Universiti Teknologi Malaysia Institutional Repository

A prototype for filesystem integrity checker in user-space mood

Alqahtani, Saeed Ibrahim S. (2009) A prototype for filesystem integrity checker in user-space mood. Masters thesis, Universiti Teknologi Malaysia, Faculty of Computer Science and Information Systems.

[img] PDF - Submitted Version
Restricted to Repository staff only

2000Kb
[img] PDF
1717Kb
[img] PDF
1720Kb
[img] PDF
1733Kb

Abstract

Today, improving the security of computer systems has become a vital and challenging problem. Attackers can seriously damage the integrity of filesystems. Attack detection is complex and time-consuming for system administrators, and it is becoming more so. One of the means to detect intruder's activity is to trace all unauthorized changes in a filesystem. Current user-space mood checkers, due to being slow detectors, suffer from the opportunity gap that occurs between filesystem checks. Basing on the principle of thinking like an attacker, this prototype is developed to minimize the total time taken for checking by focusing on critical files. The proposed technique will accelerate the checking process through acquiring specific file extensions from the filesystem rather than targeting the entire filesystem. Discrepancies in the filesystem are reported after comparing current files hashing values with original hashing values. This prototype is configured to use variety of hashing algorithms to measure the performance on different scales and to provide various choices for users. Research results on Windows Server 2003 show that the average total time taken for this prototype is in the range of three to four minutes. The elapsed time of filesystem checking by Windows System File Check tool “SFC” has been decreased to eighty five percent on this prototype.

Item Type:Thesis (Masters)
Additional Information:Thesis (Sarjana Sains (Sains Komputer - Keselamatan Maklumat)) - Universiti Teknologi Malaysia, 2009; Supervisor : Dr. Md. Asri Ngadi
Uncontrolled Keywords:filesystem integrity checker, filesystem, attack detection, computer security
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Computer Science and Information System (Formerly known)
ID Code:11254
Deposited By: Ms Zalinda Shuratman
Deposited On:08 Dec 2010 04:27
Last Modified:23 Jul 2012 06:28

Repository Staff Only: item control page