Amoeba: An Autonomous Backup and Recovery SSD for Ransomware Attack Defense

Donghyun Min, Donggyu Park, Jinwoo Ahn, Ryan Walker, Junghee Lee, Sungyong Park, Youngjae Kim

Research output: Contribution to journalArticlepeer-review

23 Citations (Scopus)

Abstract

Ransomware is one of growing concerns in enterprise and government organizations, because it may cause financial damages or loss of important data. Although there are techniques to detect and prevent ransomware, an evolved ransomware may evade them because they are based on monitoring known behaviors. Ransomware can be mitigated if backup copies of data are retained in a safe place. However, existing backup solutions may be under ransomware's control and an intelligent ransomware may destroy backup copies too. They also incur overhead to storage space, performance and network traffic (in case of remote backup). In this paper, we propose an SSD system that supports automated backup, called Amoeba. In particular, Amoeba is armed with a hardware accelerator that can detect the infection of pages by ransomware attacks at high speed and a fine-grained backup control mechanism to minimize space overhead for original data backup. For evaluation, we extended the Microsoft SSD simulator to implement Amoeba and evaluated it using the realistic block-level traces, which are collected while running the actual ransomware. According to our experiments, Amoeba has negligible overhead and outperforms in performance and space efficiency over the state-of-the-art SSD, FlashGuard, which supports data backup within the device.

Original languageEnglish
Article number8550727
Pages (from-to)243-246
Number of pages4
JournalIEEE Computer Architecture Letters
Volume17
Issue number2
DOIs
Publication statusPublished - 2018 Jul 1
Externally publishedYes

Keywords

  • Solid-state drive (SSD)
  • ransomware attack
  • storage security

ASJC Scopus subject areas

  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'Amoeba: An Autonomous Backup and Recovery SSD for Ransomware Attack Defense'. Together they form a unique fingerprint.

Cite this