Full metadata record

DC Field Value Language
dc.contributor.author Baek, Sungha -
dc.contributor.author Jung, Young Don -
dc.contributor.author Mohaisen, Aziz -
dc.contributor.author Lee, Sungjin -
dc.contributor.author Nyang, Daehun -
dc.date.accessioned 2021-01-22T06:58:44Z -
dc.date.available 2021-01-22T06:58:44Z -
dc.date.created 2020-11-12 -
dc.date.created 2020-11-12 -
dc.date.created 2020-11-12 -
dc.date.created 2020-11-12 -
dc.date.created 2020-11-12 -
dc.date.issued 2021-10 -
dc.identifier.citation IEEE Transactions on Computers, v.70, no.10, pp.1762 - 1776 -
dc.identifier.issn 0018-9340 -
dc.identifier.uri http://hdl.handle.net/20.500.11750/12637 -
dc.description.abstract As ransomware attacks have been prevalent, it becomes crucial to make anti-ransomware solutions that defend against ransomwares. In this article, we propose a new ransomware defense system, called SSD-Insider++, which prevents users' files from being damaged by ransomware attacks. SSD-Insider++ is embedded into an SSD controller as a form of firmware. By being separated from a host machine, it not only provides more robust data protection than software-based ones which are vulnerable to evasion attacks, but also offers interoperability with various platforms. SSD-Insider++ is composed of two novel features, ransomware detection and perfect data recovery, which are tightly integrated with each other. The detection algorithm observes I/O patterns of a host system and decides whether the host is being attacked by ransomwares in an early stage. Once an encryption attack is detected, the recovery algorithm is triggered to recover original files by leveraging a delayed deletion feature of an SSD at a low cost. Our experimental results show that SSD-Insider++ achieves high accuracy of detecting ransomwares with 0 percent FRR/FAR in most cases and provides an instant data recovery with 0 percent data loss. The overhead of running SSD-Insider++ is negligible - only 80 nns and 226 nns are spent more for handling 4-KB reads and writes, respectively. -
dc.language English -
dc.publisher Institute of Electrical and Electronics Engineers -
dc.title SSD-Assisted Ransomware Detection and Data Recovery Techniques -
dc.type Article -
dc.identifier.doi 10.1109/tc.2020.3011214 -
dc.identifier.wosid 000693757700017 -
dc.identifier.scopusid 2-s2.0-85114804909 -
dc.type.local Article(Overseas) -
dc.type.rims ART -
dc.description.journalClass 1 -
dc.citation.publicationname IEEE Transactions on Computers -
dc.contributor.localauthor Baek, Sungha -
dc.contributor.localauthor Jung, Young Don -
dc.contributor.localauthor Mohaisen, Aziz -
dc.contributor.localauthor Lee, Sungjin -
dc.contributor.localauthor Nyang, Daehun -
dc.contributor.nonIdAuthor Baek, Sungha -
dc.contributor.nonIdAuthor Jung, Young Don -
dc.contributor.nonIdAuthor Mohaisen, Aziz -
dc.contributor.nonIdAuthor Nyang, Daehun -
dc.identifier.citationVolume 70 -
dc.identifier.citationNumber 10 -
dc.identifier.citationStartPage 1762 -
dc.identifier.citationEndPage 1776 -
dc.identifier.citationTitle IEEE Transactions on Computers -
dc.type.journalArticle Article in press -
dc.description.isOpenAccess N -
dc.subject.keywordAuthor Ransomware -
dc.subject.keywordAuthor Malware Detection -
dc.subject.keywordAuthor Data Recovery -
dc.subject.keywordAuthor Flash-based SSDs -

qrcode mendeley

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.