Abstract
The Universal Serial Bus (USB) is becoming a prevalent attack vector. Rubber Ducky and BadUSB are two recent classes of a whole spectrum of attacks carried out using fully-automated keypress injections through innocent-looking USB devices. So far, defense mechanisms are insufficient and rely on user participation in the trust decision. We propose USBlock, a novel approach to detect suspicious USB devices by analyzing the temporal characteristics of the USB packet traffic they generate, similarly to intrusion detection approaches in networked systems. Our approach is unique in that it does not to involve at all the user in the trust decision. We describe a proof-of-concept implementation for Linux and we assess the effectiveness and efficiency of our approach to cope with temporal variations in typing habits and dynamics of legitimate users.
Author supplied keywords
Cite
CITATION STYLE
Neuner, S., Voyiatzis, A. G., Fotopoulos, S., Mulliner, C., & Weippl, E. R. (2018). Usblock: Blocking USB-Based keypress injection attacks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10980 LNCS, pp. 278–295). Springer Verlag. https://doi.org/10.1007/978-3-319-95729-6_18
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
