A. J. Rocke, R. F. DeMara, and S. Y. Foo, “Evaluation of 
Distributed File Integrity Analyzers in the Presence of 
Tampering,” International Journal of Network Security, 
Vol. 5, No. 1, July, 2007, pp. 21–31.

Abstract:
In this paper, the Collaborative Object Notification
Framework for Insider Defense using Autonomous Net-
work Transactions (CONFIDANT) is evaluated in the
presence of tampering. CONFIDANT’s mitigation capa-
bilities are assessed and compared with conventional file
integrity analyzers such as AIDE and tripwire. The po-
tential of distributed techniques to address certain tam-
pering modes such as Pacing, Altering Internal Data,
and File Juggling are discussed. To assess capabili-
ties, a variably-weighted tampering mode exposure metric
scheme is developed and utilized. Results indicate a range
of vulnerabilities for which mitigation techniques such as
Encapsulation, Redundancy, Scrambling, and mandatory
obsolescence can increase robustness against challenging
exposures, including various insider tampering risks.

Keywords: File system integrity, intrusion detection
evaluation, network-level security, tampering exposures,
weighted metric evaluation scheme