Using Object Metadata to Detect and Tolerate Attacks in Object Storage Devices

Storage based intrusion detection techniques have introduced an additional level of protection to interconnected systems and their running services. Such systems perform intrusion detection even if the system is compromised since they satisfy the compromise independent property. Moreover, optimizing intrusion detection and storage requirements is among the urgent needs for storage based intrusion detection solutions. Therefore, introducing these detection capabilities in object storage devices environments may accelerate intrusion detection by reducing processing time and optimize space requirements for detection rules. In this paper, we propose a novel storage based intrusion detection and tolerance system for object based storage devices using a novel structure for detection rules that is based on objects metadata´s. A comparative study is given in order to illustrate how the new format of detection rules reduces considerably the processing time for storage based detection modules when performing intrusion detection.