基于细粒度访问控制的勒索软件防御系统设计

doi:10.3969/j.issn.1671-1122.2023.10.005

信息网络安全 ›› 2023, Vol. 23 ›› Issue (10): 31-38.doi: 10.3969/j.issn.1671-1122.2023.10.005

基于细粒度访问控制的勒索软件防御系统设计

朱怡昕¹^,²(), 苗张旺³, 甘静鸿⁴^,⁵, 马存庆¹

1.中国科学院信息工程研究所信息安全国家重点实验室，北京 100085
2.中国科学院大学网络空间安全学院，北京 100049
3.国家信息中心，北京 100045
4.中国人民公安大学信息网络安全学院，北京 100038
5.漳州市公安局台商投资区分局网安大队，漳州 363000

收稿日期:2023-06-26 出版日期:2023-10-10 发布日期:2023-10-11
通讯作者: 朱怡昕 E-mail:903480254@qq.com
作者简介:朱怡昕（1997—），女，四川，硕士研究生，主要研究方向为网络信息安全|苗张旺（1991—），男，河北，助理研究员，博士，主要研究方向为网络空间安全与人工智能|甘静鸿（1995—），女，福建，硕士研究生，主要研究方向为警务大数据分析技术|马存庆（1984—），男，青海，高级工程师，博士，主要研究方向为密码工程与应用、信息保护技术
基金资助:
国家重点研发计划(E250351112)

Design of Ransomware Defense System Based on Fine-Grained Access Control Scheme

ZHU Yixin¹^,²(), MIAO Zhangwang³, GAN Jinghong⁴^,⁵, MA Cunqing¹

1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
3. National Information Center, Beijing 100045, China
4. School of Information and Network Security, People’s Public Security University of China, Beijing 100038, China
5. Network Security Brigade of Taiwan Security Investment Zone Branch of Zhangzhou Public Security Bureau, Zhangzhou 363000, China

Received:2023-06-26 Online:2023-10-10 Published:2023-10-11

摘要/Abstract

摘要：

勒索软件是网络犯罪的主要形式之一，危害着公共社会的安全。当前的防御方案主要通过访问控制，存在授权粒度太粗、权限管理不灵活和无法正确处理异常等缺陷。为了防御勒索软件、保护主机文件资源的安全，文章提出一个基于细粒度访问控制的勒索软件防御方案，该方案包括3个主要功能，首先对文件系统的细粒度动态的访问控制；然后通过上下文的程序意图进行分析；最后对异常进行分级确认。文章实现了方案原型，分析结果表明，该方案可以有效拦截勒索软件的文件行为，并且能够减小勒索软件带来的损失。

关键词: 勒索软件防御, 访问控制, 上下文分析, 分级确认, 细粒度

Abstract:

Ransomware has become one of the most dominant forms of cybercrime, endangering the security of public society. The goal of this paper is to defend against ransomware to protect the security of host file resources, but current defense schemes using access control schemes still have defects such as too coarse authorization granularity, inflexible permission management, and inability to properly handle exceptions. In this paper, a ransomware defense scheme based on fine-grained access control, which includes three main functions, firstly, fine-grained dynamic access control to the file system was proposed. Secondly program intent analysis by context. Finally hierarchical confirmation of exceptions. This paper implements a prototype of the scheme, which can effectively intercept the file behavior of ransomware after analysis and reduce the damage caused by ransomware.

Key words: ransomware defense, access control, contextual analysis, hierarchical confirmation, fine-grained

中图分类号:

TP309

朱怡昕, 苗张旺, 甘静鸿, 马存庆. 基于细粒度访问控制的勒索软件防御系统设计[J]. 信息网络安全, 2023, 23(10): 31-38.

ZHU Yixin, MIAO Zhangwang, GAN Jinghong, MA Cunqing. Design of Ransomware Defense System Based on Fine-Grained Access Control Scheme[J]. Netinfo Security, 2023, 23(10): 31-38.

图/表 9

图1

图2

图3

图4

图5

图6

图7

图8

图9

参考文献 19

[1]	MELAND P H, BAYOUMY Y F F, SINDRE G. The Ransomware-as-a-Service Economy within Thedarknet[J]. Computers & Security, 2020, 92: 101762-101780. doi: 10.1016/j.cose.2020.101762 URL
[2]	GUO Chun, CHEN Changqing, SHEN Guowei, et al. A Ransomware Classification Method Based on Visualization[J]. Netifo Security, 2020, 20(4): 31-39.
	郭春, 陈长青, 申国伟, 等. 一种基于可视化的勒索软件分类方法[J]. 信息网络安全, 2020, 20(4): 31-39.
[3]	FORTINET. The 2021 Ransomware Survey Report[R]. Sunnyvale:Fortinet, 1290667-0-0-EN, 2021.
[4]	MCINTOSH T, KAYES A S M, CHEN Y P P, et al. Dynamic User-Centric Access Control for Detection of Ransomware Attacks[J]. Computers & Security, 2021, 111: 102461-102476. doi: 10.1016/j.cose.2021.102461 URL
[5]	AL-RIMY B A S, MAAROF M A, SHAID S Z M. Ransomware Threat Success Factors, Taxonomy, and Countermeasures: A Survey and Research Directions[J]. Computers & Security, 2018, 74: 144-166. doi: 10.1016/j.cose.2018.01.001 URL
[6]	DARGAHI T, DEHGHANTANHA A, BAHRAMI P N, et al. A Cyber-Kill-Chain Based Taxonomy of Crypto-Ransomware Features[J]. Journal of Computer Virology and Hacking Techniques, 2019, 15(4): 277-305. doi: 10.1007/s11416-019-00338-7
[7]	LEONG R, BEEK C, COCHIN C, et al. Understanding Ransomware and Strategies to Defeat it[J]. White Paper (McAfee Labs), 2016, 16: 1-16.
[8]	ZIMBA A. Malware-Free Intrusion: A Novel Approach to Ransomware Infection Vectors[J]. International Journal of Computer Science and Information Security, 2017, 15(2): 317-325.
[9]	ZHANG Pengtao, TAN Ying. Hybrid Concentration based Feature Extraction Approach for Malware Detection[C]// IEEE. 2015 IEEE 28th Canadian Conference on Electrical and Computer Engineering (CCECE). New York: IEEE, 2015: 140-145.
[10]	WANG Ping, WANG Y S. Malware Behavioural Detection and Vaccine Development by Using a Support Vector Model Classifier[J]. Journal of Computer and System Sciences, 2015, 81(6): 1012-1026. doi: 10.1016/j.jcss.2014.12.014 URL
[11]	MCINTOSH T R, JANG-JACCARD J, WATTERS P A. Large Scale Behavioral Analysis of Ransomware Attacks[C]// Springer. 25th International Conference, ICONIP 2018. Berlin:Springer, 2018: 217-229.
[12]	ANDRONIO N, ZANERO S, MAGGI F. Heldroid: Dissecting and Detecting Mobile Ransomware[C]// Springer. International Symposium on Recent Advances in Intrusion Detection. Berlin:Springer, 2015: 382-404.
[13]	PRAKASH K P, NAFIS T, BISWAS S S. Preventive Measures and Incident Response for Locky Ransomware[J]. International Journal of Advanced Research in Computer Science, 2017, 8(5): 392-395.
[14]	SCAIFE N, CARTER H, TRAYNOR P, et al. Cryptolock (and Drop It): Stopping Ransomware Attacks on User Data[C]// IEEE. 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS). New York: IEEE, 2016: 303-312.
[15]	KAUR R, SINGH M. A Survey on Zero-Day Polymorphic Worm Detection Techniques[J]. IEEE Communications Surveys & Tutorials, 2014, 16(3): 1520-1549.
[16]	UGARTE-PEDRERO X, GRAZIANO M, BALZAROTTI D. A Close Look at a Daily Dataset of Malware Samples[J]. ACM Transactions on Privacy and Security (TOPS), 2019, 22(1): 1-30.
[17]	KHARRAZ A, KIRDA E. Redemption: Real-Time Protection Against Ransomware at End-Hosts[C]// Springer. International Symposium on Research in Attacks, Intrusions, and Defenses. Berlin:Springer, 2017: 98-119.
[18]	SERVOS D, OSBORN S L. Current Research and Open Problems in Attribute-Based Access Control[J]. ACM Computing Surveys (CSUR), 2017, 49(4): 1-45.
[19]	CONTI M, GANGWAL A, RUJ S. On the Economic Significance of Ransomware Campaigns: A Bitcoin Transactions Perspective[J]. Computers & Security, 2018, 79: 162-189. doi: 10.1016/j.cose.2018.08.008 URL

基于细粒度访问控制的勒索软件防御系统设计

Design of Ransomware Defense System Based on Fine-Grained Access Control Scheme

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 19

相关文章 15

编辑推荐

Metrics

本文评价

[1]	周权, 陈民辉, 卫凯俊, 郑玉龙. 基于SM9的属性加密的区块链访问控制方案[J]. 信息网络安全, 2023, 23(9): 37-46.
[2]	石润华, 谢晨露. 云边缘环境中基于属性加密的可验证EMR外包解决方案[J]. 信息网络安全, 2023, 23(7): 9-21.
[3]	张晓旭, 石润华. EHR系统中一种验证外包加密数据正确性的访问控制方案[J]. 信息网络安全, 2023, 23(5): 85-94.
[4]	王健, 黄俊. 基于智能合约的日志安全存储与公平访问方法[J]. 信息网络安全, 2022, 22(7): 27-36.
[5]	郭宝霞, 王佳慧, 马利民, 张伟. 基于零信任的敏感数据动态访问控制模型研究[J]. 信息网络安全, 2022, 22(6): 86-93.
[6]	刘嘉微, 马兆丰, 王姝爽, 罗守山. 基于区块链的隐私信用数据受限共享技术研究[J]. 信息网络安全, 2022, 22(5): 54-63.
[7]	彭舒凡, 蔡满春, 刘晓文, 马瑞. 基于图像细粒度特征的深度伪造检测算法[J]. 信息网络安全, 2022, 22(11): 77-84.
[8]	靳姝婷, 何泾沙, 朱娜斐, 潘世佳. 基于本体推理的隐私保护访问控制机制研究[J]. 信息网络安全, 2021, 21(8): 52-61.
[9]	沈卓炜, 高鹏, 许心宇. 基于安全协商的DDS安全通信中间件设计[J]. 信息网络安全, 2021, 21(6): 19-25.
[10]	芦效峰, 付淞兵. 属性基加密和区块链结合的可信数据访问控制方案[J]. 信息网络安全, 2021, 21(3): 7-8.
[11]	张淑清, 蔡志文. 云数据下基于可问责属性即可撤销的加密方案[J]. 信息网络安全, 2021, 21(12): 70-77.
[12]	王健, 于航, 韩臻, 韩磊. 基于智能合约的云存储共享数据访问控制方法[J]. 信息网络安全, 2021, 21(11): 40-47.
[13]	魏占祯, 彭星源, 赵洪. SDN中基于用户信任度的资源访问控制方案[J]. 信息网络安全, 2021, 21(10): 33-40.
[14]	汪金苗, 谢永恒, 王国威, 李易庭. 基于属性基加密的区块链隐私保护与访问控制方法[J]. 信息网络安全, 2020, 20(9): 47-51.
[15]	吴云坤, 姜博, 潘瑞萱, 刘玉岭. 一种基于零信任的SDN网络访问控制方法[J]. 信息网络安全, 2020, 20(8): 37-46.