poster

Public Access

Dynamically detecting USB attacks in hardware: poster

Authors:

Kyle Denney,

Enes Erdin,

Leonardo Babun, and

A. Selcuk UluagacAuthors Info & Claims

WiSec '19: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

May 2019

Pages 328 - 329

https://doi.org/10.1145/3317549.3326315

Published: 15 May 2019 Publication History

PDF eReader

Abstract

Malicious USB devices can disguise themselves as benign devices (e.g., keyboard, mouse, etc.) to insert malicious commands on end devices. Advanced software-based detection schemes (deeper operating system level) are used to identify the malicious nature of such mimic devices. However, a powerful adversary (e.g., as rootkits or advanced persistent threats) can subvert those software-based detection schemes. To address these concerns, we present our ongoing work to dynamically detect these threats in hardware. Specifically, we utilize a novel hardware-assistance mechanism to collect unaltered USB data at the physical layer which is fed into a machine learning-based classifier to determine the true nature of the USB device.

References

[1]

{n. d.}. Looks like a flash drive. Types like a keyboard. https://www.hak5.org/gear/usb-rubber-ducky

Google Scholar

[2]

2018. IBM bans USB drives - but will it work? https://nakedsecurity.sophos.com/2018/05/11/ibm-bans-usb-drives-but-will-it-work/

Google Scholar

[3]

Admin. 2018. Tutorial about USB HID Report Descriptors. https://eleccelerator.com/tutorial-about-usb-hid-report-descriptors/

Google Scholar

[4]

Brandon L Daley. 2016. USBeSafe: Applying One Class SVM for Effective USB Event Anomaly Detection. Technical Report. Northeastern University, College of Computer and Information Systems Boston United States.

Google Scholar

[5]

Collin Mulliner and Edgar R Weippl. 2018. USBlock: Blocking USB-Based Keypress Injection Attacks. In Data and Applications Security and Privacy XXXII: 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Bergamo, Italy, July 16--18, 2018, Proceedings, Vol. 10980. Springer, 278.

Google Scholar

[6]

Karsten Nohl and Jakob Lell. 2014. BadUSB-On accessories that turn evil. Black Hat USA (2014).

Google Scholar

[7]

Sunil Sikka, Utpal Srivastva, and Rashika Sharma. 2017. A Review of Detection of USB Malware. International Journal of Engineering Science 14283 (2017).

Google Scholar

[8]

Dave Jing Tian, Adam Bates, and Kevin Butler. 2015. Defending Against Malicious USB Firmware with GoodUSB. In Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC 2015). ACM, New York, NY, USA, 261--270.

Digital Library

Google Scholar

Cited By

View all

Puche Rondon LBabun LAris AAkkaya KUluagac A(2023)LGuard: Securing Enterprise-IoT Systems against Serial-Based Attacks via Proprietary Communication BusesDigital Threats: Research and Practice10.1145/35557214:1(1-26)Online publication date: 7-Mar-2023
https://dl.acm.org/doi/10.1145/3555721
Rondon LBabun LAris AAkkaya KUluagac A(2022)Survey on Enterprise Internet-of-Things systems (E-IoT)Ad Hoc Networks10.1016/j.adhoc.2021.102728125:COnline publication date: 1-Feb-2022
https://dl.acm.org/doi/10.1016/j.adhoc.2021.102728
Denney KBabun LUluagac A(2020)USB-Watch: a Generalized Hardware-Assisted Insider Threat Detection FrameworkJournal of Hardware and Systems Security10.1007/s41635-020-00092-z4:2(136-149)Online publication date: 2-Mar-2020
https://doi.org/10.1007/s41635-020-00092-z

Recommendations

Detecting and Defending against Worm Attacks Using Bot-honeynet
ISECS '09: Proceedings of the 2009 Second International Symposium on Electronic Commerce and Security - Volume 01

We proposed a worm detection and defense system named bot-honeynet in this paper, which combines the best features of honeynet, anomaly detection and botnet. The combination of honeynet and anomaly detection system offers a tradeoff between false ...
Read More
Detecting and Analyzing Zero-Day Attacks Using Honeypots
CSCS '13: Proceedings of the 2013 19th International Conference on Control Systems and Computer Science

Computer networks are overwhelmed by self prop- agating malware (worms, viruses, trojans). Although the number of security vulnerabilities grows every day, not the same thing can be said about the number of defense methods. But the most delicate problem ...
Read More
A Visual Approach to Detecting Drive-by Download Attacks
VINCI '15: Proceedings of the 8th International Symposium on Visual Information Communication and Interaction

Drive-by Download(DbD) attack is one of malware infection schemes that pose a major threat to users on the Internet. The attack tends to go unnoticed by users, because, upon infection, there is almost no visible change to the screen or the computer. ...
Read More

Comments

Information & Contributors

Information

Published In

WiSec '19: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

May 2019

359 pages

ISBN:9781450367264

DOI:10.1145/3317549

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 May 2019

Check for updates

Qualifiers

Poster

Funding Sources

National Science Foundation
Florida Center for Cybersecurity's Capacity Building Program

Conference

WiSec '19

Sponsor:

SIGSAC

WiSec '19: 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks

May 15 - 17, 2019

Florida, Miami

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
690
Total Downloads

Downloads (Last 12 months)208
Downloads (Last 6 weeks)6

Other Metrics

View Author Metrics

Citations

Cited By

View all

Puche Rondon LBabun LAris AAkkaya KUluagac A(2023)LGuard: Securing Enterprise-IoT Systems against Serial-Based Attacks via Proprietary Communication BusesDigital Threats: Research and Practice10.1145/35557214:1(1-26)Online publication date: 7-Mar-2023
https://dl.acm.org/doi/10.1145/3555721
Rondon LBabun LAris AAkkaya KUluagac A(2022)Survey on Enterprise Internet-of-Things systems (E-IoT)Ad Hoc Networks10.1016/j.adhoc.2021.102728125:COnline publication date: 1-Feb-2022
https://dl.acm.org/doi/10.1016/j.adhoc.2021.102728
Denney KBabun LUluagac A(2020)USB-Watch: a Generalized Hardware-Assisted Insider Threat Detection FrameworkJournal of Hardware and Systems Security10.1007/s41635-020-00092-z4:2(136-149)Online publication date: 2-Mar-2020
https://doi.org/10.1007/s41635-020-00092-z

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Detecting and Defending against Worm Attacks Using Bot-honeynet

Detecting and Analyzing Zero-Day Attacks Using Honeypots

A Visual Approach to Detecting Drive-by Download Attacks

Comments

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Qualifiers

Funding Sources

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF

eReader

Login options

Full Access

Abstract

References

Cited By

Recommendations

Detecting and Defending against Worm Attacks Using Bot-honeynet

Detecting and Analyzing Zero-Day Attacks Using Honeypots

A Visual Approach to Detecting Drive-by Download Attacks

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations