查看文章

Malicious USB devices can disguise themselves as benign devices (e.g., keyboard, mouse, etc.) to insert malicious commands on end devices. Advanced software-based detection schemes (deeper operating system level) are used to identify the malicious nature of such mimic devices. However, a powerful adversary (e.g., as rootkits or advanced persistent threats) can subvert those software-based detection schemes. To address these concerns, we present our ongoing work to dynamically detect these threats in hardware. Specifically, we utilize a novel hardware-assistance mechanism to collect unaltered USB data at the physical layer which is fed into a machine learning-based classifier to determine the true nature of the USB device.