METHOD AND SYSTEM FOR STORAGE-BASED INTRUSION DETECTION AND RECOVERY
An intrusion detection and recovery system includes a copying module that creates a point-in-time copy of a storage level logical unit, the point-in-time copy including a volume copy of the storage level logical unit and signatures of the storage level logical unit, a comparison module that compares...
Saved in:
Main Authors | , , |
---|---|
Format | Patent |
Language | English |
Published |
20.05.2021
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | An intrusion detection and recovery system includes a copying module that creates a point-in-time copy of a storage level logical unit, the point-in-time copy including a volume copy of the storage level logical unit and signatures of the storage level logical unit, a comparison module that compares at least a portion of the point-in-time copy with a previous copy of the storage level logical unit, a judging module that, based on results of the comparison module, judges if a modification has occurred. A signature of the point-in-time copy is compared with a signature of the previous copy to detect a sign of an intrusion. The signatures of the storage level logical unit include encoded data of files of the storage level logical unit that are monitored in the point-in-time copy. |
---|---|
Bibliography: | Application Number: US202017136332 |