IDRS: Combining File-level Intrusion Detection with Block-level Data Recovery based on iSCSI

Over the past years, researches on the intrusion detection have been parallelized with those on data recovery. Most of them scarcely try to combine the two issues together to propose an integrated solution, which is employed to defend the pivotal data and to recover the data when the intrusion has taken place. In this paper, we propose a framework of intrusion detection/recovery system (IDRS). This system is capable of detecting the intrusion on the file-level and recovering data on the block-level. Its advantages include that the file-level detection simplifies the implementation and the recovery based on the block-level can decrease the recovery time and raise the utilization ratio of storage devices. Again, considering that iSCSI has increasingly played an important role in network storage systems, we implement the IDRS prototype based on this promising protocol. The result of tests shows the extra storage overheads, arising from IDRS, are small (less than 10%). Therefore, we believe it is feasible to deploy IRDS on iSCSI systems to protect key files from damage.