PhantomFS: File-Based Deception Technology for Thwarting Malicious Users
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Lee, Junghee | - |
dc.contributor.author | Choi, Jione | - |
dc.contributor.author | Lee, Gyuho | - |
dc.contributor.author | Shim, Shin-Woo | - |
dc.contributor.author | Kim, Taekyu | - |
dc.date.accessioned | 2021-08-31T15:59:28Z | - |
dc.date.available | 2021-08-31T15:59:28Z | - |
dc.date.created | 2021-06-19 | - |
dc.date.issued | 2020 | - |
dc.identifier.issn | 2169-3536 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/58942 | - |
dc.description.abstract | File-based deception technologies can be used as an additional security barrier when adversaries have successfully gained access to a host evading intrusion detection systems. Adversaries are detected if they access fake files. Though previous works have mainly focused on using user data files as decoys, this concept can be applied to system files. If so, it is expected to be effective in detecting malicious users because it is very difficult to commit an attack without accessing a single system file. However, it may suffer from excessive false alarms by legitimate system services such as file indexing and searching. Legitimate users may also access fake files by mistake. This paper addresses this issue by introducing a hidden interface. Legitimate users and applications access files through the hidden interface which does not show fake files. The hidden interface can also be utilized to hide sensitive files by hiding them from the regular interface. By experiments, we demonstrate the proposed technique incurs negligible performance overhead, and it is an effective countermeasure to various attack scenarios and practical in that it does not generate false alarms for legitimate applications and users. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC | - |
dc.subject | SYSTEM | - |
dc.title | PhantomFS: File-Based Deception Technology for Thwarting Malicious Users | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Lee, Junghee | - |
dc.identifier.doi | 10.1109/ACCESS.2020.2973700 | - |
dc.identifier.scopusid | 2-s2.0-85081112976 | - |
dc.identifier.wosid | 000525419100032 | - |
dc.identifier.bibliographicCitation | IEEE ACCESS, v.8, pp.32203 - 32214 | - |
dc.relation.isPartOf | IEEE ACCESS | - |
dc.citation.title | IEEE ACCESS | - |
dc.citation.volume | 8 | - |
dc.citation.startPage | 32203 | - |
dc.citation.endPage | 32214 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Telecommunications | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.relation.journalWebOfScienceCategory | Telecommunications | - |
dc.subject.keywordPlus | SYSTEM | - |
dc.subject.keywordAuthor | Libraries | - |
dc.subject.keywordAuthor | Virtual machining | - |
dc.subject.keywordAuthor | Monitoring | - |
dc.subject.keywordAuthor | Intrusion detection | - |
dc.subject.keywordAuthor | Containers | - |
dc.subject.keywordAuthor | Electronic mail | - |
dc.subject.keywordAuthor | Deception technology | - |
dc.subject.keywordAuthor | file system | - |
dc.subject.keywordAuthor | honeypot | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.