3)27,
15(2)7,
16(4)16,
16(4)17
- horses,
14(3)24
- identifying,
10(4)2,
11(2)2,
11(3)12,
15(2)6,
15(2)7,
15(3)14,
17(3)12
- IDS,
11(4)19
- intrusion,
2(2)159,
3(1)1,
3(3)186,
3(4)227,
3(4)262,
4(4)407,
6(2)173,
6(4)443,
7(2)274,
7(4)591,
10(1)4,
11(3)12,
11(4)19,
11(4)20,
18(2)7
- log,
2(2)159,
10(4)6,
15(2)9,
17(3)12,
18(2)7
- most,
2(3)332,
9(4)391,
11(2)2,
11(3)12,
11(4)22,
12(2)8,
12(2)12,
12(3)14,
12(4)21,
13(1)10,
13(3)27,
14(3)27,
15(1)5,
15(2)6,
15(4)15,
15(4)18,
16(1)4,
16(2)6,
16(4)13,
16(4)14,
17(3)11,
17(3)12,
17(4)16,
18(1)1
- operate,
1(1)66,
12(4)22
- operating,
2(2)138,
2(2)177,
2(3)295,
2(4)354,
4(1)72,
5(1)36,
11(4)20,
12(3)14,
13(1)10,
14(1)6,
14(1)8,
14(3)24,
15(4)16,
17(4)14,
18(2)5,
18(3)11
- pattern,
10(4)5,
11(2)3,
16(3)12,
18(1)4,
18(3)11,
18(4)14
- prototype,
1(1)3,
2(1)34,
10(1)4,
10(4)4,
11(1)2,
11(1)3,
11(4)18,
12(1)4,
12(2)13,
14(1)3,
16(1)1,
16(2)6,
17(2)5
- real,
10(1)2,
10(4)1,
10(4)4,
11(2)3,
11(3)16,
11(4)17,
12(2)10,
12(2)11,
12(2)13,
14(4)30,
16(3)10,
16(4)14,
16(4)17,
17(4)16,
18(1)3,
18(3)9,
18(4)12
- reveal,
12(1)6,
12(2)13,
13(1)10,
15(4)17,
17(1)1
- several,
1(1)93,
2(1)65,
2(2)138,
2(3)230,
2(3)295,
10(1)2,
10(1)4,
10(2)6,
10(2)7,
10(3)12,
10(4)6,
11(1)4,
11(2)4,
11(4)17,
12(2)8,
12(4)20,
13(3)27,
13(4)39,
13(4)41,
14(3)27,
14(4)29,
14(4)31,
15(2)6,
15(2)10,
16(3)12,
17(1)4,
17(3)9,
17(3)10,
18(1)1
- spot,
11(4)19
- storage,
2(3)295,
2(4)354,
9(1)1,
10(4)3,
11(1)4,
12(1)3,
12(3)15,
12(3)16,
12(3)18,
13(3)22,
13(4)37,
14(1)12,
14(2)20,
15(2)6,
15(2)9,
16(3)12,
17(3)10,
17(4)15
- stored,
11(2)2,
12(3)16,
12(3)18,
13(3)22,
14(1)12,
17(4)15
- tampering,
10(4)4,
11(3)14
- tool,
1(1)66,
2(3)332,
2(4)390,
7(2)274,
9(2)181,
10(4)2,
12(2)10,
13(3)24,
13(3)26,
13(4)40,
14(1)6,
15(1)3,
15(4)18,
16(1)4,
16(2)7,
17(2)7,
18(1)1,
18(1)4
- Trojan,
14(3)24