29-10-2009, 03:02 PM
Abstract
At the heart of most computer systems is a file system. The file system contains user data, executable programs, configuration and authorization information, and (usually) the base executable version of the operating system itself. The ability to monitor file systems for unauthorized or unexpected changes gives system administrators valuable data for protecting and maintaining their systems. However r, in environments of many networked heterogeneous platforms with different policies and software, the task of monitoring changes becomes quite difficult. Intrusion detection system helps system administrators and users in monitoring a designated set of files and directories for any changes. Used with system files on a regular basis, it can notify system administrators of corrupted or altered files, so corrective actions may be taken in a timely manner. Intrusion detection system uses secure cryptographic hash functions to detect and identify changes in files.
[attachment=267]