基于主动欺骗的反勒索软件方法

陈凯; 马多贺; 唐志敏; DAI Jun

doi:10.11959/j.issn.1000-436x.2024120

您当前的位置：

首页 >

文章列表页 >

基于主动欺骗的反勒索软件方法

学术论文 | 更新时间：2024-08-09

- 基于主动欺骗的反勒索软件方法
- Anti-ransomware method based on active deception
- 通信学报 2024年45卷第7期页码：148-158
- 作者机构：
  
  1.中国科学院信息工程研究所,北京 100095
  2.中国科学院大学网络空间安全学院,北京 100095
  3.伍斯特理工学院计算机科学系,伍斯特 01609
- 作者简介：
  
  [ "陈凯（1987- ），男，山东东营人，博士，中国科学院信息工程研究所助理研究员，主要研究方向为移动目标防御、数据安全及隐私保护等。" ]
  [ "马多贺（1982- ），男，安徽六安人，博士，中国科学院信息工程研究所副研究员、硕士生导师，主要研究方向为移动目标防御、网络主动防御、数据安全、隐私保护及反勒索等。" ]
  [ "唐志敏（1999- ），女，湖南永州人，中国科学院信息工程研究所硕士生，主要研究方向为移动目标防御、反勒索、数据安全等。" ]
  [ "Dai Jun（1985- ），男，博士，美国伍斯特理工学院副教授、博士生导师，主要研究方向为分布式系统安全、入侵检测、漏洞分析等。" ]
- 基金信息：
  
  中国通信标准化协会“电信网和互联网勒索软件防范技术要求”标准基金资助项目(2023-0722T-YD)
- DOI：10.11959/j.issn.1000-436x.2024120
  中图分类号： TN92
- 收稿日期：2023-12-12，
  
  修回日期：2024-05-31，
  
  纸质出版日期：2024-07-25
- 稿件说明：
移动端阅览
陈凯,马多贺,唐志敏等.基于主动欺骗的反勒索软件方法[J].通信学报,2024,45(07):148-158.

CHEN Kai,MA Duohe,TANG Zhimin,et al.Anti-ransomware method based on active deception[J].Journal on Communications,2024,45(07):148-158.
陈凯,马多贺,唐志敏等.基于主动欺骗的反勒索软件方法[J].通信学报,2024,45(07):148-158. DOI： 10.11959/j.issn.1000-436x.2024120.

CHEN Kai,MA Duohe,TANG Zhimin,et al.Anti-ransomware method based on active deception[J].Journal on Communications,2024,45(07):148-158. DOI： 10.11959/j.issn.1000-436x.2024120.

摘要

考虑到勒索软件对数据安全构成的严重威胁及其攻击手段的日益智能化和复杂化，针对传统防御方法的局限性，提出了一种基于主动欺骗的反勒索软件方法。结合静态启发式算法和动态启发式算法对欺骗文件进行动态部署，在此基础上建立了基于主动欺骗的动态文件安全模型。针对不同风险级别的勒索软件，采用不同的策略生成动态欺骗文件，通过模拟真实数据的特征来迷惑勒索软件，使其无法区分真实数据和欺骗数据，从而保护用户的真实数据不被加密或破坏。实验结果表明，所提方法有效增加了文件的动态性、多样性和欺骗性，大幅扩展了数据攻击面的转换空间，能够有效地抵御勒索软件攻击。

Abstract

Considering the serious threat that ransomware poses to data security and the increasing intelligence and complexity of its attack methods

an anti-ransomware method based on active deception was proposed to address the limitations of traditional defense methods. By combining static heuristic algorithms and dynamic heuristic algorithms to dynamically deploy deceptive files

a dynamic file security model based on active deception was established. Different strategies were employed to generate dynamic deceptive files for ransomware of different risk levels

confusing ransomware by simulating the characteristics of real data

making it unable to distinguish between real and deceptive data

thus protecting users’ real data from encryption or destruction. Experimental results show that the proposed method effectively increases the dynamism

diversity

and deceptiveness of files

significantly expanding the shifting space of data attack surfaces and effectively defending against ransomware attacks.

关键词

Keywords

references

ALQAHTANI A , SHELDON F T . A survey of crypto ransomware attack detection methodologies: an evolving outlook [J ] . Sensors , 2022 , 22 ( 5 ): 1837 .

MANSFIELD-DEVINE S . IBM: cost of a data breach [R ] . 2022

TAN L , YU K P , MING F P , et al . Secure and resilient artificial intelligence of things: a HoneyNet approach for threat detection and situational awareness [J ] . IEEE Consumer Electronics Magazine , 2022 , 11 ( 3 ): 69 - 78 .

KAUR M , KUMAR V . A comprehensive review on image encryption techniques [J ] . Archives of Computational Methods in Engineering , 2020 , 27 ( 1 ): 15 - 43 .

MA D H , TANG Z M , SUN X Y , et al . Game theory approaches for evaluating the deception-based moving target defense [C ] // Proceedings of the 9th ACM Workshop on Moving Target Defense . New York : ACM Press , 2022 : 67 - 77 .

JUELS A , RIVEST R L . Honeywords: making password-cracking detectable [C ] // Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security . New York : ACM Press , 2013 : 145 - 160 .

MCRAE C M , VAUGHN R B . Phighting the phisher: using web bugs and honeytokens to investigate the source of phishing attacks [C ] // Proceedings of the 40th Annual Hawaii International Conference on System Sciences . Piscataway : IEEE Press , 2007 : 270 .

JUELS A , RISTENPART T . Honey encryption: security beyond the brute-force bound [C ] // Annual International Conference on the Theory and Applications of Cryptographic Techniques . Berlin : Springer , 2014 : 293 - 310 .

SALEM M B , STOLFO S J . Decoy document deployment for effective masquerade attack detection [C ] // International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment . Berlin : Springer , 2011 : 35 - 54 .

VORIS J , JERMYN J , BOGGS N , et al . Fox in the trap: thwarting masqueraders via automated decoy document deployment [C ] // Proceedings of the Eighth European Workshop on System Security . New York : ACM Press , 2015 : 1 - 7 .

KAPRAVELOS A , GRIER C , CHACHRA N , et al . Hulk: eliciting malicious behavior in browser extensions [C ] // Proceedings of the 23rd USENIX Conference on Security Symposium . Berkeley : USENIX Association , 2014 : 641 - 654 .

KIM D , LEE J . Blacklist vs. whitelist-based ransomware solutions [J ] . IEEE Consumer Electronics Magazine , 2020 , 9 ( 3 ): 22 - 28 .

TURAEV H , ZAVARSKY P , SWAR B . Prevention of ransomware execution in enterprise environment on windows OS: assessment of application whitelisting solutions [C ] // Proceedings of the 2018 1st International Conference on Data Intelligence and Security (ICDIS) . Piscataway : IEEE Press , 2018 : 110 - 118 .

LEE S G , KIM Y , LEE D , et al . Alohomora: protecting files from ransomware attacks using fine-grained I/O whitelisting [C ] // Proceedings of the 14th ACM Workshop on Hot Topics in Storage and File Systems . New York : ACM Press , 2022 : 113 - 118 .

AMI O , ELOVICI Y , HENDLER D . Ransomware prevention using application authentication-based file access control [C ] // Proceedings of the 33rd Annual ACM Symposium on Applied Computing . New York : ACM Press , 2018 : 1610 - 1619 .

KOHLBRENNER A , ARAUJO F , TAYLOR T , et al . POSTER: hidden in plain sight: a filesystem for data integrity and confidentiality [C ] // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . New York : ACM Press , 2017 : 2523 - 2525 .

MEHNAZ S , MUDGERIKAR A , BERTINO E . RWGuard: A real-time detection system against cryptographic ransomware [C ] // International Symposium on Research in Attacks, Intrusions, and Defenses . Berlin : Springer , 2018 : 114 - 136 .

FENG Y , LIU C G , LIU B X . Poster: a new approach to detecting ransomware with deception [C ] // Proceedings of the 38th IEEE Symposium on Security and Privacy . Piscataway : IEEE Press , 2017 : 1 - 2 .

GÓMEZ-HERNÁNDEZ J A , ÁLVAREZ-GONZÁLEZ L , GARCÍA-TEODORO P . R-Locker: thwarting ransomware action through a honeyfile-based approach [J ] . Computers & Security , 2018 , 73 : 389 - 398 .

SHEEN S , ASMITHA K A , VENKATESAN S . R-Sentry: deception based ransomware detection using file access patterns [J ] . Computers and Electrical Engineering , 2022 , 103 : 108346 .

WANG S M , ZHANG H , QIN S J , et al . KRProtector: detection and files protection for IoT devices on android without ROOT against ransomware based on decoys [J ] . IEEE Internet of Things Journal , 2022 , 9 ( 19 ): 18251 - 18266 .

LI Z , LIAO Q . Preventive portfolio against data-selling ransomware—a game theory of encryption and deception [J ] . Computers & Security , 2022 , 116 : 102644 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据