Student Design Software to Combat Modern Cyber Crime

Deian Stefan, now a graduate student in the computer science department at Stanford University, have developed an authentication framework called “Telling Human and Bot Apart” (TUBA) – a remote biometrics system based on keystroke-dynamics information. The software is able to determine if a file is malicious or not by analyzing the way its creator/programmer have been using  the computer keys. According to the recently graduated computer scientist, the so-called botnet are run by organized cyber criminals.

“Keystroke dynamics is an inexpensive biometric mechanism that has been proven accurate in distinguishing individuals.”

Daphne Yao


One of the serious threats to a user’s computer is a software program that might cause unwanted keystroke sequences to occur in order to hack someone’s identity. This form of an attack is increasing, infecting enterprise and personal computers, and caused by “organized malicious botnet,” according to Daphne Yao, now assistant professor of computer science at Virginia Tech.

To combat the “spoofing attacks,” Yao and her former student, Deian Stefan, now a graduate student in the computer science department at Stanford University, developed an authentication framework called “Telling Human and Bot Apart” (TUBA), a remote biometrics system based on keystroke-dynamics information.

Yao holds a patent on her human-behavior driven malware detection technology, including this keystroke anti-spoofing technique.

Her technology for PC security is currently being transferred to a company.

The license agreement between the company, Rutgers University (Yao’s former institution), and Virginia Tech is expected to be finalized in the coming weeks, according to ScienceDaily.com.

Internet bots are often described as web robots.

They act as software applications that run automated tasks over the internet. Bots usually perform simple and repetitive tasks, but at a much higher rate than would be possible for a human alone. (When used for malicious purposes they are described as malware).

How a botnet infection works

“Keystroke dynamics is an inexpensive biometric mechanism that has been proven accurate in distinguishing individuals,” Yao explains, and most researchers working with keystroke dynamics have focused previously on an attacker being a person.

The uniqueness of Yao and Stefan’s research is they studied how to identify when a computer program designed by a hacker was producing keystroke sequences in order to “spoof” others, they say.

Then they created TUBA to monitor a user’s typing patterns.

Using TUBA, Yao and Stefan tested the keystroke dynamics of 20 individuals, and used the results as a way to authenticate who might be using a computer.

“Our work shows that keystroke dynamics is robust against the synthetic forgery attacks studied, where the attacker draws statistical samples from a pool of available keystroke datasets other than the target,” Yao says.

Yao and Stefan also describe in their paper, “Keystroke-Dynamics Authentication Against Synthetic Forgeries”  – how keystroke dynamics can be used as a tool to identify anomalous activities on a personal computer including activities that can be due to malicious software.

Their work won a best paper award at CollaborateCom ’10, the 6th International Conference on Collaborative Computing, held in Chicago and sponsored by the Institute of Electrical and Electronic Engineers‘ Computer Society, Create-Net, and the Institute for Computer Sciences.

When The Bots Attack

The 2007 Cyber Attack On Estonia

If you want to bring down a country’s information infrastructure and you don’t want anyone to know who did it, the weapon of choice is a distributed denial of service attack.
Using rented botnet, you can launch hundreds of thousands — even millions — of infobombs at a target, all while maintaining total deniability.
In this hypothetical scenario, a single attack launched by China against the US lasts only a few hours, but a full-scale assault lasting days or weeks could bring an entire modern information economy to its knees.
.
1. Attacker
In this scenario, tension over proposed US legislation to raise tariffs on Chinese imports triggers a crisis. Beijing orders a limited attack on the computer systems of US congress members and corporations that support the bill. Chinese security officials hire criminal bot herders to launch the denial of service attacks. Payments are routed via anonymous services like PayPal (often using branches based in Latin America). Target IP addresses and email accounts (harvested in earlier operations) are distributed through private chat rooms used by criminal hackers. Once the attack is under way, a Chinese media and diplo matic campaign will portray the attackers as cybervigilantes operating on their own.
.
2. Bot Herder
Freelance computer hackers function as the project managers for the DDoS attacks. Typically, a hacker or a syndicate of hackers control one or more giant botnet, worldwide networks that can include 100,000 computers. Each machine has been surreptitiously infected by the bot herder with a bot, a remotely controlled piece of malicious software. Herders usually make their living by renting these networks out for commercial spam, phishing fraud, and denial-of-service extortion. On the bot herder’s signal, his network of bots can launch millions of packets of information toward a single target, overwhelming its defenses and either crashing it or driving its owners to shut it down as a defensive precaution.
.
3. Zombie
Once an ordinary computer is infected by a bot, it becomes one of the unwitting drones that make up a global botnet. When these machines, known as zombies, receive a signal from the bot herder, the bot takes control of its host and sends out multiple packets of information — usually spam — to designated targets. Thanks to the distributed nature of these networks, attacks appear to be coming from random personal computers located all over the world. In this scenario, many will even be from within the US. And if you’re wondering if your PC is infected, detection isn’t easy. Fortunately, new versions of home security software, like Norton AntiBot, are targeting this new strain of malware. But bots keep mutating, so the game is far from over.
.
4. Target
A full-scale DDoS attack meant as an act of war might target military and government servers, civilian email, banks, and phone companies. But in this more likely scenario, the targets are Web sites and email systems of congress members and corporations that support higher trade barriers. These groups blame the Chinese government, but can’t prove it. Nevertheless, targets will be effectively shut down while they undergo security upgrades and damage assessment, inhibiting their ability to work on behalf of the legislation.
(Source: www.wired.com)

Related by The Swapper:

Advertisements

1 Comment

Filed under International Econnomic Politics, National Economic Politics, Technology

One response to “Student Design Software to Combat Modern Cyber Crime

  1. Pingback: Tweets that mention Student Design Software to Combat Modern Cyber Crime « The Swapper -- Topsy.com