摘要
勒索软件是网络犯罪的主要形式之一,危害着公共社会的安全。当前的防御方案主要通过访问控制,存在授权粒度太粗、权限管理不灵活和无法正确处理异常等缺陷。为了防御勒索软件、保护主机文件资源的安全,文章提出一个基于细粒度访问控制的勒索软件防御方案,该方案包括3个主要功能,首先对文件系统的细粒度动态的访问控制;然后通过上下文的程序意图进行分析;最后对异常进行分级确认。文章实现了方案原型,分析结果表明,该方案可以有效拦截勒索软件的文件行为,并且能够减小勒索软件带来的损失。
Ransomware has become one of the most dominant forms of cybercrime,endangering the security of public society.The goal of this paper is to defend against ransomware to protect the security of host file resources,but current defense schemes using access control schemes still have defects such as too coarse authorization granularity,inflexible permission management,and inability to properly handle exceptions.In this paper,a ransomware defense scheme based on fine-grained access control,which includes three main functions,firstly,fine-grained dynamic access control to the file system was proposed.Secondly program intent analysis by context.Finally hierarchical confirmation of exceptions.This paper implements a prototype of the scheme,which can effectively intercept the file behavior of ransomware after analysis and reduce the damage caused by ransomware.
作者
朱怡昕
苗张旺
甘静鸿
马存庆
ZHU Yixin;MIAO Zhangwang;GAN Jinghong;MA Cunqing(State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;National Information Center,Beijing 100045,China;School of Information and Network Security,People’s Public Security University of China,Beijing 100038,China;Network Security Brigade of Taiwan Security Investment Zone Branch of Zhangzhou Public Security Bureau,Zhangzhou 363000,China)
出处
《信息网络安全》
CSCD
北大核心
2023年第10期31-38,共8页
Netinfo Security
基金
国家重点研发计划[E250351112]。
关键词
勒索软件防御
访问控制
上下文分析
分级确认
细粒度
ransomware defense
access control
contextual analysis
hierarchical confirmation
fine-grained