Skip to main content

New computer attack mimics user's keystroke characteristics and evades detection

Ben-Gurion University of the Negev (BGU) cyber security researchers have developed a new attack called "Malboard." Malboard evades several detection products that are intended to continuously verify the user's identity based on personalized keystroke characteristics.
The new paper, Malboard: A Novel User Keystroke Impersonation Attack and Trusted Detection Framework Based on Side-Channel Analysis published in the Computer and Security journal, reveals a sophisticated attack in which a compromised USB keyboard automatically generates and sends malicious keystrokes that mimic the attacked user's behavioral characteristics.
Keystrokes generated maliciously do not typically match human typing and can easily be detected. Using artificial intelligence, however, the Malboard attack autonomously generates commands in the user's style, injects the keystrokes as malicious software into the keyboard and evades detection. The keyboards used in the research were products by Microsoft, Lenovo and Dell.
"In the study, 30 people performed three different keystroke tests against three existing detection mechanisms including KeyTrac, TypingDNA and DuckHunt. Our attack evaded detection in 83% to 100% of the cases," says Dr. Nir Nissim, head of the David and Janet Polak Family Malware Lab at Cyber@BGU, and a member of the BGU Department of Industrial Engineering and Management. "Malboard was effective in two scenarios: by a remote attacker using wireless communication to communicate, and by an inside attacker or employee who physically operates and uses Malboard."
New Detection Modules Proposed
Both the attack and detection mechanisms were developed as part of the master's thesis of Nitzan Farhi, a BGU student and member of the USBEAT project at BGU's Malware Lab.
"Our proposed detection modules are trusted and secured, based on information that can be measured from side-channel resources, in addition to data transmission," Farhi says. "These include (1) the keyboard's power consumption; (2) the keystrokes' sound; and (3) the user's behavior associated with his or her ability to respond to typographical errors."
Dr. Nissim adds, "Each of the proposed detection modules is capable of detecting the Malboard attack in 100% of the cases, with no misses and no false positives. Using them together as an ensemble detection framework will assure that an organization is immune to the Malboard attack as well as other keystroke attacks."
The researchers propose using this detection framework for every keyboard when it is initially purchased and daily at the outset, since sophisticated malicious keyboards can delay their malicious activity for a later time period. Many new attacks can detect the presence of security mechanisms and thus manage to evade or disable them.
The BGU researchers plan to expand work on other popular USB devices, including computer mouse user movements, clicks and duration of use. They also plan to enhance the typo insertion detection module and combine it with other existing keystroke dynamic mechanisms for user authentication since this behavior is difficult to replicate.
Story Source:
Note: Content may be edited.

Comments

Popular posts from this blog

Size matters: New data reveals cell size sparks genome awakening in embryos

Transitions are a hallmark of life. When dormant plants flower in the spring or when a young adult strikes out on their own, there is a shift in control. Similarly, there is a transition during early development when an embryo undergoes biochemical changes, switching from being controlled by maternal molecules to being governed by its own genome. For the first time, a team from the Perelman School of Medicine at the University of Pennsylvania found in an embryo that activation of its genome does not happen all at once, instead it follows a specific pattern controlled primarily by the various sizes of its cells. The researchers published their results this week as the cover story in  Developmental Cell . In an early embryo undergoing cell division, maternally loaded RNA and proteins regulate the cell cycle. The genomes of the zygote -- a term for the fertilized egg -- are initially in sleep mode. However, at a point in the early life of the embryo, these zygotic nuclei "wake...

Home births as safe as hospital births: International study suggests

A large international study led by McMaster University shows that low risk pregnant women who intend to give birth at home have no increased chance of the baby's perinatal or neonatal death compared to other low risk women who intend to give birth in a hospital. The results have been published by  The Lancet 's  EClinicalMedicine  journal. "More women in well-resourced countries are choosing birth at home, but concerns have persisted about their safety," said Eileen Hutton, professor emeritus of obstetrics and gynecology at McMaster, founding director of the McMaster Midwifery Research Centre and first author of the paper. "This research clearly demonstrates the risk is no different when the birth is intended to be at home or in hospital." The study examined the safety of place of birth by reporting on the risk of death at the time of birth or within the first four weeks, and found no clinically important or statistically different risk between home...

Molecular adlayer produced by dissolving water-insoluble nanographene in water

Molecular adlayer produced by dissolving water-insoluble nanographene in water : "Nanographene incorporated micelle capsules" can be prepared by simply pulverizing and mixing nanographene with amphiphilic V-shaped anthracene molecules in water at room temperature. Even though nanographene is insoluble in water and organic solvents, Kumamoto University (KU) and Tokyo Institute of Technology (Tokyo Tech) researchers have found a way to dissolve it in water. Using "molecular containers" that encapsulate water-insoluble molecules, the researchers developed a formation procedure for a nanographene adlayer, a layer that chemically interacts with the underlying substance, by just mixing the molecular containers and nanographene together in water. The method is expected to be useful for the fabrication and analysis of next-generation functional nanomaterials. Graphene is a single layer of carbon atoms arranged in sheet form. It is lighter than metal wit...