Skip to main content

New computer attack mimics user's keystroke characteristics and evades detection

Ben-Gurion University of the Negev (BGU) cyber security researchers have developed a new attack called "Malboard." Malboard evades several detection products that are intended to continuously verify the user's identity based on personalized keystroke characteristics.
The new paper, Malboard: A Novel User Keystroke Impersonation Attack and Trusted Detection Framework Based on Side-Channel Analysis published in the Computer and Security journal, reveals a sophisticated attack in which a compromised USB keyboard automatically generates and sends malicious keystrokes that mimic the attacked user's behavioral characteristics.
Keystrokes generated maliciously do not typically match human typing and can easily be detected. Using artificial intelligence, however, the Malboard attack autonomously generates commands in the user's style, injects the keystrokes as malicious software into the keyboard and evades detection. The keyboards used in the research were products by Microsoft, Lenovo and Dell.
"In the study, 30 people performed three different keystroke tests against three existing detection mechanisms including KeyTrac, TypingDNA and DuckHunt. Our attack evaded detection in 83% to 100% of the cases," says Dr. Nir Nissim, head of the David and Janet Polak Family Malware Lab at Cyber@BGU, and a member of the BGU Department of Industrial Engineering and Management. "Malboard was effective in two scenarios: by a remote attacker using wireless communication to communicate, and by an inside attacker or employee who physically operates and uses Malboard."
New Detection Modules Proposed
Both the attack and detection mechanisms were developed as part of the master's thesis of Nitzan Farhi, a BGU student and member of the USBEAT project at BGU's Malware Lab.
"Our proposed detection modules are trusted and secured, based on information that can be measured from side-channel resources, in addition to data transmission," Farhi says. "These include (1) the keyboard's power consumption; (2) the keystrokes' sound; and (3) the user's behavior associated with his or her ability to respond to typographical errors."
Dr. Nissim adds, "Each of the proposed detection modules is capable of detecting the Malboard attack in 100% of the cases, with no misses and no false positives. Using them together as an ensemble detection framework will assure that an organization is immune to the Malboard attack as well as other keystroke attacks."
The researchers propose using this detection framework for every keyboard when it is initially purchased and daily at the outset, since sophisticated malicious keyboards can delay their malicious activity for a later time period. Many new attacks can detect the presence of security mechanisms and thus manage to evade or disable them.
The BGU researchers plan to expand work on other popular USB devices, including computer mouse user movements, clicks and duration of use. They also plan to enhance the typo insertion detection module and combine it with other existing keystroke dynamic mechanisms for user authentication since this behavior is difficult to replicate.
Story Source:
Note: Content may be edited.

Comments

Post a Comment

Popular posts from this blog

Home births as safe as hospital births: International study suggests

A large international study led by McMaster University shows that low risk pregnant women who intend to give birth at home have no increased chance of the baby's perinatal or neonatal death compared to other low risk women who intend to give birth in a hospital. The results have been published by  The Lancet 's  EClinicalMedicine  journal. "More women in well-resourced countries are choosing birth at home, but concerns have persisted about their safety," said Eileen Hutton, professor emeritus of obstetrics and gynecology at McMaster, founding director of the McMaster Midwifery Research Centre and first author of the paper. "This research clearly demonstrates the risk is no different when the birth is intended to be at home or in hospital." The study examined the safety of place of birth by reporting on the risk of death at the time of birth or within the first four weeks, and found no clinically important or statistically different risk between home...
Post a Comment
Read more

Dark matter may be older than the Big Bang

Dark matter, which researchers believe make up about 80% of the universe's mass, is one of the most elusive mysteries in modern physics. What exactly it is and how it came to be is a mystery, but a new Johns Hopkins University study now suggests that dark matter may have existed before the Big Bang. The study, published August 7 in  Physical Review Letters , presents a new idea of how dark matter was born and how to identify it with astronomical observations. "The study revealed a new connection between particle physics and astronomy. If dark matter consists of new particles that were born before the Big Bang, they affect the way galaxies are distributed in the sky in a unique way. This connection may be used to reveal their identity and make conclusions about the times before the Big Bang too," says Tommi Tenkanen, a postdoctoral fellow in Physics and Astronomy at the Johns Hopkins University and the study's author. While not much is known about its origins,...
Post a Comment
Read more

Scientists challenge notion of binary sexuality with naming of new plant species

A collaborative team of scientists from the US and Australia has named a new plant species from the remote Outback. Bucknell University biology postdoctoral fellow Angela McDonnell and professor Chris Martine led the description of the plant that had confounded field biologists for decades because of the unusual fluidity of its flower form. The discovery, published in the open access journal  PhytoKeys , offers a powerful example of the diversity of sexual forms found among plants. The new species of bush tomato discovered in remote Australia provides a compelling example of the fact that sexuality among Earth's living creatures is far more diverse -- and interesting -- than many people likely realize. Bucknell University postdoctoral fellow Angela McDonnell and biology professor Chris Martine led the study following an expedition last year to relocate populations of the new plant, which were first noted by Australian botanists during the 1970s. Herbarium specimens from th...
Post a Comment
Read more