Research On Key Technologies Of Security In Network-Attached Storage Based On IDS

The explosive increase of digital information promotes the research and application of mass data storage systems. The Network-Attached Storage (NAS) has been widely used in mass storage field especially in the field of military storage for its low-cost, rapid deployment and excellent scalability. NAS devices join the Ethernet directly in order to provide information storage and sharing. Therefore, there are many inherent security weaknesses which make the research of establishing NAS security architecture based on Intrusion Detection System (IDS) necessary.Firstly, the primary intrusion detection system is proposed according to the features of NAS devices and the process of information access. The distribution of behavior characteristics is then studied to construct the model of the relationships between behavior characteristics and acquisition cost. Therefore, an intrusion detection framework is designed and implemented based on multi-source information fusion which employs the traces of system calls and the file changes. And the detection fusion mechanism is established based on D-S evidence theory to enhance the detection ability.Secondly, the distribution features of system call traces generated by different processes are researched. On this basis, a performance optimization mechanism for intrusion detection architecture is devised to avoid new bottleneck's forming in NAS file services. An experimental study on the optimization algorithm is carried out, and the optimization algorithm based on negative selection has been proposed. The mechanism can decrease the scale of calculating short sequences of system calls while obtain equal detection ability. Therefore, the affection to the performance of NAS file service is improved.Thirdly, aiming at the complex and diversified tendency of intrusions in network, a cooperative intrusion detection framework is constructed based on mobile agent technologies. The similarities of intrusion alerts and the evaluation method are present to build the intrusion scenarios. The performance of cooperative intrusion detection scheme is analyzed. It is indicated that the cooperative intrusion detection framework can show the procedures of attacks and raise the NAS device security with small extra network traffic.Finally, based on the research as mentioned above, the NAS security system which consists of the single-node intrusion detection module and cooperative intrusion detection module is designed. And a NAS file server with security system is realized. The experimental results demonstrate that the intrusion detection framework for NAS can detect and respond to intrusions effectively while not significantly affecting the performance of NAS file service. The research provides theoretical methods and experimental basis for the design and application of NAS devices in military domain.