Journal of Korea Society of Industrial Information Systems (한국산업정보학회논문지)

Korea Society of Industrial Information Systems (한국산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Defense Mechanism Against Attacks on Files by Hiding Files

파일 은닉을 통한 파일 대상 공격 방어 기법

  • Received : 2022.02.14
  • Accepted : 2022.04.19
  • Published : 2022.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

Deception technology is an extended concept of honeypot, which detects, prevents or delays attacks by deceiving adversaries. It has been applied to various system components such as network ports, services, processes, system calls and database management systems. We can apply the same concept to attacks on files. A representative example of a file attack is ransomware. Ransomware is a type of malware that encrypts user files and ask for ransom to recover those files. Another example is the wiper attack, which erases all or target files of a system. In this paper we propose a defense mechanism against these kinds of attacks by hiding files. Compared to backup or virtualization techniques, the proposed method incurs less space and performance overheads.

기만 기술(deception technology)은 허니팟(honeypot)의 확장된 개념으로, 공격자를 기만하여 공격을 탐지, 방지, 또는 지연시키는 기술을 의미한다. 기만 기술은 네트워크 포트, 서비스, 프로세스, 시스템 콜, 데이터베이스 등에 폭넓게 적용되어 왔다. 파일을 대상으로 하는 공격에도 유사한 개념을 적용할 수 있다. 파일을 대상으로 하는 대표적인 공격으로 랜섬웨어가 있다. 랜섬웨어는 사용자의 파일을 몰래 암호화한 후 값을 지불해야 복원할 수 있게 해 주는 멀웨어의 일종이다. 또 다른 예로는 와이퍼 공격으로 시스템에 있는 모든 또는 타겟 파일을 복구 불가능하게 삭제하는 공격이다. 본 논문에서는 이러한 종류의 공격에 대응하기 위한 방법으로 파일을 은닉하는 방법을 제안한다. 파일을 은닉하는 방법은 기존의 백업이나 가상화를 통한 파일 보호 기법에 비해 디스크 용량을 추가로 소비하지 않고 성능 저하도 최소화할 수 있는 장점이 있다.

Keywords

References

  1. Zhang, C., Wu, Y., Yu, Z. and Li, Z. (2017). Research and implementation of file security mechanisms based on file system filter driver. 2017 Annual Reliability and Maintainability Symposium (RAMS), Orlando, FL, pp. 1-6, doi: 10.1109/RAM.2017.7889772.
  2. Zhu, J. et al. (2020). Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment. IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, pp. 1450-1465, doi: 10.1109/SP40000.2020.00054.
  3. Amin, R., Sherratt, R. S., Giri, D., Islam, S. H., and Khan, M. K. (2017). A software agent enabled biometric security algorithm for secure file access in consumer storage devices. IEEE Transactions on Consumer Electronics, vol. 63, no. 1, pp. 53-61, doi: 10.1109/TCE.2017.014735.
  4. Angel, S., Kannan, S., and Ratliff, Z. (2020). Private resource allocators and their applications. IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, pp. 372-391, doi: 10.1109/SP40000.2020.00065.
  5. Bacis, E., Mutti, S., Capelli, S., and Paraboschi, S. (2015). DockerPolicyModules: Mandatory Access Control for Docker containers. IEEE Conference on Communications and Network Security (CNS), Florence, pp. 749-750, doi: 10.1109/CNS.2015.7346917.
  6. Benedict, A. G. (2019). Improved File Security System Using Multiple Image Steganography. International Conference on Data Science and Communication (IconDSC), Bangalore, India, pp. 1-5, doi: 10.1109/IconDSC.2019.8816946.
  7. Chen, X., Jiang, J., and Jiang, Q. (2015). A Method of Self-Adaptive Pre-Copy Container Checkpoint. IEEE 21st P acific Rim International Symposium on Dependable Computing (PRDC), Zhangjiajie, pp. 290-300, doi: 10.1109/PRDC.2015.11.
  8. Erulanova, A., Yessenbekova, G., Zhanysbayeva, K., Tlebaldinova, A., Zhantassova, Z. and Zhomartkyzy, G. (2020). Hardware and Software Support of Technological Processes Virtualization. International Conference on Electrical and Electronics Engineering (ICEEE), Antalya, Turkey, pp. 333-337, doi: 10.1109/ICEEE49618.2020.9102506.
  9. Harrison, L., Hayawardh, V., Padhye, R., Sen, K., and Grace, M. (2020). PARTEMU: Enabling Dynamic Analysis of Real- World TrustZone Software Using Emulation. USENIX Security Symposium (USENIX Security 20), pp. 789-806.
  10. Jeon, W. and Oh, I. (2007). A Study for Detection of the Kernel Backdoor Attack and Design of the restoration system. Journal of the Korea Society Industrial Information System Vol. 12 No. 3 pp.104-115
  11. Jin, Y., Tomoishi, M., Matsuura, S., and Kitaguchi, Y. (2018). A Secure Container-based Backup Mechanism to Survive Destructive Ransomware Attacks. International Conference on Computing, Networking and Communications (ICNC), Maui, HI, pp. 1-6, doi: 10.1109/ICCNC.2018.8390376.
  12. Leterme, W., Pirooz Azad, S., and Van Hertem, D. (2016). A Local Backup Protection Algorithm for HVDC Grids. IEEE Transactions on Power Delivery, vol. 31, no. 4, pp. 1767-1775, doi: 10.1109/TPWRD.2016.2543306.
  13. Lozhnikov, P. S., Sulavko, A. E., Eremenko, A. V., and Volkov, D. A. (2016). Method of protecting paper and electronic text documents through a hidden biometric identifier based on a signature. Dynamics of Systems, Mechanisms and Machines (Dynamics), Omsk, pp. 1- 5, doi: 10.1109/Dynamics.2016.7819037.
  14. Md Mehedi Hasan and Biswajit Ray (2020). Data Recovery from Scrubbed NAND Flash Storage: Need for Analog Sanitization. USENIX Security Symposium (USENIX Security 20), pp. 1399-1408.
  15. Qin, Y., Hoffmann, B. and Lilja, D. J. (2018). HyperProtect: Enhancing the Performance of a Dynamic Backup System Using Intelligent Scheduling. IEEE 37th International P erformance Computing and Communications Conference (IPCCC), Orlando, FL, USA, pp. 1-8, doi: 10.1109/PCCC.2018.8711182.
  16. Rizvi, S. S. and Razaque, A. (2016). Black-box: A new secure distributed peer-to-peer file storage and backup system. International Multi-Topic Conference (INMIC), Islamabad, 2016, pp. 1-6, doi: 10.1109/INMIC.2016.7840163.
  17. Rohling, M. M., Grimmer, M., Kreubel, D., Hoffmann, J., and Franczyk, B. (2019). Standardized container virtualization approach for collecting host intrusion detection data. Federated Conference on Computer Science and Information Systems (FedCSIS), Leipzig, Germany, pp. 459-463, doi:10.15439/2019F212.
  18. Samaniego, M. , Espana, C., and Deters, R. (2018). Smart Virtualization for IoT. IEEE International Conference on Smart Cloud (SmartCloud), New York, NY, pp. 125-128, doi: 10.1109/SmartCloud.2018.00028.
  19. Sanctorum, A., and Signer, B. (2019). A Unifying Reference Framework and Model for Adaptive Distributed Hybrid User Interfaces. International Conference on Research Challenges in Information Science (RCIS), Brussels, Belgium, pp. 1-6, doi: 10.1109/RCIS.2019.8877048.
  20. Suresh, S. and Rao, L. M. (2017). A container based collaborative research cloud framework with a hybrid access control approach for enhanced isolation. International Conference on Electrical, Electronics, Communication, Computer, and Optimization Techniques, Mysuru, pp. 1-6, doi: 10.1109/ICEECCOT.2017.8284605.
  21. Tsai, C. et al, (2020). Civet: An Efficient Java Partitioning Framework for Hardware Enclaves. USENIX Security Symposium (USENIX Security 20), pp. 505-522.
  22. Uddin, M., Islam, S., and Al-Nemrat, A. (2019). A Dynamic Access Control Model Using Authorising Workflow and Task-Role-Based Access Control. IEEE Access, vol. 7, pp. 166676-166689, doi: 10.1109/ACCESS.2019.2947377.
  23. Walkowski, M., Biskup, M., Szewczyk, A. Oko, J., and Sujecki, S. (2019). Container Based Analysis Tool for Vulnerability Prioritization in Cyber Security Systems. International Conference on Transparent Optical Networks (ICTON), Angers, France, pp. 1-4, doi: 10.1109/ICTON.2019.8840441.
  24. Wang, Z., Zeng, J., Lv, T., Shi, B. and Li, B. (2016). A Remote Backup Approach for Virtual Machine Images. IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud), Beijing, pp. 252-255, doi: 10.1109/CSCloud.2016.41.
  25. Xiong, A., Wang, T, Li, N., and Jha, S. (2020). Towards Effective Differential Privacy Communication for Users' Data Sharing Decision and Comprehension. IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, pp. 392-410, doi: 10.1109/SP40000.2020.00088.
  26. Yao, J., and Jiang, X. (2020). Research on multi cloud dynamic secure storage technology. International Conference on Computer Engineering and Application (ICCEA), Guangzhou, China, pp. 72-78, doi: 10.1109/ICCEA50009.2020.00022.
  27. Zhao, Y., and Lu, N. (2018). Research and Implementation of Data Storage Backup. IEEE International Conference on Energy Internet (ICEI), Beijing, pp. 181-184, doi: 10.1109/ICEI.2018.00040.