Amoeba: An Autonomous Backup and Recovery SSD for Ransomware Attack Defense

Donghyun Min, Donggyu Park, Jinwoo Ahn, Ryan Walker, Junghee Lee, Sungyong Park, Youngjae Kim

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Ransomware is one of growing concerns in enterprise and government organizations, because it may cause financial damages or loss of important data. Although there are techniques to detect and prevent ransomware, an evolved ransomware may evade them because they are based on monitoring known behaviors. Ransomware can be mitigated if backup copies of data are retained in a safe place. However, existing backup solutions may be under ransomware's control and an intelligent ransomware may destroy backup copies too. They also incur overhead to storage space, performance and network traffic (in case of remote backup). In this paper, we propose an SSD system that supports automated backup, called Amoeba. In particular, Amoeba is armed with a hardware accelerator that can detect the infection of pages by ransomware attacks at high speed and a fine-grained backup control mechanism to minimize space overhead for original data backup. For evaluation, we extended the Microsoft SSD simulator to implement Amoeba and evaluated it using the realistic block-level traces, which are collected while running the actual ransomware. According to our experiments, Amoeba has negligible overhead and outperforms in performance and space efficiency over the state-of-the-art SSD, FlashGuard, which supports data backup within the device.

Original languageEnglish
Article number8550727
Pages (from-to)243-246
Number of pages4
JournalIEEE Computer Architecture Letters
Volume17
Issue number2
DOIs
Publication statusPublished - 2018 Jul 1
Externally publishedYes

Fingerprint

Recovery
Malware
Particle accelerators
Simulators
Hardware
Monitoring
Industry
Experiments

Keywords

  • ransomware attack
  • Solid-state drive (SSD)
  • storage security

ASJC Scopus subject areas

  • Hardware and Architecture

Cite this

Amoeba : An Autonomous Backup and Recovery SSD for Ransomware Attack Defense. / Min, Donghyun; Park, Donggyu; Ahn, Jinwoo; Walker, Ryan; Lee, Junghee; Park, Sungyong; Kim, Youngjae.

In: IEEE Computer Architecture Letters, Vol. 17, No. 2, 8550727, 01.07.2018, p. 243-246.

Research output: Contribution to journalArticle

Min, Donghyun ; Park, Donggyu ; Ahn, Jinwoo ; Walker, Ryan ; Lee, Junghee ; Park, Sungyong ; Kim, Youngjae. / Amoeba : An Autonomous Backup and Recovery SSD for Ransomware Attack Defense. In: IEEE Computer Architecture Letters. 2018 ; Vol. 17, No. 2. pp. 243-246.
@article{5ddee6da635347f9a14e6b88b5890994,
title = "Amoeba: An Autonomous Backup and Recovery SSD for Ransomware Attack Defense",
abstract = "Ransomware is one of growing concerns in enterprise and government organizations, because it may cause financial damages or loss of important data. Although there are techniques to detect and prevent ransomware, an evolved ransomware may evade them because they are based on monitoring known behaviors. Ransomware can be mitigated if backup copies of data are retained in a safe place. However, existing backup solutions may be under ransomware's control and an intelligent ransomware may destroy backup copies too. They also incur overhead to storage space, performance and network traffic (in case of remote backup). In this paper, we propose an SSD system that supports automated backup, called Amoeba. In particular, Amoeba is armed with a hardware accelerator that can detect the infection of pages by ransomware attacks at high speed and a fine-grained backup control mechanism to minimize space overhead for original data backup. For evaluation, we extended the Microsoft SSD simulator to implement Amoeba and evaluated it using the realistic block-level traces, which are collected while running the actual ransomware. According to our experiments, Amoeba has negligible overhead and outperforms in performance and space efficiency over the state-of-the-art SSD, FlashGuard, which supports data backup within the device.",
keywords = "ransomware attack, Solid-state drive (SSD), storage security",
author = "Donghyun Min and Donggyu Park and Jinwoo Ahn and Ryan Walker and Junghee Lee and Sungyong Park and Youngjae Kim",
year = "2018",
month = "7",
day = "1",
doi = "10.1109/LCA.2018.2883431",
language = "English",
volume = "17",
pages = "243--246",
journal = "IEEE Computer Architecture Letters",
issn = "1556-6056",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "2",

}

TY - JOUR

T1 - Amoeba

T2 - An Autonomous Backup and Recovery SSD for Ransomware Attack Defense

AU - Min, Donghyun

AU - Park, Donggyu

AU - Ahn, Jinwoo

AU - Walker, Ryan

AU - Lee, Junghee

AU - Park, Sungyong

AU - Kim, Youngjae

PY - 2018/7/1

Y1 - 2018/7/1

N2 - Ransomware is one of growing concerns in enterprise and government organizations, because it may cause financial damages or loss of important data. Although there are techniques to detect and prevent ransomware, an evolved ransomware may evade them because they are based on monitoring known behaviors. Ransomware can be mitigated if backup copies of data are retained in a safe place. However, existing backup solutions may be under ransomware's control and an intelligent ransomware may destroy backup copies too. They also incur overhead to storage space, performance and network traffic (in case of remote backup). In this paper, we propose an SSD system that supports automated backup, called Amoeba. In particular, Amoeba is armed with a hardware accelerator that can detect the infection of pages by ransomware attacks at high speed and a fine-grained backup control mechanism to minimize space overhead for original data backup. For evaluation, we extended the Microsoft SSD simulator to implement Amoeba and evaluated it using the realistic block-level traces, which are collected while running the actual ransomware. According to our experiments, Amoeba has negligible overhead and outperforms in performance and space efficiency over the state-of-the-art SSD, FlashGuard, which supports data backup within the device.

AB - Ransomware is one of growing concerns in enterprise and government organizations, because it may cause financial damages or loss of important data. Although there are techniques to detect and prevent ransomware, an evolved ransomware may evade them because they are based on monitoring known behaviors. Ransomware can be mitigated if backup copies of data are retained in a safe place. However, existing backup solutions may be under ransomware's control and an intelligent ransomware may destroy backup copies too. They also incur overhead to storage space, performance and network traffic (in case of remote backup). In this paper, we propose an SSD system that supports automated backup, called Amoeba. In particular, Amoeba is armed with a hardware accelerator that can detect the infection of pages by ransomware attacks at high speed and a fine-grained backup control mechanism to minimize space overhead for original data backup. For evaluation, we extended the Microsoft SSD simulator to implement Amoeba and evaluated it using the realistic block-level traces, which are collected while running the actual ransomware. According to our experiments, Amoeba has negligible overhead and outperforms in performance and space efficiency over the state-of-the-art SSD, FlashGuard, which supports data backup within the device.

KW - ransomware attack

KW - Solid-state drive (SSD)

KW - storage security

UR - http://www.scopus.com/inward/record.url?scp=85057877541&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85057877541&partnerID=8YFLogxK

U2 - 10.1109/LCA.2018.2883431

DO - 10.1109/LCA.2018.2883431

M3 - Article

AN - SCOPUS:85057877541

VL - 17

SP - 243

EP - 246

JO - IEEE Computer Architecture Letters

JF - IEEE Computer Architecture Letters

SN - 1556-6056

IS - 2

M1 - 8550727

ER -