Abstract
Integrity of operating system components must be carefully handled in order to optimize the system security. Attackers always attempt to alter or modify these related components to achieve their goals. System files are common targets by the attackers. File integrity monitoring tools are widely used to detect any malicious modification to these critical files. Two methods, off-line and on-line file integrity monitoring have their own disadvantages. This paper proposes an enhancement to the scheduling algorithm of the current file integrity monitoring approach by combining the off-line and on-line monitoring approach with dynamic inspection scheduling by performing file classification technique. Files are divided based on their security level group and integrity monitoring schedule is defined based on related groups. The initial testing result shows that our system is effective in on-line detection of file modification.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ossec - open source host-based intrusion detection system, http://www.ossec.net/
Al-Shaer, E.S., Hamed, H.H.: Modeling and management of firewall policies. IEEE Transactions on Network and Service Management 1(1), 2 (2004)
Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: CCS 2008: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 51–62. ACM, New York (2008)
Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proc. Network and Distributed Systems Security Symposium, pp. 191–206 (2003)
Glenn, W.: Windows 2003/2000/xp security architecture overview in expert reference series of white papers. Expert reference series of white papers, Global Knowledge Network, Inc. (2005)
Hay, A., Cid, D., Bary, R., Northcutt, S.: System integrity check and rootkit detection. In: OSSEC Host-Based Intrusion Detection Guide, Syngress, Burlington, pp. 149–174 (2008)
Jin, H., Xiang, G., Zou, D., Zhao, F., Li, M., Yu, C.: A guest-transparent file integrity monitoring method in virtualization environment. Comput. Math. Appl. 60(2), 256–266 (2010)
Kim, G.H., Spafford, E.H.: The design and implementation of tripwire: a file system integrity checker. In: CCS 1994: Proceedings of the 2nd ACM Conference on Computer and communications security, pp. 18–29. ACM, New York (1994)
Kim, J., Kim, I., Eom, Y.I.: Nopfit: File system integrity tool for virtual machine using multi-byte nop injection. In: Computational Science and its Applications, International Conference, vol. 0, pp. 335–338 (2010)
Kourai, K., Chiba, S.: Hyperspector: virtual distributed monitoring environments for secure intrusion detection. In: VEE 2005: Proceedings of the 1st ACM/USENIX International Conference on Virtual Execution Environments, pp. 197–207. ACM, New York (2005)
Microsoft. File classification infrastructure, technical white paper. Technical white paper (2009), http://www.microsoft.com/windowsserver2008/en/us/fci.aspx
Patil, S., Kashyap, A., Sivathanu, G., Zadok, E.: I3fs: An in-kernel integrity checker and intrusion detection file system. In: Proceedings of the 18th USENIX Conference on System Administration, pp. 67–78. USENIX Association, Berkeley (2004)
Pfoh, J., Schneider, C., Eckert, C.: A formal model for virtual machine introspection. In: VMSec 2009: Proceedings of the 1st ACM Workshop on Virtual Machine Security, pp. 1–10. ACM, New York (2009)
Quynh, N.A., Takefuji, Y.: A real-time integrity monitor for xen virtual machine. In: Proceedings of the International conference on Networking and Services, p. 90. IEEE Computer Society, Washington, DC, USA (2006)
Quynh, N.A., Takefuji, Y.: A novel approach for a file-system integrity monitor tool of xen virtual machine. In: ASIACCS 2007: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 194–202. ACM, New York (2007)
Rami, L., Marc, H., van den Berg Richard.: The aide manual, http://www.cs.tut.fi/~rammer/aide/manual.html
Russinovich, M.E., Solomon, D.A.: Microsoft Windows Internals. In: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000 (Pro-Developer), 4th edn. Microsoft Press, Redmond (2004)
Szymczyk, M.: Detecting botnets in computer networks using multi-agent technology. In: Fourth International Conference on Dependability of Computer Systems, DepCos-RELCOMEX 2009, June 30- July 2, pp. 192–201 (2009)
Wichmann, R.: The samhain file integrity / host-based intrusion detection system (2006), http://www.la-samhna.de/samhain/
Wotring, B., Potter, B., Ranum, M., Wichmann, R.: Host Integrity Monitoring Using Osiris and Samhain. Syngress Publishing (2005)
Wurster, G., van Oorschot, P.C.: A control point for reducing root abuse of file-system privileges. In: CCS 2010: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 224–236. ACM, New York (2010)
Zhao, F., Jiang, Y., Xiang, G., Jin, H., Jiang, W.: Vrfps: A novel virtual machine-based real-time file protection system. In: ACIS International Conference on Software Engineering Research, Management and Applications, pp. 217–224 (2009)
Zhao, X., Borders, K., Prakash, A.: Towards protecting sensitive files in a compromised system. In: Proceedings of the Third IEEE International Security in Storage Workshop, pp. 21–28. IEEE Computer Society, Los Alamitos (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abdullah, Z.H., Udzir, N.I., Mahmod, R., Samsudin, K. (2011). File Integrity Monitor Scheduling Based on File Security Level Classification. In: Zain, J.M., Wan Mohd, W.M.b., El-Qawasmeh, E. (eds) Software Engineering and Computer Systems. ICSECS 2011. Communications in Computer and Information Science, vol 180. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22191-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-22191-0_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22190-3
Online ISBN: 978-3-642-22191-0
eBook Packages: Computer ScienceComputer Science (R0)