USER-ORIENTED FILE RESTORATION FOR OPERATING SYSTEMS

Year 2019, Volume: 3 Issue: 3, 149 - 156, 01.07.2019

Hüseyin Pehlivan

https://doi.org/10.31127/tuje.498878

Abstract

Folders such as recycle bin are a crucial component of wide working environments like operating systems. In current operating systems, such facilities are implemented either in no user-oriented fashion or very poorly. Various intrusion detection mechanisms are developed to prevent any damage, but very few offers the repair of the user's file system as an additional level of protection. This paper presents how to build a recycle bin mechanism for Unix operating systems entirely at the user level. The mechanism involves the control of system resources in a more intelligent way. Programs thus are running under greater control, monitoring and analyzing their resource requests. The idea is based on the interception of a particular class of system calls, using tracing facilities supported by many Unix operating systems. This provides better high level information, and presents efficient techniques to prevent foreign or untrustworthy programs from doing any irreparable damage. A program called trash has been constructed and experimented to investigate potential consequences of the recycle bin mechanism. The experiments highlight possible overheads imposed on the system. The paper also performs a comparative analysis of the trash program with some related approaches and tools.

Keywords

Recycle Bin, Operating Systems, System Calls, Process Tracing, Restoration

References

• Abed, A. S., Clancy, C. and Levy, D. S. (2015). “Intrusion Detection System for Applications Using Linux Containers”, International Workshop on Security and Trust Management, pp. 123-135.
• Anandapriya, M. and Lakshmanan, B. (2015). “Anomaly Based Host Intrusion Detection System using semantic based system call patterns”, Proc., 9th International Conference on Intelligent Systems and Control (ISCO), pp. 1-4.
• Berlage, T. and Genau, A. (1993). “From undo to multiuser applications”, Proc., Vienna Conference on Human–Computer Interaction, Vienna, Austria, Sept 20-22, pp. 213-224.
• Brown, A. B. and Patterson, D. A. (2003). “Undo for operators: Building an undoable e-mail store” Proc., 2003 USENIX Annual Technical Conference, pp. 1-14.
• Chen, C. M, Guan, D. J. and Huang, Y. Z and Ou, Y. H. (2016). “Anomaly network intrusion detection using Hidden Markov Model”, International Journal of Innovative Computing, Information and Control, Vol. 12, No. 2, pp. 569-580.
• Choudhary, R. and Dewan, P. (1992). “Multi-user undo/redo”, Technical Report TR125P, Computer Science Department, Purdue University.
• Christodorescu, M. and Jha, S. (2004). “Testing malware detectors”, Proc., 2004 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), New York, NY, USA, pp. 34-44.
• Creech, G. and Hu, J. (2014). “A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguous and Discontiguous System Call Patterns”, IEEE Transactions on Computers, Vol. 63, pp. 807-819.
• Fuse, T. and Kamiya, K. (2017). “Statistical anomaly detection in human dynamics monitoring using a hierarchical dirichlet process Hidden Markov Model”, IEEE Transactions on Intelligent Transportation Systems, Vol. 18, No: 11, pp. 3083–3092.
• Gupta, S. and Kumar. P. (2015). “An immediate system call sequence based approach for detecting malicious program executions in cloud environment”, Wireless Personal Communications, Vol. 81, No. 1, pp. 405–425.
• Haider, W., Hu, J. and Xie. M. (2015). “Towards reliable data feature retrieval and decision engine in hostbased anomaly detection systems”, IEEE 10th Conference on Industrial Electronics and Applications (ICIEA), Auckland, New Zealand, pp. 513–517.
• Hoang, X. D., Hu, J. and Bertok. P. (2009). “A programbased anomaly intrusion detection scheme using multiple detection engines and fuzzy inference”, Journal of Network and Computer Applications, Vol. 32, No. 6, pp.1219–1228.
• Hsu, F., Chen, H., Ristenpart, T., Li, J., and Su, Z. (2006). “Back to the future: A framework for automatic malware removal and system repair”, Proc., 22nd Annual Computer Security Applications Conference, ACSAC ’06, IEEE Computer Society, Washington, DC, pp. 257–268.
• Hu, J., Yu, X., Qiu, D. and Chen, H.-H. (2009). “A simple and efficient hidden markov model scheme for host-based anomaly intrusion detection”, IEEE network, Vol. 23, No. 1, pp. 42–47.
• Jose, S., Malathi, D. Reddy, B. Jayaseeli, D. (2018). “Anomaly Based Host Intrusion Detection System Using Analysis of System Calls”, International Journal of Pure and Applied Mathematics, Vol. 118, No. 22, pp. 225-232.
• King, S. and Chen, P. M. (2003). “Backtracking intrusions”, Proc., 19th ACM Symposium on Operating Systems Principles (SOSP), pp. 223-236.
• Liu, M., Xue, Z. Xu, X., Zhong, C. and Chen. J. (2018). “Host-Based Intrusion Detection System with System Calls: Review and Future Trends”, ACM Computing Surveys, Vol. 51, No. 5, pp 1-36.
• Mutz, D., Valeur, F., Vigna, G. and Kruegel, C. (2006). “Anomalous system call detection”. ACM Transactions on Information and System Security (TISSEC), Vol. 9, No. 1, pp. 61–93.
• Paleari, R., Martignoni, L., Passerini, E., Davidson, D., Fredrikson, M., Giffin, J., and Jha, S. (2010). “Automatic generation of remediation procedures for malware infections”, Proc., 19th USENIX Security Symposium, August 11-13, Washington, DC, pp. 419-434.
• Passerini, E., Paleari, R. and Martignoni, L. (2009). “How Good Are Malware Detectors at Remediating Infected Systems?”, Proc., 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, July 09-10, Como, Italy, pp. 21-37.
• Prakash, A. and Knister, M. J. (1992). “A framework for undoing actions in collaborative systems”, Technical Report CSE-TR-125-92, Computer Science and Engineering Division, The University of Michigan, Ann Arbor.
• Qiao, Y., Xin, X. W., Bin, Y. and Ge, S. (2002) “Anomaly intrusion detection method based on HMM”, Electronics Letters, Vol. 38, No. 13, 2002, pp. 663-664
• Ramaki, A. A., Rasoolzadegan, A. and Jafari, A. J. (2018) “A Systematic Review on Intrusion Detection based on the Hidden Markov Models”, Statistical Analysis and Data Mining, Vol. 11, No. 3, pp. 111-134
• Sekar, R., Bendre, M., Dhurjati, D. And Bollineni, P. (2001). “A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors”, Proc., IEEE Symposium on Security and Privacy, pp. 144-155.
• Spenke, M. and Beilken, C. (1991). “An overview of GINA—the generic interactive application”, Proc., User Interface Management and Design, D. A. Duce et al., Eds. Springer-Verlag, New York, NY, USA, pp. 273-293.
• Stallman, R. (1986). “GNU Emacs manual, Version 17”, Free software foundation. Inc.
• Sun, W., Liang, Z., Venkatakrishnan, V. N. and Sekar,R. (2005). “One-way isolation: An effective approach for realizing safe execution environments”, Proc., Network and Distributed Systems Symposium (NDSS), pp. 265-278.
• Webster, A., Eckenrod, R. and Purtilo, J. (2018). “Fast and Service-preserving Recovery from Malware Infections Using CRIU”, Proc., 27th USENIX Security Symposium, August 15-17, Baltimore, MD, USA, pp. 1199-1211.
• Vitter, J. Z. (1984). “US&R: A new framework for redoing”, IEEE Software, Vol. 1, No. 4, pp. 39-52.
• Wu, F., Wu, D. and Yang, Y. (2016). “A Network Intrusion Detection Algorithm Based on FSA Model”, 4th International Conference on Machinery, Materials and Computing Technology, pp. 615-621.
• Xie, M., Hu, J., Yu, X. and Chang. E. (2014). “Evaluating host-based anomaly detection systems: Application of the frequency-based algorithms to adfald”, International Conference on Network and System Security, Berlin, Heidelberg, Springer, pp. 542–549.
• Yolacan, E. N., Dy, J. G. and Kaeli, D. R. (2014). “System call anomaly detection using multi-HMMs, Software Security and Reliability-Companion (SEREC)”, IEEE 8th International Conference on Software Security and Reliability-Companion, San Francisco, CA, pp. 25–30.
• Yu, F., Xu, C., Shen, Y., An, J., and Zhang, L. (2005). “Intrusion detection based on system call finite-state automation machine”. IEEE International Conference on Industrial Technology, pp. 63-68.
• Zhang, J., Liu, Y. and Liu, X. (2006). “Anomalous detection based on adaboost-HMM”, IEEE 6th World Congress on Intelligent Control and Automation (WCICA), pp. 4360–4363.
• Zhou, C. and Imamiya, A. (1997). “Object-based nonlinear undo model”, Proc., 21th International Computer Software and Applications Conference, COMPSAC, pp. 50-55.
• Zhou, X., Peng, Q. K. and Wang, J. B. (2008). “Intrusion detection method based on two-layer HMM”, Application Research of Computers, Vol. 3, No. 1, 75.