Research of the Storage-Based Intrusion Detection System in Intelligent Network Storage System
|School||South China University of Technology|
|Course||Computer System Architecture|
|Keywords||intelligent network storage system INSS intrusion detection storage-basedintrusion detection rule parsing security message transmission patternmatching|
Intrusion Detection(ID) which can prevent system from illegal use of the intruder, is an active defense technology. It has become an important technology and hot spot of research in information security field. Now there exists two main IDS, host-based intrusion detection system(HIDS) and network-based intrusion detection system(NIDS), and successful commercial applications were developed for both of them. On the contrary, storage-based intrusion detection system(SIDS) appeared just a few years ago, but because of its specialties that HIDS and NIDS don’t have and that it can protect the file data even when the host system is compromised, it gradually attracts people’s high attention.Intelligent Network Storage System(INSS) is a distributed file system developed in the author’s lab. The goal of this paper is to provide an ID module for INSS to add a security layer. It is rule-based ID technology, runs on different nodes of INSS, detect illegal access of system file data including reading, writing, modification, etc, in real time, and send these information to system administration end through network to notify the administrator for further judgment and process.The tasks of the author of this paper are to deeply analyze and study the design problems of SIDS. The main jobs are as follows:1、Analyze and study the algorithms of the implementation of INSS and SIDS deeply.2、Propose a design method of SIDS which is INSS-oriented, and design the overall framework, working module and function modules of each subsystem.3、Adopt the intrusion detection technology which is rule-based, design and implement each function module of SIDS running on each function node of INSS, define the format of the interaction message, and use corresponding security technology to ensure the safe information transmission.4、In the design of administration end of SIDS, adopt the technology of thread pool which is of leader/follower module to increase the response and process ability of the system.Based on what are mentioned above, we implement the SIDS and make the performance tests of each part of the system. The results of the experiment show that this SIDS can meet the demand, which means it will not add much burden such as memory occupation and delay of time on INSS and so can maintain the high-performance feature of INSS.