The aim of the paper is to talk about DcyFS which a new file system developed at the IBM research with the motive of securing the data at the rest and also to prevent the data from the theft and the corruption attacks. The aim of the research paper is to explore the numerous advantages and use of the new file system by the organisations to prevent the data from any kind of theft and corruption.
Thesis statement- The analysis of the new file system that is DcyFS developed by IBM for the securing and protecting the data from theft and corruption attacks.
In the current era, data has become so valuable which makes it work as an oil of the digital age. The rise in the cyber attackers and artificial intelligence is powered malware bots that help in gaining the great advantage for finding the new ways to seal, monetize and even destroy the confidential data and impeding business operations in the ways that could be life-threatening for numerous companies (Stoecklin, 2018).
The concept of the DcyFS initiated a new technique that protects the data which help in maintaining the integrity and confidentiality by exposing entirely for the different views of the real host file system that depends on the subject and their security context. This simply reflects that DcyFS can form the custom file system views majorly for the subjects that depend on the trust level by injecting the new decoy files, removing the sensitive documents and the replacing the sensitive data with the fake files.
The research reflects that the reliance on these core tactics shows that the DcyFS can hide the high-value assets and expose enticing breadcrumbs which contribute to identify the adversarial searches and deliberate data interfering with the misdirect and lure malware into cooperating with decoy files that leads to the wrong decision or expose itself.
This has been found in the research of IBM that DcyFS can intercept every file system that is accessible. In addition to this, it is able to modify the outcomes on the record and fly a full audit trail whole conserving the reliability for the given subject. The changes which will occur in the file system will make by the subject and will be visible in the near future with the motive to expose the irrelevant use of the scenarios and events. The image which is given below reflects the schematic architecture of DcyFS.
DcyFS majorly include the two major components: –
The stackable file system that is one of the major components of DcyFS contains a base file system layer with an overly and this results in the union of two layers. All the file writes are mainly done on the overlay with the motive to protect the base of files because this base gets overwritten. Moreover, this has been found that the overlay can replace or hide files in the system where it is originally stored. In addition, the overlay can also add new files in the file system.
This has been found in the research that the computer systems which are fully equipped with the Decoy file system offer numerous benefits which include the benefits of the low overhead data protection. This is clear from the research that the benefits which are offered by the decoy file system can go far beyond the traditional access control lists (ACLs) or file system permission which includes users and groups who are able to accomplish the activity. Further, there is discussion related to the ways which contribute in offering the advantage over the other popular access controls.
The research reflects that the write-controls added by the overlay allow the DcyFS to protect the integrity of the host file system. Till the time of any creation, alteration or the removal will take place on the overlay as opposed to the host file system. Considering the analysis of the security context of the decoy file system can automatically make identification as to whether bring the changes should be persisted to the host file system that is mainly left in the overlay or whether the overlay needs to be reset that contribute in revert related to the changes (Voris, Song, Salem, Hershkop & Stolfo, 2018).
The read control offered by the overlay allows the decoy file system to take the steps for deciding whether the files are exposed to a given subject (Taylor, Araujo, Kohlbrenner & Stoecklin, 2018). Considering the context and need, the DcyFS contribute in determining the fact that whether a file is shown or hidden from the file system view that contributes mainly to prevent the data that can be theft by hindering the unauthorized users of the data from accessing information.
In the major and specific case of the data integrity this has been found that decoy file system contributes effectively in maintaining the protection and confidentiality to deceive the adversaries as it is essential to make them believe that: –
The overlay system offers a DcyFS view to all allowed and intended changes that are mainly performed by the given subject to the file system. The research reflects when the process gets terminated the DcyFS can easily analyse the changes which set in the overlay and offer the evidence related to the security teams to characterize the type, intent and impact of the process.
The use of the decoy file system (DcyFS) contains a stackable file system with an overlay layer. This layer contributes effectively in protecting the files on the base file system, by offering the data integrity and confidentiality. The overlay system also works as a blank canvas, recording that has been created, modified and deleted files at the time of the suspicious user activity or the execution of an untrusted process. The research reflects that all these records play a vital role to piecing it together at the time of cyber-attack as the overlay offers the evidence related to the key indicators of compromise (IoCs) that is mainly used by the investigators. Further, IBM demonstrated the forensic capability as their approach which can be used by them to form a module that can be used to analyse the overlays for IoCs and tested it with the different types of malware. The IoCs were sourced from the different ATT&CK for enterprise threat model.
This section of the paper includes the analysis related to the five types of malware that are identified with the DcyFS’s analysis module and the IoCs Collected with the help of the file system overlays. The research has been conducted related to the use of the file system actively to help for protecting the critical system from malware in tests.
The research reflects that most of the malware is designed to persist on an infected endpoint and re-launch after a reboot of the system. This has been found that the exact mechanism for the persistence is highly depended on whether the malware is able to gain the access related to the administrator privileges on the endpoint. If it doesn’t, then the malware will get typically modify the user profile files that are run on start-up.
The malware that majorly runs with the escalated privileges can transform the system-wide configuration in order to keep it up. The research reflects that this is achieved by dropping the initialization scripts into the system run level directories (Taylor, 2018). This has been found that majorly in the assured cases the malware will create reoccurring tasks that assure malware is run on a schedule, persisting across reboots. DcyFS offers the per-process view to this malware; no changes in the files by the malware persist across the world file system view. This simply means that the malware is no restarted on a reboot.
The research reflects that there are some malwares like Umbreon and Jynx2 are not executable but rather libraries are designed with the motive to be preloaded by the different system processes. Accordingly, the libraries replace the IS application programming interface (API) that calls to bring the changes in the functionality of the applications that are running. On the other hand, in Umbreon’s case, the malware replaces the C API calls like accept, access and open majorly to hide its presence on the system of the file from an antivirus system or the user system. Umbreon malware contributes in creating a user and hiding the presence with the use of injected API calls. All these changes in the system of the file are determined by the DcyFS as this system is the injected malicious library. Moreover, in case the library is not loaded in its own view, it can’t be injected into any of the processes that are running on the system.
In the current world, this has been found that cybercrime is a mercurial commodity business where large criminal associations rent access to a widespread botnet to other attackers. These bots are designed with the motive to send malicious spam or download various pieces of malware which include banking Trojans, bitcoin miners and keyloggers. These pieces of malware are mainly used with the motive to collect the stolen data that can be monetized by the syndicate (Polychronakis & Meier, 2017). The use of the DcyFS makes the binary modifiers to appear the overlay that they can access. This makes them incapable to adapt the requests in the global view of the base file system.
The research reflects that the skilled attackers always try to cover all their tracks so that they can evade the detection. This can be done by saving the malware in the hidden files which include any file starting with a period, modifying a program like Is or dir so that malware files get ignored when the contents of a directory are displayed to a user. The test reveals that DcyFS contribute effectively in taking the steps which are used to cover one’s tracks that have been highlighted majorly on the file system overlay (Taylor, 2018).
This has been found in the research that ransomware has become an essential part of the attack ecosystem, wreaking havoc on individuals and companies alike. DcyFS forensic analyser generates the three indicators that are mainly used to analyse the estimated impact on the following file system changes introduced by programs (Erez, 2018).
The research reflects that the DcyFS contribute in actively protecting the files from the malware like ransomware with the use of the overlay. This permits the ransomware to believe that it has succeeded but enables the user to subvert attract without any kind of damage of being critical infrastructure.
The research reflects that DcyFS is a security Swiss which works as an army knife. On the other hand, the file system is considered as the passive sensor that allows the monitoring access of one of the most important commodities of the companies in the real work which is data or information. The decoy file system is considered as one of the forensic tools that allow the security practitioners which support to gather the key evidence at the time when the actual attack took place. Along with this, it has been found that DcyFS is considered as an active security control that contributes in hiding and protecting the data while attackers into revealing themselves.
The research team of IBM says that they believe that tools like DcyFS will be considered a big part of the next generation of cyber defence. This has been found that tools like agile and versatile are not only determined attacks when they took place but it actively involves and reacts to the attacker (Kulkarni, Waghmare, Chaudhary & Kulkarni, 2018). This majorly reflects that decoy file system contribute in turning the security from a technical problem which often gets converted into the human problem and the place where most of the adversaries get converted to the defenders that get engaged as they do on any battlefield.
Conclusion
In the end, it can be concluded that the research conducted by the IBM reflects the concept of Decoy File System (DcyFS) which is a new file system that has been developed by them with the motive to protect the threat from theft and corruption attacks. The research paper includes the concept of the decoy file system with their potential benefits in managing the integrity, confidentiality, deception and forensics. In addition, the discussion for the file system overlays as blank canvases are also discussed. Along with this, there is discussion related to the different types of malware that are analysed with the DcyFS. In the end, there is discussion related to humanize the security problems with the DcyFS.
References
Taylor, T. (2018). Following the Clues With DcyFS: A File System for Forensics. Retrieved from: https://securityintelligence.com/following-the-clues-with-dcyfs-a-file-system-for-forensics/
Stoecklin, M. P. (2018). Hidden in Plain Sight: File System Protection With Cyber Deception. Retrieved from: https://securityintelligence.com/hidden-in-plain-sight-file-system-protection-with-cyber-deception/
Kulkarni, T. R., Waghmare, V., Chaudhary, D., & Kulkarni, P. (2018). Security Implementation in cloud computing using User Behavior Profiling and Decoy Technology. World Journal of Technology, Engineering and Research 3(1), 108-113.
Voris, J., Song, Y., Salem, M. B., Hershkop, S., & Stolfo, S. (2018). Active Authentication using File System Decoys and User Behavior Modeling: Results of a Large Scale Study. Computers & Security.
Kurikala, G., Gupta, K. G., & Swapna, A. (2017). Fog Computing: Implementation of Security and Privacy to Comprehensive Approach for Avoiding Knowledge Thieving Attack Exploitation Decoy Technology. International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 2(4), 176-181.
Taylor, T., Araujo, F., Kohlbrenner, A., & Stoecklin, M. P. (2018, June). Hidden in Plain Sight: Filesystem View Separation for Data Integrity and Deception. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessmen, 256-278.
Erez, E. (2018). The Future of Ransomware: Data Corruption, Exfiltration and Disruption. Retrieved from: https://www.infosecurity-magazine.com/opinions/future-ransomware-exfiltration/
Polychronakis, M., & Meier, M. (2017). Detection of Intrusions and Malware, and Vulnerability Assessment: 14th International Conference, DIMVA 2017, Bonn, Germany, July 6-7, 2017, Proceedings New York: Springer.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download