Towards a Dynamic File Integrity Monitor through a Security Classification Zul Hilmi Abdullah 1 , Nur Izura Udzir 1 , Ramlan Mahmod 1 , and Khairulmizam Samsudin 2 1 Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, 43400 Serdang, Selangor, Malaysia. zulhilmi_abd@yahoo.com, izura@fsktm.upm.edu.my, ramlan@fsktm.upm.edu.my 2 Faculty of Engineering, Universiti Putra Malaysia, 43400 Serdang, Selangor, Malaysia kmbs@eng.upm.edu.my ABSTRACT File is a component of a computer system that has importance value of its own, either in terms of availability, integrity, confidentiality and functionality to a system and application. If unintended changes happen on the related file, it may affect the security of related computer system. File integrity monitor (FIM) tools is widely used to minimize the file security risk. This paper proposed dynamic schedule for FIM. This paper presents a dynamic scheduling for FIM by combining on-line and off-line monitoring based on related files security requirement. Files are divided based on their security level group and integrity monitoring schedule is defined based on related groups. The initial testing result shows that our system is effective in on-line detection of file modification. KEYWORDS File Integrity, HIDS, File Security Classification, Dynamic Scheduling, Operating System. 1 INTRODUCTION File is important element in computer system that used for input and output for most application [1]. In the operating system environments, file system is a most important component that must be protected in order to maintain the integrity and availability of their services. Ensuring the integrity of files on the computer system is crucial task nowadays due to huge number of instruction and data. File integrity monitor (FIM) can be used to optimize the file security. In addition, other related tools known as file integrity verification, file integrity tools and file integrity checking. Generally, these tools have in common which serves to ensure the integrity of the files involved. Other integrity tools such as kernel [2-5], application [6, 7] and memory [8, 9] integrity tools also targeted to ensure the integrity of operating system. FIM is one of the security tools that can be implemented in host environment as part of host based intrusion detection system (HIDS). FIM play a big role in monitoring the integrity of the files in the event of any changes to the files on their content, access control, privilege, group and other properties either by authorized or unauthorized users. The main goal of related integrity tools is to notify system administrator if any changed, deleted, or added files detected on the monitored system [10]. Basically, file integrity tools measure the current checksum or hash value of the monitored International Journal on New Computer Architectures and Their Applications (IJNCAA) 1(3): 766-779 The Society of Digital Information and Wireless Communications, 2011 (ISSN: 2220-9085) 766