Title

Evaluation Of Distributed File Integrity Analyzers In The Presence Of Tampering

Keywords

File system integrity; Intrusion detection evaluation; Network-level security; Tampering exposures; Weighted metric evaluation scheme

Abstract

In this paper, the Collaborative Object Notification Framework for Insider Defense using Autonomous Net-work Transactions (CONFIDANT) is evaluated in the presence of tampering. CONFIDANT's mitigation capa-bilities are assessed and compared with conventional file integrity analyzers such as AIDE and tripwire. The po-tential of distributed techniques to address certain tam-pering modes such as Pacing, Altering Internal Data, and File Juggling are discussed. To assess capabili-ties, a variably-weighted tampering mode exposure metric scheme is developed and utilized. Results indicate a range of vulnerabilities for which mitigation techniques such as Encapsulation, Redundancy, Scrambling, and mandatory obsolescence can increase robustness against challenging exposures, including various insider tampering risks.

Publication Date

12-1-2007

Publication Title

International Journal of Network Security

Volume

5

Issue

1

Number of Pages

21-31

Document Type

Article

Personal Identifier

scopus

Socpus ID

84874806298 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/84874806298

This document is currently not available here.

Share

COinS