Abstract
Obfuscation and cryptography technologies are applied to malware to make the detection of malware through intrusion prevention systems (IPSs), intrusion detection systems (IDSs), and antiviruses difficult. To address this problem, the security requirements for post-detection and proper response are presented, with emphasis on the real-time file access monitoring function. However, current operating systems provide only file access control techniques, such as SELinux (version 2.6, Red Hat, Raleigh, NC, USA) and AppArmor (version 2.5, Immunix, Portland, OR, USA), to protect system files and do not provide real-time file access monitoring. Thus, the service manager or data owner cannot determine real-time unauthorized modification and leakage of important files by malware. In this paper, a structure to monitor user access to important files in real time is proposed. The proposed structure has five components, with a kernel module interrelated to the application process. With this structural feature, real-time monitoring is possible for all file accesses, and malicious attackers cannot bypass this file access monitoring function. By verifying the positive and negative functions of the proposed structure, it was validated that the structure accurately provides real-time file access monitoring function, the monitoring function resource is sufficiently low, and the file access monitoring performance is high, further confirming the effectiveness of the proposed structure.
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering
Reference63 articles.
1. Analyzing social and stylometric features to identify spear phishing emails;Dewan;Proceedings of the 2014 APWG Symposium on Electronic Crime Research (eCrime),2014
2. The Need for New Antiphishing Measures Against Spear-Phishing Attacks
3. Implementation of lightweight intrusion detection model for security of smart green house and vertical farm
4. Anomaly-Based Cyber Intrusion Detection System with Ensemble Classifier;Sarıkaya;Master’s Thesis,2018
5. Av-meter: An evaluation of antivirus scans and labels;Mohaisen,2014
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献