File-System Intrusion Detection by Preserving MAC DTS: A Loadable Kernel Module Based Approach for LINUX Kernel 2.6.x
Every operating system has its own set of critical files, whose access is generally protected by access control mechanisms, native to the operating system. The importance of such files also simultaneously invites their inspection, unauthorized modification and tampering. So, the need for preserving the authenticity of these critical files along with tracking any unauthorized access to them demands paramount importance. This addresses the need of a good file-system intrusion detection system which is capable of monitoring and tracking any accidental, benign, malicious, intentional changes made to the files that reside in the file-system.