PhantomFS: File-Based Deception Technology for Thwarting Malicious Users
- Authors
- Lee, Junghee; Choi, Jione; Lee, Gyuho; Shim, Shin-Woo; Kim, Taekyu
- Issue Date
- 2020
- Publisher
- IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
- Keywords
- Libraries; Virtual machining; Monitoring; Intrusion detection; Containers; Electronic mail; Deception technology; file system; honeypot
- Citation
- IEEE ACCESS, v.8, pp.32203 - 32214
- Indexed
- SCIE
SCOPUS
- Journal Title
- IEEE ACCESS
- Volume
- 8
- Start Page
- 32203
- End Page
- 32214
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/58942
- DOI
- 10.1109/ACCESS.2020.2973700
- ISSN
- 2169-3536
- Abstract
- File-based deception technologies can be used as an additional security barrier when adversaries have successfully gained access to a host evading intrusion detection systems. Adversaries are detected if they access fake files. Though previous works have mainly focused on using user data files as decoys, this concept can be applied to system files. If so, it is expected to be effective in detecting malicious users because it is very difficult to commit an attack without accessing a single system file. However, it may suffer from excessive false alarms by legitimate system services such as file indexing and searching. Legitimate users may also access fake files by mistake. This paper addresses this issue by introducing a hidden interface. Legitimate users and applications access files through the hidden interface which does not show fake files. The hidden interface can also be utilized to hide sensitive files by hiding them from the regular interface. By experiments, we demonstrate the proposed technique incurs negligible performance overhead, and it is an effective countermeasure to various attack scenarios and practical in that it does not generate false alarms for legitimate applications and users.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - School of Cyber Security > Department of Information Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.