MTFS: a Moving Target Defense-Enabled File System for Malware Mitigation

TL;DR

This paper presents MTFS, a novel file system leveraging Moving Target Defense to proactively mitigate ransomware by delaying, trapping, and hiding files, significantly reducing damage on IoT devices.

Contribution

It introduces MTFS, a new OS-level file system with three innovative MTD techniques specifically designed for ransomware mitigation, which is a novel approach in this domain.

Findings

Techniques delay and mitigate ransomware on IoT devices.

The system can save 97% of files across 14 ransomware samples.

Proactive defense reduces ransomware impact effectively.

Abstract

Ransomware has remained one of the most notorious threats in the cybersecurity field. Moving Target Defense (MTD) has been proposed as a novel paradigm for proactive defense. Although various approaches leverage MTD, few of them rely on the operating system and, specifically, the file system, thereby making them dependent on other computing devices. Furthermore, existing ransomware defense techniques merely replicate or detect attacks, without preventing them. Thus, this paper introduces the MTFS overlay file system and the design and implementation of three novel MTD techniques implemented on top of it. One delaying attackers, one trapping recursive directory traversal, and another one hiding file types. The effectiveness of the techniques are shown in two experiments. First, it is shown that the techniques can delay and mitigate ransomware on real IoT devices. Secondly, in a broader scope, the solution was confronted with 14 ransomware samples, highlighting that it can save 97% of the files.