Method and system for storage-based intrusion detection and recovery

Method and system for storage-based intrusion detection and recovery

An intrusion detection and recovery system includes a copying module that creates a point-in-time copy of a storage level logical unit, the point-in-time copy including a volume copy of the storage level logical unit and signatures of the storage level logical unit, a comparison module that compares...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Abali, Bulent, Banikazemi, Mohammad, Poff, Dan Edward
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:An intrusion detection and recovery system includes a copying module that creates a point-in-time copy of a storage level logical unit, the point-in-time copy including a volume copy of the storage level logical unit and signatures of the storage level logical unit, a comparison module that compares at least a portion of the point-in-time copy with a previous copy of the storage level logical unit, a judging module that, based on results of the comparison module, judges if a modification has occurred. A signature of the point-in-time copy is compared with a signature of the previous copy to detect a sign of an intrusion. The signatures of the storage level logical unit include encoded data of files of the storage level logical unit that are monitored in the point-in-time copy.