Title :
FABS: file and block surveillance system for determining anomalous disk accesses
Author :
Stanton, Paul T. ; Yurcik, William ; Brumbaugh, Larry
Author_Institution :
National Center for Supercomput. Applications, Champaign, IL, USA
Abstract :
Despite increasingly sophisticated security measures, attackers have continued to find ways to gain access to stored data with impacts including data disclosure, modification, or deletion. There currently exist no tools independent of the operating system to monitor storage status. The authors introduced FABS as a comprehensive tool to monitor storage for anomalous accesses. A scalable GUI prototype, VisFlowConnect-SS, which represents storage accesses visually to human operators, was also introduced. The goal is an integrated storage-based monitoring system that provides intrusion detection, minimizes attack damage, and assists with post-attack forensic analysis.
Keywords :
data mining; data visualisation; graphical user interfaces; security of data; software prototyping; storage management; system monitoring; FABS; VisFlowConnect-SS; anomalous disk access; attack damage minimization; data access; data deletion; data disclosure; data mining; data modification; data visualization; file and block surveillance system; intrusion detection; post-attack forensic analysis; scalable GUI prototype; security measures; storage access; storage status monitoring; storage-based monitoring system; stored data; Data security; Forensics; Gain measurement; Graphical user interfaces; Humans; Intrusion detection; Monitoring; Operating systems; Prototypes; Surveillance;
Conference_Titel :
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
Print_ISBN :
0-7803-9290-6
DOI :
10.1109/IAW.2005.1495954
