Deian Stefan, now a graduate student in the computer science department at Stanford University, have developed an authentication framework called “Telling Human and Bot Apart” (TUBA) – a remote biometrics system based on keystroke-dynamics information. The software is able to determine if a file is malicious or not by analyzing the way its creator/programmer have been using the computer keys. According to the recently graduated computer scientist, the so-called botnet are run by organized cyber criminals.
“Keystroke dynamics is an inexpensive biometric mechanism that has been proven accurate in distinguishing individuals.”
One of the serious threats to a user’s computer is a software program that might cause unwanted keystroke sequences to occur in order to hack someone’s identity. This form of an attack is increasing, infecting enterprise and personal computers, and caused by “organized malicious botnet,” according to Daphne Yao, now assistant professor of computer science at Virginia Tech.
To combat the “spoofing attacks,” Yao and her former student, Deian Stefan, now a graduate student in the computer science department at Stanford University, developed an authentication framework called “Telling Human and Bot Apart” (TUBA), a remote biometrics system based on keystroke-dynamics information.
Yao holds a patent on her human-behavior driven malware detection technology, including this keystroke anti-spoofing technique.
Her technology for PC security is currently being transferred to a company.
The license agreement between the company, Rutgers University (Yao’s former institution), and Virginia Tech is expected to be finalized in the coming weeks, according to ScienceDaily.com.
Internet bots are often described as web robots.
They act as software applications that run automated tasks over the internet. Bots usually perform simple and repetitive tasks, but at a much higher rate than would be possible for a human alone. (When used for malicious purposes they are described as malware).
“Keystroke dynamics is an inexpensive biometric mechanism that has been proven accurate in distinguishing individuals,” Yao explains, and most researchers working with keystroke dynamics have focused previously on an attacker being a person.
The uniqueness of Yao and Stefan’s research is they studied how to identify when a computer program designed by a hacker was producing keystroke sequences in order to “spoof” others, they say.
Then they created TUBA to monitor a user’s typing patterns.
Using TUBA, Yao and Stefan tested the keystroke dynamics of 20 individuals, and used the results as a way to authenticate who might be using a computer.
“Our work shows that keystroke dynamics is robust against the synthetic forgery attacks studied, where the attacker draws statistical samples from a pool of available keystroke datasets other than the target,” Yao says.
Yao and Stefan also describe in their paper, “Keystroke-Dynamics Authentication Against Synthetic Forgeries” – how keystroke dynamics can be used as a tool to identify anomalous activities on a personal computer including activities that can be due to malicious software.
Their work won a best paper award at CollaborateCom ’10, the 6th International Conference on Collaborative Computing, held in Chicago and sponsored by the Institute of Electrical and Electronic Engineers‘ Computer Society, Create-Net, and the Institute for Computer Sciences.
When The Bots Attack
In this scenario, tension over proposed US legislation to raise tariffs on Chinese imports triggers a crisis. Beijing orders a limited attack on the computer systems of US congress members and corporations that support the bill. Chinese security officials hire criminal bot herders to launch the denial of service attacks. Payments are routed via anonymous services like PayPal (often using branches based in Latin America). Target IP addresses and email accounts (harvested in earlier operations) are distributed through private chat rooms used by criminal hackers. Once the attack is under way, a Chinese media and diplo matic campaign will portray the attackers as cybervigilantes operating on their own.
Freelance computer hackers function as the project managers for the DDoS attacks. Typically, a hacker or a syndicate of hackers control one or more giant botnet, worldwide networks that can include 100,000 computers. Each machine has been surreptitiously infected by the bot herder with a bot, a remotely controlled piece of malicious software. Herders usually make their living by renting these networks out for commercial spam, phishing fraud, and denial-of-service extortion. On the bot herder’s signal, his network of bots can launch millions of packets of information toward a single target, overwhelming its defenses and either crashing it or driving its owners to shut it down as a defensive precaution.
Once an ordinary computer is infected by a bot, it becomes one of the unwitting drones that make up a global botnet. When these machines, known as zombies, receive a signal from the bot herder, the bot takes control of its host and sends out multiple packets of information — usually spam — to designated targets. Thanks to the distributed nature of these networks, attacks appear to be coming from random personal computers located all over the world. In this scenario, many will even be from within the US. And if you’re wondering if your PC is infected, detection isn’t easy. Fortunately, new versions of home security software, like Norton AntiBot, are targeting this new strain of malware. But bots keep mutating, so the game is far from over.
A full-scale DDoS attack meant as an act of war might target military and government servers, civilian email, banks, and phone companies. But in this more likely scenario, the targets are Web sites and email systems of congress members and corporations that support higher trade barriers. These groups blame the Chinese government, but can’t prove it. Nevertheless, targets will be effectively shut down while they undergo security upgrades and damage assessment, inhibiting their ability to work on behalf of the legislation.
Related by The Swapper:
- Hackers Attact Norway’s Peace Prize Institute
- Cyber Wars Enter Center Stage At NATO Summit
- EU Respond To Cyber Threath Alarm
- EU Demand Explanation On US Plan To Monitor Money Transfers
- Europe: Cyber Criminals Attack Critical Water, Oil and Gas Systems
- Hackers Steal CO2-emission Permits Worth $4bn
- Another Carbon Fraud Raid Reveals Firearms, Piles Of Cash
- Japan has national botnet warriors; why don’t we? (arstechnica.com)
- AuthenWare Expands Global Reach to South Korean Market (prweb.com)
- Dutch Team up With Armenia for Bredolab Botnet Take Down (pcworld.com)
- Two million US PCs recruited to botnets – Putian, Fujian, China (travelpod.com)
- Chinese Botnet Sells Point-And-Click Cyberattacks (blogs.forbes.com)