Storage-based file system integrity checker

In this paper we present a storage based intrusion detection system (IDS) which uses time and space efficient point-in-time copy and performs file system integrity checks to detect intrusions. The storage system software is enhanced to keep track of modified blocks such that the file system scan can be performed more efficiently. Furthermore, when an intrusion occurs a recent undamaged copy of the storage is used to recover the compromised data. Copyright 2005 ACM.