Skip to main content

New computer attack mimics user's keystroke characteristics and evades detection

Ben-Gurion University of the Negev (BGU) cyber security researchers have developed a new attack called "Malboard." Malboard evades several detection products that are intended to continuously verify the user's identity based on personalized keystroke characteristics.
The new paper, Malboard: A Novel User Keystroke Impersonation Attack and Trusted Detection Framework Based on Side-Channel Analysis published in the Computer and Security journal, reveals a sophisticated attack in which a compromised USB keyboard automatically generates and sends malicious keystrokes that mimic the attacked user's behavioral characteristics.
Keystrokes generated maliciously do not typically match human typing and can easily be detected. Using artificial intelligence, however, the Malboard attack autonomously generates commands in the user's style, injects the keystrokes as malicious software into the keyboard and evades detection. The keyboards used in the research were products by Microsoft, Lenovo and Dell.
"In the study, 30 people performed three different keystroke tests against three existing detection mechanisms including KeyTrac, TypingDNA and DuckHunt. Our attack evaded detection in 83% to 100% of the cases," says Dr. Nir Nissim, head of the David and Janet Polak Family Malware Lab at Cyber@BGU, and a member of the BGU Department of Industrial Engineering and Management. "Malboard was effective in two scenarios: by a remote attacker using wireless communication to communicate, and by an inside attacker or employee who physically operates and uses Malboard."
New Detection Modules Proposed
Both the attack and detection mechanisms were developed as part of the master's thesis of Nitzan Farhi, a BGU student and member of the USBEAT project at BGU's Malware Lab.
"Our proposed detection modules are trusted and secured, based on information that can be measured from side-channel resources, in addition to data transmission," Farhi says. "These include (1) the keyboard's power consumption; (2) the keystrokes' sound; and (3) the user's behavior associated with his or her ability to respond to typographical errors."
Dr. Nissim adds, "Each of the proposed detection modules is capable of detecting the Malboard attack in 100% of the cases, with no misses and no false positives. Using them together as an ensemble detection framework will assure that an organization is immune to the Malboard attack as well as other keystroke attacks."
The researchers propose using this detection framework for every keyboard when it is initially purchased and daily at the outset, since sophisticated malicious keyboards can delay their malicious activity for a later time period. Many new attacks can detect the presence of security mechanisms and thus manage to evade or disable them.
The BGU researchers plan to expand work on other popular USB devices, including computer mouse user movements, clicks and duration of use. They also plan to enhance the typo insertion detection module and combine it with other existing keystroke dynamic mechanisms for user authentication since this behavior is difficult to replicate.
Story Source:
Note: Content may be edited.

Comments

Post a Comment

Popular posts from this blog

Dark matter may be older than the Big Bang

Dark matter, which researchers believe make up about 80% of the universe's mass, is one of the most elusive mysteries in modern physics. What exactly it is and how it came to be is a mystery, but a new Johns Hopkins University study now suggests that dark matter may have existed before the Big Bang. The study, published August 7 in  Physical Review Letters , presents a new idea of how dark matter was born and how to identify it with astronomical observations. "The study revealed a new connection between particle physics and astronomy. If dark matter consists of new particles that were born before the Big Bang, they affect the way galaxies are distributed in the sky in a unique way. This connection may be used to reveal their identity and make conclusions about the times before the Big Bang too," says Tommi Tenkanen, a postdoctoral fellow in Physics and Astronomy at the Johns Hopkins University and the study's author. While not much is known about its origins,...
Post a Comment
Read more

Home births as safe as hospital births: International study suggests

A large international study led by McMaster University shows that low risk pregnant women who intend to give birth at home have no increased chance of the baby's perinatal or neonatal death compared to other low risk women who intend to give birth in a hospital. The results have been published by  The Lancet 's  EClinicalMedicine  journal. "More women in well-resourced countries are choosing birth at home, but concerns have persisted about their safety," said Eileen Hutton, professor emeritus of obstetrics and gynecology at McMaster, founding director of the McMaster Midwifery Research Centre and first author of the paper. "This research clearly demonstrates the risk is no different when the birth is intended to be at home or in hospital." The study examined the safety of place of birth by reporting on the risk of death at the time of birth or within the first four weeks, and found no clinically important or statistically different risk between home...
Post a Comment
Read more

GSAT-11 satellite to be launched from French Guiana on Dec 5th

GSAT-11 satellite to be launched from French Guiana on Dec 5th GSAT-11 would be located at 74 East and is the fore-runner in a series of advanced communications satellite with multi-spot beam antenna coverage over Indian mainland and Islands, ISRO said. GSAT-11 is the next generation “high throughput” communication satellite configured around ISRO’s I-6K Bus. (PTI/Representational). Indian space agency ISRO is scheduled to launch GSAT-11, the “heaviest” satellite built by it, on-board Ariane-5 rocket of Arianespace from French Guiana on December 5. Weighing about 5,854 kg, GSAT-11 would play a vital role in providing broadband services across the country, and also provide a platform to demonstrate new generation applications, the Indian Space Research Organisation (ISRO) said. It is the “heaviest” satellite built by ISRO, the space agency said. GSAT-11 is the next generation “high throughput” communication satellite configured around ISRO’s  I-6K Bus, and it...
Post a Comment
Read more