PhantomFS-v2: Dare You to Avoid This Trap
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Choi, Jione | - |
dc.contributor.author | Lee, Hwiwon | - |
dc.contributor.author | Park, Younggi | - |
dc.contributor.author | Kim, Huy Kang | - |
dc.contributor.author | Lee, Junghee | - |
dc.contributor.author | Kim, Youngjae | - |
dc.contributor.author | Lee, Gyuho | - |
dc.contributor.author | Shim, Shin-Woo | - |
dc.contributor.author | Kim, Taekyu | - |
dc.date.accessioned | 2021-08-31T16:11:38Z | - |
dc.date.available | 2021-08-31T16:11:38Z | - |
dc.date.created | 2021-06-18 | - |
dc.date.issued | 2020 | - |
dc.identifier.issn | 2169-3536 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/59041 | - |
dc.description.abstract | It has been demonstrated that deception technologies are effective in detecting advanced persistent threats and zero-day attacks which cannot be detected by traditional signature-based intrusion detection techniques. Especially, a file-based deception technology is promising because it is very difficult (if not impossible) to commit an attack without reading and modifying any file. It can play as an additional security barrier because malicious file access can be detected even if an adversary succeeds in gaining access to a host. However, PhantomFS still has a problem that is common to deception technologies. Once a deception technology is known to adversaries, it is unlikely to succeed in alluring adversaries. In this paper, we classify adversaries who are aware of PhantomFS according to their knowledge level and permission of PhantomFS. Then we analyze the attack surface and develop a defense strategy to limit the attack vectors. We extend PhantomFS to realize the strategy. Specifically, we introduce multiple hidden interfaces and detection of file execution. We evaluate the security and performance overhead of the proposed technique. We demonstrate that the extended PhantomFS is secure against intelligent adversaries by penetration testing. The extended PhantomFS offers higher detection accuracy with lower false alarm rate compared to existing techniques. It is also demonstrated that the overhead is negligible in terms of response time and CPU time. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC | - |
dc.title | PhantomFS-v2: Dare You to Avoid This Trap | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Kim, Huy Kang | - |
dc.contributor.affiliatedAuthor | Lee, Junghee | - |
dc.identifier.doi | 10.1109/ACCESS.2020.3034443 | - |
dc.identifier.scopusid | 2-s2.0-85102800840 | - |
dc.identifier.wosid | 000589789100001 | - |
dc.identifier.bibliographicCitation | IEEE ACCESS, v.8, pp.198285 - 198300 | - |
dc.relation.isPartOf | IEEE ACCESS | - |
dc.citation.title | IEEE ACCESS | - |
dc.citation.volume | 8 | - |
dc.citation.startPage | 198285 | - |
dc.citation.endPage | 198300 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Telecommunications | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.relation.journalWebOfScienceCategory | Telecommunications | - |
dc.subject.keywordAuthor | Intrusion detection | - |
dc.subject.keywordAuthor | Libraries | - |
dc.subject.keywordAuthor | Monitoring | - |
dc.subject.keywordAuthor | Penetration testing | - |
dc.subject.keywordAuthor | Databases | - |
dc.subject.keywordAuthor | Password | - |
dc.subject.keywordAuthor | Deception technology | - |
dc.subject.keywordAuthor | file system | - |
dc.subject.keywordAuthor | honeypot | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.