TY - JOUR
T1 - Amoeba
T2 - An Autonomous Backup and Recovery SSD for Ransomware Attack Defense
AU - Min, Donghyun
AU - Park, Donggyu
AU - Ahn, Jinwoo
AU - Walker, Ryan
AU - Lee, Junghee
AU - Park, Sungyong
AU - Kim, Youngjae
N1 - Funding Information:
This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea Government (MSIT) (No. NRF-2018R1A1A1A05079398).
Publisher Copyright:
© 2002-2011 IEEE.
PY - 2018/7/1
Y1 - 2018/7/1
N2 - Ransomware is one of growing concerns in enterprise and government organizations, because it may cause financial damages or loss of important data. Although there are techniques to detect and prevent ransomware, an evolved ransomware may evade them because they are based on monitoring known behaviors. Ransomware can be mitigated if backup copies of data are retained in a safe place. However, existing backup solutions may be under ransomware's control and an intelligent ransomware may destroy backup copies too. They also incur overhead to storage space, performance and network traffic (in case of remote backup). In this paper, we propose an SSD system that supports automated backup, called Amoeba. In particular, Amoeba is armed with a hardware accelerator that can detect the infection of pages by ransomware attacks at high speed and a fine-grained backup control mechanism to minimize space overhead for original data backup. For evaluation, we extended the Microsoft SSD simulator to implement Amoeba and evaluated it using the realistic block-level traces, which are collected while running the actual ransomware. According to our experiments, Amoeba has negligible overhead and outperforms in performance and space efficiency over the state-of-the-art SSD, FlashGuard, which supports data backup within the device.
AB - Ransomware is one of growing concerns in enterprise and government organizations, because it may cause financial damages or loss of important data. Although there are techniques to detect and prevent ransomware, an evolved ransomware may evade them because they are based on monitoring known behaviors. Ransomware can be mitigated if backup copies of data are retained in a safe place. However, existing backup solutions may be under ransomware's control and an intelligent ransomware may destroy backup copies too. They also incur overhead to storage space, performance and network traffic (in case of remote backup). In this paper, we propose an SSD system that supports automated backup, called Amoeba. In particular, Amoeba is armed with a hardware accelerator that can detect the infection of pages by ransomware attacks at high speed and a fine-grained backup control mechanism to minimize space overhead for original data backup. For evaluation, we extended the Microsoft SSD simulator to implement Amoeba and evaluated it using the realistic block-level traces, which are collected while running the actual ransomware. According to our experiments, Amoeba has negligible overhead and outperforms in performance and space efficiency over the state-of-the-art SSD, FlashGuard, which supports data backup within the device.
KW - Solid-state drive (SSD)
KW - ransomware attack
KW - storage security
UR - http://www.scopus.com/inward/record.url?scp=85057877541&partnerID=8YFLogxK
U2 - 10.1109/LCA.2018.2883431
DO - 10.1109/LCA.2018.2883431
M3 - Article
AN - SCOPUS:85057877541
SN - 1556-6056
VL - 17
SP - 243
EP - 246
JO - IEEE Computer Architecture Letters
JF - IEEE Computer Architecture Letters
IS - 2
M1 - 8550727
ER -