Speaker:

Danfeng Yao

Rutgers University

Time: 10/15/2008 3PM-4PM
Location: Babbio Room 503

Abstract:

Most of existing botnet detection solutions focuses on using the characteristic behaviors of botnets to identify malicious activities. We argue that there are intrinsic and fundamental differences between how human or a bot uses and reacts to a computer, which can be leveraged to distinguish human from bots and to detect infected hosts. We take the first step in formalizing and utilizing the human-centric anomaly detection approach to tackle botnet problems, namely, how to ensure a person's computer is not being stealthily used by a malicious bot.

We present our design and implementation of a remote authentication framework called TUBA thatcollects, extracts features, analyzes, and classifies a computer owner's characteristic keystroke patterns. We collect keystroke data from a group of 20 human users on a set of carefully selected strings. We systematically carry out series of experiments to evaluate the performance of TUBA in classification under both human impersonations and simulated bot attacks by injecting fake keyboard events. Based on our studies, we find that high-dimensional keystroke dynamics features are a robust identification metric for behavior-based authentication. We also discover that certain keyboard event sequences are easy for human to complete, however, are extremely difficult for a bot (i.e., a program) to mimic due to the way a keyboard device and its driver are currently configured.

For more information please contact:

Yingying Chen
Assistant Professor & NIS Graduate Program Director
Burchard
Room 210
Phone: 201.216.8066
Fax: 201.216.8246
yingying.chen@stevens.edu

Seminar details