| 题名 |
Evaluation of Distributed File Integrity Analyzers in the Presence of Tampering |
| DOI |
10.6633/IJNS.200707.5(1).03 |
| 作者 |
Adam J. Rocke;Ronald F. DeMara;Simon Foo |
| 关键词 |
File system integrity ; intrusion detection evaluation ; network-level security ; tampering exposures ; weighted metric evaluation scheme |
| 期刊名称 |
International Journal of Network Security |
| 卷期/出版年月 |
5卷1期(2007 / 07 / 01) |
| 页次 |
21 - 31 |
| 内容语文 |
英文 |
| 英文摘要 |
In this paper, the Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions (CONFIDANT) is evaluated in the presence of tampering. CONFIDANT's mitigation capabilities are assessed and compared with conventional file integrity analyzers such as AIDE and tripwire. The potential of distributed techniques to address certain tampering modes such as Pacing, Altering Internal Data, and File Juggling are discussed. To assess capabilities, a variably-weighted tampering mode exposure metric scheme is developed and utilized. Results indicate a range of vulnerabilities for which mitigation techniques such as Encapsulation, Redundancy, Scrambling, and mandatory obsolescence can increase robustness against challenging exposures, including various insider tampering risks. |
| 主题分类 |
基礎與應用科學 >
資訊科學 |
