Abstract
As ransomware gets more sophisticated, it becomes increasingly challenging to protect user data from ransomware. Ransomware detection tends to entail file loss in spite of successful detection. A great file backup would be to perfectly protect user files from a ransomware attack. Infection of Windows systems has become the most urgent and serious problem, accounting for 99.7% of the systems infected by ransomware. In this paper, we propose a new file backup mechanism to protect user data against ransomware. For this, we use the stealth space, alternate data streams (ADS), in the Windows system. In our mechanism, original files are backed up to an ADS-based hidden secure area in a local system (i.e., a user system), and the recovery keys of the backup files are stored in a remote server. The use of the ADS property allows us to stealthily keep the backup files in a local system while going completely unnoticed by ransomware. The experimental results showed that the encrypted files by a realistic ransomware sample were perfectly protected by our backup mechanism with much smaller transferred data than a traditional remote file backup system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Symantec: WannaCry: lessons learned 1 year later. https://www.symantec.com/blogs/feature-stories/wannacry-lessons-learned-1-year-later. Accessed 2 Sep 2019
Analysis of ransomware epidemic in February 2019. https://blog.360totalsecu-rity.com/en/analysis-of-ransomware-epidemic-in-february-2019. Accessed 15 Sep 2019
Scaife N, Carter H, Traynor P, Butler K (2016) CryptoLock (and Drop It): stopping ran-somware attacks on user data. In: IEEE international conference on distributed computing systems (ICDCS), pp 303–312
Kharaz A, Arshad S, Mulliner C, Robertson W, Kirda E (2016) UNVEIL: a large-scale, automated approach to detecting ransomware. In: USENIX security symposium, pp 757–772
Continella A, Guagnelli A, Zingaro G, Deasquale G, Barenghi A, Zanero S, Maggi F (2016) ShieldFS: a self-healing, ransomware-aware filesystem. In: Annual conference on computer security applications (ACSAC), pp 336–347
Subedi K, Budhathoki DR, Chen B, Dasgupta D (2017) RDS3: ransomware defense strategy by using stealthily space space. In: IEEE symposium series on computational intelligence (SSCI), pp 1–8
Yun J, Hur J, Shin Y, Koo D (2017) CLDSafe: an efficient file backup system in cloud storage against ransomware. IEICE Trans Inf Syst E100(9):2228–2231
Broomfield M (2006) NTFS alternate data streams: focused hacking. Netw Secur 2006(8):7–9
Baek S, Jung Y, Mohaisen A, Lee S, Nyang D (2018) SSD-insider: internal defense of solid-state drive against ransomware with perfect data recovery. In: IEEE conference on distributed computing systems (ICDCS), pp 875–884
Deviare2 Hook Homepage. https://github.com/nektra/Deviare2. Accessed 01 Oct 2020
Acknowledgments
This work was supported, in part, by the National Natural Science Foundation of China (NSFC) under Grant 61806142, the Natural Science Foundation of Tianjin under Grant 18JCYBJC44000, and the Tianjin Science and Technology Program under Grant19PTZWHZ00020 and, in part, by the Institute for Information & communications Technology Planning&Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2019-0-01343, Regional strategic industry convergence security core talent training business).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Paik, JY., Kim, G., Kang, S., Jin, R., Cho, ES. (2022). Data Protection Based on Hidden Space in Windows Against Ransomware. In: Yang, XS., Sherratt, S., Dey, N., Joshi, A. (eds) Proceedings of Sixth International Congress on Information and Communication Technology. Lecture Notes in Networks and Systems, vol 235. Springer, Singapore. https://doi.org/10.1007/978-981-16-2377-6_58
Download citation
DOI: https://doi.org/10.1007/978-981-16-2377-6_58
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-2376-9
Online ISBN: 978-981-16-2377-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)