Adam J. Rocke

Learn More
File Integrity Analyzers serve as a component of an Intrusion Detection environment by performing filesystem inspections to verify the content of security-critical files in order to detect suspicious modification. Existing file integrity frameworks exhibit single point-of-failure exposures. The Collaborative Object Notification Framework for Insider Defense(More)
The ability to monitor computer file systems for unauthorized changes is a powerful administrative tool. Ideally this task could be performed remotely under the direction of the administrator to allow on-demand checking, and use of tailorable reporting and exception policies targeted to adjustable groups of network elements. This paper introduces M-FICA, a(More)
Detection of malicious activity by insiders, people with legitimate access to resources and services, is particularly difficult in a network environment. In this paper, a novel classification of tampering modes is identified that can be undertaken by insiders against network Intrusion Detection Systems (IDSs). Five categories of tampering modes are defined(More)
An insider-robust approach to file integrity verification is developed using interacting strata of mobile agents. Previous approaches relied upon monolithic architectures, or more recently, agent frameworks using a centralized control mechanism or common reporting repository. However , any such distinct tampering-point introduces vulner-abilities,(More)
In this paper, the Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions (CONFIDANT) is evaluated in the presence of tampering. CONFIDANT's mitigation capabilities are assessed and compared with conventional file integrity analyzers such as AIDE and tripwire. The potential of distributed techniques to address(More)
  • 1