Mitigating file-injection attacks with natural language processing

Abstract

Searchable Encryption can bridge the gap between privacy protection and data utilization. As it leaks access pattern to attain practical search performance, it is vulnerable under advanced attacks. While these advanced attacks show signi.cant privacy leakage, the assumptions of these attacks are often strong and the methods that can be used to mitigate these attacks are limited. In this paper, we investigate one of these advanced attacks, referred to as file-injection attacks, and examine whether this attack is viable in practice. In addition, we also propose a defense method to mitigatefi le-injection attacks. By leveraging natural language processing, we formulate the generation of injectedfi les in the attack as an automated text generation problem with restrictions on word selection, and then we tackle the problem with n-grams and Recursive Neural Networks. We formulate the proposed defense as a semantic analysis problem, in which we extract linguistic features and address the problem using machine learning. Our experiential results on real-world datasets suggest two interesting observations. First, automatically generating injectedfi les in the attack will result low semantics infi les. Second, it is viable to automatically detect injectedfi les based on semantics and mitigatefi le-injection attacks.