Mitigating File-Injection Attacks with Natural Language Processing.

Searchable Encryption can bridge the gap between privacy protection and data utilization. As it leaks access pattern to attain practical search performance, it is vulnerable under advanced attacks. While these advanced attacks show significant privacy leakage, the assumptions of these attacks are often strong and the methods that can be used to mitigate these attacks are limited. In this paper, we investigate one of these advanced attacks, referred to as file-injection attacks, and examine whether this attack is viable in practice. In addition, we also propose a defense method to mitigate file-injection attacks. By leveraging natural language processing, we formulate the generation of injected files in the attack as an automated text generation problem with restrictions on word selection, and then we tackle the problem with n-grams and Recursive Neural Networks. We formulate the proposed defense as a semantic analysis problem, in which we extract linguistic features and address the problem using machine learning. Our experiential results on real-world datasets suggest two interesting observations. First, automatically generating injected files in the attack will result low semantics in files. Second, it is viable to automatically detect injected files based on semantics and mitigate file-injection attacks.