PhantomFS: File-Based Deception Technology for Thwarting Malicious Users

Junghee Lee, Jione Choi, Gyuho Lee, Shin Woo Shim, Taekyu Kim

Research output: Contribution to journalArticle

Abstract

File-based deception technologies can be used as an additional security barrier when adversaries have successfully gained access to a host evading intrusion detection systems. Adversaries are detected if they access fake files. Though previous works have mainly focused on using user data files as decoys, this concept can be applied to system files. If so, it is expected to be effective in detecting malicious users because it is very difficult to commit an attack without accessing a single system file. However, it may suffer from excessive false alarms by legitimate system services such as file indexing and searching. Legitimate users may also access fake files by mistake. This paper addresses this issue by introducing a hidden interface. Legitimate users and applications access files through the hidden interface which does not show fake files. The hidden interface can also be utilized to hide sensitive files by hiding them from the regular interface. By experiments, we demonstrate the proposed technique incurs negligible performance overhead, and it is an effective countermeasure to various attack scenarios and practical in that it does not generate false alarms for legitimate applications and users.

Original languageEnglish
Article number8998256
Pages (from-to)32203-32214
Number of pages12
JournalIEEE Access
Volume8
DOIs
Publication statusPublished - 2020 Jan 1

Keywords

  • Deception technology
  • file system
  • honeypot

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Fingerprint Dive into the research topics of 'PhantomFS: File-Based Deception Technology for Thwarting Malicious Users'. Together they form a unique fingerprint.

Cite this