File System Shield (FSS): A pass-through strategy against unwanted encryption in network file systems

Arash Mahboubi, Seyit Camtepe, Keyvan Ansari, Marcin Pawłowski, Paweł Morawiecki, Jarek Duda, Josef Pieprzyk

Research output: Book chapter/Published conference paperConference paperpeer-review

Abstract

This study introduces the Digital Immunity Module (DIM), a novel pass-through file system gateway, positioned strategically between storage and endpoints to enhance the security of files accessed via network protocols such as NFS and SMB on SharePoint. DIM serves as a protective layer against ransomware, designed with dual objectives: (1) detecting statistical anomalies that may indicate potential encryption within the network file system, and (2) proactively expanding under-attack files using a reverse source-coding algorithm to deprive ransomware of the resources it needs to operate. For practical deployment, we have developed a proxy gateway that connects endpoints to Azure storage using the SMB protocol. This setup effectively differentiates between benign and malicious activities without needing to identify specific processes at the endpoints, i.e., a critical advantage in combating fileless ransomware, which often eludes conventional security mechanisms such as behavioral analysis. Upon detecting malicious encryption, DIM reacts by expanding the size of buffer blocks, preventing ransomware from accessing subsequent files and frequently causing the ransomware to self-terminate. Our comprehensive evaluation, involving a benign dataset of 11,928 files against 75 ransomware families, including fileless types, demonstrates that DIM significantly impedes and often terminates ransomware operations early in the attack life cycle. This confirms the practicality and effectiveness of this pass-through defence strategy.

Original languageEnglish
Title of host publicationAdvances in Information and Computer Security
Subtitle of host publication19th International Workshop on Security, IWSEC 2024, Proceedings
EditorsKazuhiko Minematsu, Mamoru Mimura
PublisherSpringer Science and Business Media Deutschland GmbH
Pages213-233
Number of pages21
Volume14977
ISBN (Electronic)9789819777372
ISBN (Print)9789819777365
DOIs
Publication statusPublished - 2024
Event19th International Workshop on Security, IWSEC 2024 - Kyoto International Conference Center, Kyoto, Japan
Duration: 17 Sept 202419 Sept 2024
https://link-springer-com.ezproxy.csu.edu.au/book/10.1007/978-981-97-7737-2 (Proceedings)
https://www.iwsec.org/2024/ (Conference website)
https://www.iwsec.org/2024/program.html (Program)

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14977 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference19th International Workshop on Security, IWSEC 2024
Country/TerritoryJapan
CityKyoto
Period17/09/2419/09/24
OtherThe 19th International Workshop on Security (IWSEC 2024) will be held at Kyoto International Conference Center, Kyoto, Japan between September 17--19, 2024. IWSEC 2024 is co-organized by ISEC in ESS of IEICE (Technical Committee on Information Security in Engineering Sciences Society of the Institute of Electronics, Information and Communication Engineers) and CSEC of IPSJ (Special Interest Group on Computer Security of Information Processing Society of Japan).

Original papers on the research and development of various security topics, as well as case studies and implementation experiences, are solicited for submission to IWSEC 2024.

IWSEC is an annual international workshop in Japan, co-organized by ISEC in ESS of IEICE and CSEC of IPSJ.

Previous IWSEC have been held in Kyoto (2006), Nara (2007), Kagawa (2008), Toyama (2009), Kobe (2010), Tokyo (2011), Fukuoka (2012), Naha (2013), Hirosaki (2014), Nara (2015), Tokyo (2016), Hiroshima (2017), Sendai (2018), Tokyo (2019), Fukui/Online (2020), Tokyo/Online (2021), Tokyo/Online (2022), Yokohama/Online (2023).
Internet address

Fingerprint

Dive into the research topics of 'File System Shield (FSS): A pass-through strategy against unwanted encryption in network file systems'. Together they form a unique fingerprint.

Cite this