Department of Electrical and Computer Engineering
ECE Seminar Fall 2008
Keystroke Authentication and Human-Behavior Driven Bot Detection
Speaker:
Danfeng Yao
Rutgers University
Time: 10/15/2008 3PM-4PM
Location: Babbio Room 503
Abstract:
Most of existing botnet detection solutions focuses on using the characteristic behaviors of botnets to identify malicious activities. We argue that there are intrinsic and fundamental differences between how human or a bot uses and reacts to a computer, which can be leveraged to distinguish human from bots and to detect infected hosts. We take the first step in formalizing and utilizing the human-centric anomaly detection approach to tackle botnet problems, namely, how to ensure a person's computer is not being stealthily used by a malicious bot.
We present our design and implementation of a remote authentication framework called TUBA thatcollects, extracts features, analyzes, and classifies a computer owner's characteristic keystroke patterns. We collect keystroke data from a group of 20 human users on a set of carefully selected strings. We systematically carry out series of experiments to evaluate the performance of TUBA in classification under both human impersonations and simulated bot attacks by injecting fake keyboard events. Based on our studies, we find that high-dimensional keystroke dynamics features are a robust identification metric for behavior-based authentication. We also discover that certain keyboard event sequences are easy for human to complete, however, are extremely difficult for a bot (i.e., a program) to mimic due to the way a keyboard device and its driver are currently configured.
This is joint work with Deian Stefan (Cooper Union).
Biography:
Danfeng Yao is an assistant professor in the Department of Computer Science at
Rutgers University, New Brunswick. She received her Computer Science Ph.D. degree from
Brown University. Her research interests are in information security and applied cryptography.
Danfeng has more than 20 publications on security and applied cryptography. She won the Best Student Paper Award in ICICS 2006, and the Award for Technological Innovation from Brown in 2006. Danfeng has two U.S. patents pending for her work on identity management. She has interned in the Trusted Systems Lab at HP Labs, and visited CERIAS at Purdue University as a visiting scholar. She has been the reviewer for many security journals and recently served as a PC member in IFIP Trust Management '09, CollaborateCom '08, ACM Symposium on Applied Computing '08, International Conference on Security and Management '08, Workshop on Web 2.0 Trust '08.
Contact:
Yingying Chen <