Your search keyword '"keystroke logging"' showing total 8 results

1. Malboard: A novel user keystroke impersonation attack and trusted detection framework based on side-channel analysis

Author

Nitzan Farhi, Yuval Elovici, and Nir Nissim

Subjects

General Computer Science, Computer science, Firmware, Evasion (network security), 020206 networking & telecommunications, 02 engineering and technology, USB, computer.software_genre, Keystroke logging, Computer security, law.invention, Keystroke dynamics, law, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Side channel attack, Law, Host (network), computer

Abstract

Concealing malicious components within widely used USB peripherals has become a popular attack vector utilizing social engineering techniques and exploiting users’ trust in USB devices. This vector enables the attacker to easily penetrate an organization's computers even when the target is secured or in an air-gapped network. Such malicious concealment can be done as part of a supply chain attack or during the device manufacturing process. In cases where the device allows the user to update its firmware, a supply chain attack may involve changing just the device's firmware, thus compromising the device without the need for concealment. A compromised device can impersonate other devices like keyboards in order to send malicious keystrokes to the computer. However, the keystrokes generated maliciously do not match human keystroke characteristics, and therefore they can be easily detected by security tools that are designed to continuously verify the user's identity based on his/her keystroke dynamics. In this paper, we present Malboard, a sophisticated attack based on designated hardware concealment, which automatically generates keystrokes that have the attacked user's behavioral characteristics; in this attack these keystrokes are injected into the computer in the form of malicious commands and thus can evade existing detection mechanisms designed to continuously verify the user's identity based on keystroke dynamics. We implemented this novel attack and evaluated its performance on 30 subjects performing three different keystroke tasks; we evaluated the attack against three existing detection mechanisms, and the results show that our attack managed to evade detection in 83–100% of the cases, depending on the detection tools in place. Malboard was proven to be effective in two scenarios: either by a remote attacker using wireless communication to communicate with Malboard or by an inside attacker (malicious employee) that physically operates and uses Malboard. In addition, in order to address the evasion gap, we developed three different modules aimed at detecting keystroke injection attacks in general, and particularly, the more sophisticated Malboard attack. Our proposed detection modules are trusted and secured, because they are based on three side-channel resources which originate from the interaction between the keyboard, user, and attacked host. These side-channel resources include (1) the keyboard's power consumption, (2) the keystrokes’ sound, and (3) the user's behavior associated with his/her ability to respond to displayed textual typographical errors. Our results showed that each of the proposed detection modules is capable of detecting the Malboard attack in 100% of the cases, with no misses and no false positives; using them together as an ensemble detection framework will assure that an organization is immune to the Malboard attack in particular and other keystroke injection attacks in general.

Published

2019

2. Hooktracer: Automatic Detection and Analysis of Keystroke Loggers Using Memory Forensics

Author

Mohammad M. Jalalzai, Aisha Ali-Gombe, Golden G. Richard, Mingxuan Sun, Andrew Case, Ryan D. Maggio, and Firoz-Ul-Amin

Subjects

General Computer Science, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Computer security, Keystroke logging, Memory forensics, Software, 0202 electrical engineering, electronic engineering, information engineering, Code (cryptography), Malware, 020201 artificial intelligence & image processing, Plug-in, business, Law, computer, TRACE (psycholinguistics)

Abstract

Advances in malware development have led to the widespread use of attacker toolkits that do not leave any trace in the local filesystem. This negatively impacts traditional investigative procedures that rely on filesystem analysis to reconstruct attacker activities. As a solution, memory forensics has replaced filesystem analysis in these scenarios. Unfortunately, existing memory forensics tools leave many capabilities inaccessible to all but the most experienced investigators, who are well versed in operating systems internals and reverse engineering. The goal of the research described in this paper is to make investigation of one of the greatest threats that organizations face, userland keyloggers, less error-prone and less dependent on manual reverse engineering. To accomplish this, we have added significant new capabilities to HookTracer, which is an engine capable of emulating code discovered in a physical memory captures and recording all actions taken by the emulated code. Based on this work, we present new memory forensics capabilities, embodied in a new Volatility plugin, hooktracer_messagehooks, that uses Hooktracer to automatically decide whether a hook in memory is associated with a malicious keylogger or benign software. We also include a detailed case study that illustrates our technique’s ability to successfully analyze very sophisticated keyloggers, such as Turla.

Published

2020

3. Continuous authentication by free-text keystroke based on CNN and RNN

Author

Xiaofeng Lu, Shengfei Zhang, Pan Hui, and Pietro Liò

Subjects

Sequence, Authentication, General Computer Science, Computer science, Speech recognition, 0202 electrical engineering, electronic engineering, information engineering, Feature (machine learning), Identity (object-oriented programming), 020206 networking & telecommunications, 020201 artificial intelligence & image processing, 02 engineering and technology, Keystroke logging, Law

Abstract

Personal keystroke modes are difficult to imitate and can therefore be used for identity authentication. The keystroke habits of a person can be learned according to the keystroke data generated when the person inputs free text. Detecting a user's keystroke habits as the user enters text can continuously verify the user's identity without affecting user input. The method proposed in this paper authenticates users via their keystrokes when they type free text. The user keystroke data is divided into a fixed-length keystroke sequence, which is then converted into a keystroke vector sequence according to the time feature of the keystroke. A model that combines a convolutional neural network and a recursive neural network is used to learn a sequence of individual keystroke vectors to obtain individual keystroke features for identity authentication. The model is tested using two open datasets, and the best false rejection rate (FRR) is found to be (2.07%,6.61%), the best false acceptance rate (FAR) is found to be (3.26%, 5.31%), and the best equal error rate (EER) is found to be (2.67%, 5.97%).

Published

2020

4. From keyloggers to touchloggers: Take the rough with the smooth

Author

Stefanos Gritzalis, Georgios Kambourakis, and Dimitrios Damopoulos

Subjects

General Computer Science, Computer science, Intrusion detection system, computer.software_genre, Computer security, Keystroke logging, law.invention, Touchscreen, law, Malware, Profiling (information science), Law, computer, Mobile device

Abstract

The proliferation of touchscreen devices brings along several interesting research challenges. One of them is whether touchstroke-based analysis (similar to keylogging) can be a reliable means of profiling the user of a mobile device. Of course, in such a setting, the coin has two sides. First, one can employ the output produced by such a system to feed machine learning classifiers and later on intrusion detection engines. Second, aggressors can install touchloggers to harvest user's private data. This malicious option has been also extensively exploited in the past by legacy keyloggers under various settings, but has been scarcely assessed for soft keyboards. Compelled by these separate but interdependent aspects, we implement the first-known native and fully operational touchlogger for ultramodern smartphones and especially for those employing the proprietary iOS platform. The results we obtained for the first objective are very promising showing an accuracy in identifying misuses, and thus post-authenticating the user, in an amount that exceeds 99%. The virulent personality of such software when used maliciously is also demonstrated through real-use cases.

Published

2013

5. Robustness of keystroke-dynamics based biometrics against synthetic forgeries

Author

Xiaokui Shu, Deian Stefan, and Danfeng Yao

Subjects

Authentication, General Computer Science, Biometrics, business.industry, Computer science, Keystroke logging, Machine learning, computer.software_genre, Computer security, Attack model, Keystroke dynamics, Robustness (computer science), Anomaly detection, Artificial intelligence, business, Law, computer

Abstract

Biometric systems including keystroke-dynamics based authentication have been well studied in the literature. The attack model in biometrics typically considers impersonation attempts launched by human imposters. However, this attack model is not adequate, as advanced attackers may utilize programs to forge data. In this paper, we consider the effects of synthetic forgery attacks in the context of biometric authentication systems. Our study is performed in a concrete keystroke-dynamic authentication system. The main focus of our work is evaluating the security of keystroke-dynamics authentication against synthetic forgery attacks. Our analysis is performed in a remote authentication framework called TUBA that we design and implement for monitoring a user's typing patterns. We evaluate the robustness of TUBA through experimental evaluation including two series of simulated bots. The keystroke sequences forged by the two bots are modeled using first-order Markov chains. Support vector machine is used for classification. Our results, based on 20 users' keystroke data, are reported. Our work shows that keystroke dynamics is robust against the two specific types of synthetic forgery attacks studied, where attacker draws statistical samples from a pool of available keystroke dataset other than the target. We also describe TUBA's use for detecting anomalous activities on remote hosts, and present its use in a specific cognition-based anomaly detection system. The use of TUBA provides high assurance on the information collected from the hosts and enables remote security diagnosis and monitoring.

Published

2012

6. A concise cost analysis of Internet malware

Author

Suleyman Kondakci

Subjects

Password, Software_OPERATINGSYSTEMS, General Computer Science, business.industry, Computer science, Rootkit, Computer security, computer.software_genre, Keystroke logging, Cost analysis, Malware, The Internet, business, Risk assessment, Law, computer

Abstract

In this paper we present a cost model to analyze impacts of Internet malware in order to estimate the cost of incidents and risk caused by them. The model is useful in determining parameters needed to estimate recovery efficiency, probabilistic risk distributions, and cost of malware incidents. Many users tend to underestimate the cost of curiosity coming with stealth malware such as email-attachments, freeware/shareware, spyware (including keyloggers, password thieves, phishing-ware, network sniffers, stealth backdoors, and rootkits), popups, and peer-to-peer fileshares. We define two sets of functions to describe evolution of attacks and potential loss caused by malware, where the evolution functions analyze infection patterns, while the loss functions provide risk-impact analysis of failed systems. Due to a wide range of applications, such analyses have drawn the attention of many engineers and researchers. Analysis of malware propagation itself has little to contribute unless tied to analysis of system performance, economic loss, and risks.

Published

2009

7. Anti-keylogging measures for secure Internet login: An example of the law of unintended consequences

Author

Joseph R. Rabaiotti, Stuart P. Goring, and Antonia J. Jones

Subjects

Password, Service (business), Authentication, General Computer Science, Unintended consequences, business.industry, Computer science, Internet privacy, Keystroke logging, Login, Computer security, computer.software_genre, The Internet, business, Law, computer, Vulnerability (computing)

Abstract

Traditional authentication systems used to protect access to online services (such as passwords) are vulnerable to compromise via the introduction of a keystroke logger to the service user's computer. This has become a particular problem now that many malicious programs have keystroke logging capabilities. When banks first introduced Online Banking services they realised this, and added features to protect users against keystroke logging. In this paper we show, using a real Online Banking system as an example, that if these features are incorrectly implemented they can allow an attacker to bypass them completely and gain access to a user's bank account within a small number of attempts. The vulnerability was initially noticed in a particular Online Banking service, but any system implemented in the way we describe is equally vulnerable.

Published

2007

8. Understanding users' keystroke patterns for computer access security

Author

Ibrahim Sogukpinar, Aykut Guven, Doğuş Üniversitesi, Mühendislik Fakültesi, Bilgisayar Mühendisliği Bölümü, TR1412, and Güven, Aykut

Subjects

Authentication, User authentication, General Computer Science, Biometrics, Computer science, Computer access, ComputingMilieux_PERSONALCOMPUTING, Keystroke Identification, Pattern Recognition, Multi-factor authentication, Keystroke logging, Computer security, computer.software_genre, Identification (information), Human–computer interaction, Pattern recognition (psychology), Law, computer, Computer Security

Abstract

User authentication is a major problem in gaining access rights for computer resources. A recent approach to enhance the computer access rights is the use of biometric properties as the keystroke rhythms of users. Therefore user authentication for computers can be more secure using keystroke rhythms as biometric authentication. Methods like minimum distance, statistical, vector based, neural network type and data mining techniques have been applied in analyzing the keystroke patterns. In this paper, a vector based algorithm for a recent approach has been applied in the identification of keystroke patterns. Keystroke Identification system that is a neuro physical characteristic is studied to realize biometric authentication.

Published

2003