Deep-Learning-Based Approach to Keystroke-Injection Payload Generation: Comparison
Please note this is a comparison between Version 2 by Catherine Yang and Version 1 by Vitalijus Gurcinas.

USB-based keystroke-injection attacks involve manipulating USB devices to inject malicious keystrokes into the target system. These attacks exploit the trust of USB devices and can bypass traditional security measures if they are taken into account and adapted to the systems designed to prevent such attacks. By impersonating a keyboard or using programmable USB devices, attackers can execute unauthorized commands or gain unauthorized access to sensitive information mimicking legitimate user keystrokes. Different attack vectors, such as BadUSB and rogue device attacks, have drawn attention to the potential risks and ramifications involved in these types of attacks. However, the emergence of advanced attack methods necessitates the development of more sophisticated countermeasures. These attacks pose a significant security risk and highlight the importance of implementing strong defenses to mitigate the potential impact of such exploits, especially those that can bypass keystroke dynamics systems using rogue USB devices with implants.

  • keystroke dynamics
  • machine learning
  • deep learning
  • behavioral biometrics

1. USB Imperfections

Infrastructure security is a natural starting point for a data security plan [6][1]. Most USB hardware attacks are closely associated with social-engineering tactics, as these types of attacks often necessitate a compromise of physical security measures. In 1998, the first widely supported USB protocol USB 1.0 was released with a data-transfer rate of 1.5 Mbit/s. There was an updated version—USB 1.1 supported two data-transfer rates, low-speed 1.5 Mbit/s and full-speed 12 Mbit/s. Due to the limitations imposed on transfer speeds, the standard in question only supported a restricted range of devices, such as keyboards and mice. Then, in 2000, the USB 2.0 specification was introduced. High-speed (480 Mbit/s) mode meant that devices such as cameras, external storage devices, printers, and network cards were also supported. The convenience of the high data-transfer rate provided the momentum for the popularity of USB flash drives. Although various peripherals are supported in USB 2.0, there is no reliable way to identify the type of device by ‘vendor_id’ or ‘product_id’ [7,8][2][3]. The absence of robust identification mechanisms creates a vulnerability that can be exploited by keystroke-injection attacks. USB 3.0 and its 2013 update USB 3.1 introduced the USB Type-C connector. This provided a unified connector type for power, HDMI, display port, and Thunderbolt. For example, USB type-C can transfer video stream data, and USB 3.1 cables can deliver 4K (UltraHD) video and audio. This can potentially enhance keystroke-injection attacks as it provides the attacker with visual access to the victim’s machine, enabling them to observe the ongoing activities, choose the best time for the attack or even extract a greater amount of data from the victim within a limited timeframe [2][4]. However, no improvements in the field of security were introduced in these revisions. This allows even more possibilities for successful attacks via the USB interface [1,2][4][5]. Utilization of USB for malicious intents should not be solely understood in terms of USB versions and direct physical connections. USB attacks should be comprehended in a broader context. If there are means for directly detecting harmful USB devices, even with moderate difficulty, the attack surface significantly expands when malicious USB devices are connected through intermediate circuits such as USB hubs or other commonly used expansion devices. To demonstrate this weakness, research has been conducted on the creation of a malicious USB device to bypass USB blocking mechanisms by manipulating USB protocol and spoofing data to trusted USB hubs [9][6]. This shows a diverse range of offensive attack capabilities, as well as the corresponding countermeasures in both direct and side-channel scenarios.
More than 400 vulnerabilities related to USB peripherals are listed on the CVE (common vulnerabilities and exposures) list. As a result, it has become a standard practice for an attacker to use these vulnerabilities and exploit the trust-by-default characteristics of USB to conduct attacks. And this is a security risk for the private, government, and personal sectors [2][4]. New and more advanced USB technologies offer more features which are used by mobile devices and tablets, as well as computers.
A taxonomy of USB-based attacks has been developed by categorizing them into three main categories: programmable microcontrollers, USB peripherals, and electrical [10][7]. This classification is used to analyze USB hardware attacks and gain a deeper understanding of each type of attack in this paper.
  • Electrical attacks are related by nature to the denial-of-service (DoS) attack. As an example, there is a hardware device called the ‘USB killer’. It is an electrical discharger disguised as a simple USB device. Once this device is plugged into the USB port, the capacitors will charge up and discharge a critical amount of current back to the USB port in intervals, making computer hardware components unusable;
  • USB peripheral attacks utilize flash-drive firmware or driver to deliver malicious payloads. These types of attacks can perform buffer overflows, DNS overrides, and even keystroke injection and, in some cases, launch an executable;
  • Microcontroller attacks use microcontrollers that emulate keyboards and can inject keyboard input at high. They belong to a class of HID attacks that has evolved over the years and became much more sophisticated [11][8].
Other researchers proposed a USB-based attacks taxonomy with a more granular approach by creating different bases that cover adversary intentions, object of impact, attack mechanism, level of secrecy, level of complexity, assets, and so forth [12][9]. A recent study discusses attacks on keyboard-firmware attacks in the banking sector, where vulnerable software inside keyboard controllers is used to sniff sensitive data [13][10]. As follows, this highlighted the need for secure USB protocols and firmware-verification mechanisms. The keyboard has become a more security concern over the years due to the sensitive nature of its use.

2. USB Attacks

USB attacks encompass a variety of techniques that exploit vulnerabilities in the USB interface to gain unauthorized access or compromise system security. Keystroke injection, as a specific type of USB attack, involves injecting malicious commands or keystrokes into a target system to perform unauthorized actions or gain elevated privileges. The USB keystroke-injection attack is also known as the keypress-injection attack and the keyboard-injection attack [14,15,16][11][12][13]. It is an attack method where by connecting a malicious USB device it is possible to enter predetermined keystrokes in the terminal, enter and execute scripts, use keyboard shortcuts to control the device, and, thus, maliciously affect the computer [17,18,19][14][15][16].
The significance and feasibility of keystroke-injection attack are derived from several factors. One factor is USB device detection, or what happens before a malicious USB device begins to perform malicious activity; it is essential as further options of keystroke injection will depend on the level of trust gained. When a USB device is plugged into the USB port, the host detects that a new device was connected and waits for 100 milliseconds to ensure, that the new device has the time to be powered properly. The host then issues a reset command to place the device in its default state and allow it to respond. The host will ask the device for the first 64 bytes of its device descriptor. This step is very important to conduct a successful keystroke-injection attack. The device descriptor contains information about the product, its vendor, required power levels, the number of interfaces, endpoint information, etc. Once these are established, the host will communicate with the USB device using the appropriate drivers [20][17]. The utilization of replacement descriptors and static device information in USB penetration testing has been used for some time in automated platforms to prepare such devices [21][18]. Merely pretending that the device is highly trustworthy will not be sufficient to bypass protected systems without implementing additional measures. A USB storage device is completely unsuitable for this type of attack, as a simple device-protection tool can identify it as a threat or authenticate every USB flash drive [22,23][19][20].
The vast majority of researchers who researched keystroke-injection-hardware-based solutions used microcontrollers [15,24,25,26,27][12][21][22][23][24]. In addition to microcontrollers, some research used more powerful small-factor computers that offer additional capabilities [14,28][11][25]. Accordingly, first and foremost, in order to inject keystrokes, a microcontroller must identify itself as a HID (human interface device). Researchers recently engaged in developing a model that establishes a correlation between HIDs and vulnerability categories, thereby aligning them with specific types of attacks [29][26].

3. Keystroke Dynamics and Its Circumvention

When such HID- and BadUSB-type attacks emerged, serious concerns were raised regarding the security of USB devices. Consequently, over the past four years, the research on protective solutions has increased, but also the number of researchers investigating how to circumvent these measures. One of the commonly discussed keystroke-injection-attack-detection solutions outlined in scientific papers is rule-based. Rule-based keystroke-injection protection is a straightforward and widely adopted method that involves logging and monitoring keyboard input for detection. On the contrary, an alternative approach entails analyzing the USB packet traffic to identify and mitigate potential malicious activities [30][27]. Typically, it is beyond human capacity to type at an extremely high speed of thousands of words per minute. Therefore, when the system detects abnormal keypress speeds, it can trigger various protective measures, such as disabling the keyboard, requiring password input, or logging the activity for further analysis [17][14].
Certain rule-based systems rely on white-listing known vendors by USB ID and not allowing other HID devices to function unless the user explicitly confirms and authorizes them [4][28]. Another approach involves employing contextual analysis tools that utilize a combination of contextual events. These tools take advantage of a heuristic approach by executing a USB drive within a sandboxed or isolated environment for a brief period, typically, a few seconds. During this time, the system monitors the processes and actions initiated by the USB drive. Subsequently, an evaluation phase is performed to determine whether the observed actions exhibit malicious behavior [31][29].
Another advanced method employed to detect and mitigate keystroke-injection attacks involves the utilization of behavioral biometrics, particularly keystroke dynamics. The concept of keystroke dynamics originated in the 1970s, primarily focusing on analyzing fixed-text data.
Keystroke-dynamics-based systems identify users based on their interaction with a computer via input devices. Therefore, in some literature, keystroke dynamics can also be referred to as keystroke biometrics. These systems typically use neural networks that are trained using user interactions with computers. Systems that use this for identification may be prompted to enter their password multiple times or type a paragraph of text, allowing the system to train and learn from these inputs. Alternatively, the system can train itself in the background while the user performs its daily tasks, continuously refining its understanding of the user’s keystroke dynamics. Some of these systems may be vulnerable to what is called a frog-boiling attack [32][30]. This implies that the dataset used for identification purposes can be poisoned with small packets containing false data and these would lead to false identification. Such poisoning attacks can have two different objectives: to reduce the performance of the model and to manipulate the model by injecting false data [33][31].
Keystroke dynamics does not require any additional hardware as required by other biometric authentication methods, such as fingerprints or facial recognition. Personal keystroke biometrics is difficult to forge and could be used for authentication [34,35][32][33]. For example, the online learning platform Coursera applies this method to authenticate online students [36][34]. It is worth mentioning that legitimate users may be blocked by the system in cases where training patterns will not match the input patterns in cases like nervous emotional state, hand injury, or, simply, a different keyboard or software update. Other scientists use certain characteristics and behaviors that impede accurate recognition as specific indicators when determining Parkinson’s disease using fixed- and free-text writing habits [37][35]. This shows us that for accurate recognition behavioral patterns need to be updated regularly. However, these problems can be solved, and it is very likely that keystroke biometrics will gain more popularity in the near future [38][36].
There exist a limited number of approaches to implement keystroke analysis which vary depending on the intended purpose. In general, keystroke dynamics can be divided into two main steps: training neural networks from collected user data and performing authentication. Moreover, keystroke dynamics can be classified into two distinct types: fixed-text and free-text. The key difference between these two methods is the dataset that is used to authenticate a user [39,40][37][38]. Fixed-text authentication is mostly used as a second-factor or multi-factor authentication. One of the leaders in commercial keystroke dynamics authentication systems is a company called TypingDNA. And, according to this company, the average fixed-text login credentials (email and password) contain about 30 characters [41][39].
Compared to fixed-text, free-text is a continuous type of authentication rather than second- or multi-factor. The user’s computer interaction is continuously monitored and compared to existing user data for analysis and comparison. If a predetermined threshold of deviance from typical user behavior is passed, then a user might be blocked, logged out, or asked to authenticate himself based on system settings [42][40]. Other researchers consider analyzing both keystroke and mouse usage behavior patterns to prevent a situation where an attacker avoids detection by restricting to one input device because the system only checks the other input device [43][41]. Conversely, alternative proposals state that mouse dynamics requires simpler hardware to capture the biometric data without using sensitive user data from the users and propose a method based on mouse dynamics based on deep-learning for continuous and silent user authentication [44][42].
Free-text is more dynamic and uses a self-adaptive dataset. Typically, users are asked to type a few paragraphs of text or the required data could be collected simply by monitoring how the user interacts with a keyboard on a daily basis [45][43]. These systems are used for continuous authentication and are often used to defend against keystroke-injection attacks. The evaluation of accuracy and performance in free-text keystroke dynamics is an ongoing area of investigation; researchers are actively developing methods to minimize error rates in this domain [46][44], while other researchers have explored the application of cGAN networks to generate fake keystroke dynamics patterns with the intention of deceiving keystroke-authentication systems [47][45]. Given the growing need for remote learning, continuous authentication with keystroke dynamics was implemented and performed very effectively [48][46], although keystroke dynamics has significant inaccuracies when applied to RDP (remote desktop protocol) and VNC (virtual network computing) systems, resulting in poor or non-functioning operation.
In modern approaches for fixed- or free-text keystroke dynamics, different types of neural networks are being used in conjunction. As an example, Siamese neural networks are used [49][47]. In this model, two neural networks are trained using the same parameters and weights and work in conjunction with one another. One neural network receives original legitimate user data and another receives data that should be verified. Later, these results are compared. In contrast, generative adversarial neural networks are also gaining momentum for attacks against user identification systems [47,50][45][48]. In this architecture, two neural networks work against each other. One is trained as a discriminator and tries to identify the user while the generator receives random noise input at the beginning and tries to generate output that would fool the discriminator. Despite the aforementioned, in certain scenarios statistical algorithms have demonstrated superior performance compared to deep-learning approaches, particularly when dealing with large volumes of unlabeled data [51][49].
In subsequent years, Bayesian classifiers based on the mean and variance of time intervals between two or three consecutive keypresses were applied to the problem. The results claim a classification accuracy of 92% on a dataset with 63 users [38][36]. In situations where we only want to implement this as a 2FA (password—what we know and keystroke biometrics—what we are) dataset for training needs to contain data about the parameters of how a user enters his username and password. This means that analyzed text is usually short (in average 8–20 characters long) and that the user will be asked to enter the same text (in this case, his password) for a set number of times. There are several drawbacks associated with the use of keystroke dynamics for continuous authentication. One limitation is that the data collected from user input often consists of a limited set of characters, such as letters, numbers, or symbols. Therefore, if a user changes his password (which is recommended for security purposes), the model would need to be retrained to adapt to the new input patterns. This retraining process can be time-consuming and may introduce delays in the authentication process. Additionally, reliance on fixed-text input may not capture the full range of user behavior and typing patterns, limiting the overall accuracy and effectiveness of the system.
Recently, research in keystroke dynamics has been heavily focused on machine-learning techniques, including random forests, fuzzy logic, RNN (recursive neural network), CNN (convolutional neural network), Gaussian mixture models, k-nearest neighbours (k-NN), K-means clustering, and many other approaches [51,52][49][50].
The two main ideas used to make a convolutional neural network particularly successful are sparse connections and weight sharing. According to the study, activation functions (ReLu, Maxout), loss functions (SoftMax, hinge), regularization technique (dropout), optimization method (data augmentation, batch normalization), and fast processing (sparse convolution) were used in conjunction with CNN [53][51]. As an alternative there are long short-term memory (LSTM) networks and a variation of the LSTM, called a gated recurrent unit (GRU). GRUs have a simpler design with fewer parameters, which allows for quicker training due to the reduced number of operations. On the other hand, convolutional neural networks (CNNs) are predominantly used for image-related tasks like processing, classification, segmentation, and pattern identification. However, they have also demonstrated impressive results in various other classification tasks.
Depending on the machine-learning model and algorithms used, the data from the user has to be modified to fit the algorithm accordingly. A good example could be RNN (recurrent neural network). This automatically learns time series and has shown good performance in applications such as speech recognition, document abstraction, and NLP (natural language processing). However, if RNN is used, the keystroke data must be vectorized [36][34].
In a typical implementation, keystrokes or keystroke pairs are converted into vectors, and neural network weights are adjusted by backpropagation during the model-training phase. The trained model is then used during the authentication phase to assign a probability to the observed typing pattern for a specific user. The typing pattern is periodically compared to the stored user data, and, based on a predefined threshold, the model determines whether the observed pattern belongs to the legitimate user or not.

4. User Keypress Data and Their Minimum

To identify the user hiding behind the keyboard, a dataset with a collection of user keypresses is required. When collecting data solely based on the dynamics of key-presses without additional information, only a limited number of parameters are necessary and collected. Depending on the algorithm and system, some parameters may differ, but Dwell time and Down-to-down time are being used frequently. Dwell time (Dt) is a duration in which a key is pressed down (H.time). And Down-to-down time (DD.time) measures the duration between one keypress to another, Up-to-down time (UD.time) is the time from the release of one key and the press of another (in some literature, called flight time) [34][32]. The data-collection and training phase of keystroke dynamics can be categorized based on the length and type of the text [54][52]. Fixed-length models use a limited dataset that consist of username and password. In other words, the analyzed text is replicated in a concise manner and iterated until a sufficient amount of data are collected for training purposes. However, some datasets are available for testing purposes, including the Carnegie Mellon University (CMU) fixed-text dataset [55][53]. It is often used as a reference to test techniques in keystroke dynamics research. This dataset consists of 51 participants’ keystroke dynamics information, where each participant typed password ‘.tie5Roanl’ a total of about 400 times. Participants had to wait at least one day after certain typing sessions, so that variations of each subject’s typing would be captured daily. Furthermore, this password was chosen as an example of a strong 10-character password, which meets common requirements for password security. The dataset compiled by Gonzalez comprises a combination of publicly accessible keystroke datasets [56,57,58][54][55][56]. It encompasses both authentic human-generated keystrokes and synthesized forgeries [59][57]. Researchers can utilize this dataset to evaluate the efficacy of liveness-detection techniques for keystroke dynamics, specifically compared to a diverse range of state-of-the-art methods for synthesizing samples. The first dataset included in the dataset collection was from CMU [56][54]. The second dataset was collected from individuals performing daily tasks in an enterprise setup and was used for evaluation of free-text keystroke dynamics for authentication [57][55]. The third dataset, obtained from anonymous subjects through a crowd-sourcing platform, was aimed at identifying indicators of fraudulent intent by analyzing variations in typing patterns [58][56]. It is important to note that the datasets referenced in the literature sources do not contain recorded click values.
The minimum number of data needed for fixed-text and free-text keystroke dynamics varies depending on factors such as the complexity of the analysis model, desired accuracy, and specific characteristics of users and their typing behavior as there could be many users with similar typing biometrics. Considering the focus of this research on small datasets and drawing insights from the existing literature, we can conclude that the minimum requirement for fixed-text keystroke data ranges from 10 to 30 samples, while for free-text keystroke data it ranges from 50 to 150 samples. It is important to highlight that the datasets referenced in the literature sources do not contain recorded keypress values, except those used to collect specific fixed-text data, such as the password mention in the CMU dataset.
A trend has started to emerge recently wherein facial recognition is combined with keystroke dynamics (fixed-text) as a MFA (multi-factor authentication) system [60][58]. This solution, although seeming promising, needs to take into consideration that not all devices have cameras and there are various types of keyboards and their layouts. An alternative approach suggested by the researchers was to propose a defense in depth strategy by implementing a three-factor authentication system. This multi-layered approach involves utilizing a passcode as the first factor of authentication, a password as the second factor, and keystroke dynamics as the third factor [61][59]. Such an approach requires the use of even more diverse datasets to increase the reliability of results.
In summary, comparative studies, including machine-learning-based methods and rule-based methods to evaluate the effectiveness of different keystroke-injection-detection and -prevention mechanisms, demonstrate that injection methods can be accurate enough to bypass both fixed-text and continuous authentication systems where the level of biometric accuracy does not need to be as precise as physical biometric data. Keystroke dynamics system armoring, which uses fake keypress data in order to distinguish between artificial keystrokes and real ones, and methods which follow the patterns of keypresses along with the timings have shown good results in recent years, but require a big collection of user data and come with a high false-rejection rate. Furthermore, the evolving landscape of keyboard-injection attacks requires ongoing research to eliminate emerging threats and to develop effective countermeasures. Keystroke-injection attacks are capable of jumping the air gap of secured infrastructures that have a high security level with the help of social engineering. Therefore, the demand for tools that will help defend against these types of attacks is growing over the years. The reliability of these tools should be tested regularly. And these systems may not always work because new attack methods emerge and adapt to increased security standards.

References

  1. Dieter, G. Computer Security, 3rd ed.; John Wiley & Sons: Hoboken, NJ, USA, 2011.
  2. Karantzas, G. Forensic Log Based Detection for Keystroke Injection ‘BadUsb’ Attacks. arXiv 2023, arXiv:2302.04541.
  3. Lawal, D.; Gresty, D.; Gan, D.; Hewitt, L. Have You Been Framed and Can You Prove It? In Proceedings of the 2021 44th International Convention on Information, Communication and Electronic Technology, MIPRO, Opatija, Croatia, 27 September–1 October 2021; pp. 1236–1241.
  4. Lu, H.; Wu, Y.; Li, S.; Lin, Y.; Zhang, C.; Zhang, F. BADUSB-C: Revisiting BadUSB with Type-C. In Proceedings of the 2021 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA, 27 May 2021; pp. 327–338.
  5. Tian, J.; Scaife, N.; Kumar, D.; Bailey, M.; Bates, A.; Butler, K. SoK: ‘Plug & Pray’ Today-Understanding USB Insecurity in Versions 1 Through C. In Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 20–24 May 2018; pp. 1032–1047.
  6. Dumitru, R.; Wabnitz, A.; Genkin, D.; Yarom, Y. The Impostor Among US(B): Off-Path Injection Attacks on USB Communications. arXiv 2022, arXiv:2211.01109.
  7. Nissim, N.; Yahalom, R.; Elovici, Y. USB-based attacks. Comput. Secur. 2017, 70, 675–688.
  8. Arora, L.; Thakur, N.; Yadav, S.K. USB rubber ducky detection by using heuristic rules. In Proceedings of the IEEE 2021 International Conference on Computing, Communication, and Intelligent Systems, ICCCIS, Greater Noida, India, 19–20 February 2021; Institute of Electrical and Electronics Engineers Inc.: Piscataway, NJ, USA, 2021; pp. 156–160.
  9. Mamchenko, M.; Sabanov, A. Exploring the taxonomy of USB-based attacks. In Proceedings of the 2019 12th International Conference “Management of Large-Scale System Development” (MLSD), Moscow, Russia, 1–3 October 2019; pp. 1–4.
  10. Lee, K.; Yim, K. Vulnerability Analysis and Security Assessment of Secure Keyboard Software to Prevent PS/2 Interface Keyboard Sniffing. Sensors 2023, 23, 3501.
  11. Farhi, N.; Nissim, N.; Elovici, Y. Malboard: A novel user keystroke impersonation attack and trusted detection framework based on side-channel analysis. Comput. Secur. 2019, 85, 240–269.
  12. Ramadhanty, A.D.; Budiono, A.; Almaarif, A. Implementation and Analysis of Keyboard Injection Attack using USB Devices in Windows Operating System. In Proceedings of the 2020 3rd International Conference on Computer and Informatics Engineering, IC2IE, Yogyakarta, Indonesia, 15–16 September 2020; pp. 449–454.
  13. Negi, A.; Rathore, S.S.; Sadhya, D. USB Keypress Injection Attack Detection via Free-Text Keystroke Dynamics. In Proceedings of the 2021 8th International Conference on Signal Processing and Integrated Networks (SPIN), Noida, India, 26–27 August 2021; Institute of Electrical and Electronics Engineers (IEEE): Piscataway, NJ, USA, 2021; pp. 681–685.
  14. Borges, C.D.B.; de Araujo, J.R.B.; de Couto, R.L.; Almeida, A.M.A. Keyblock: A software architecture to prevent keystroke injection attacks. In Proceedings of the XVII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, Brasilia, Brazil, 6–9 November 2017; pp. 518–524.
  15. Tian, D.J.; Bates, A.; Butler, K. Defending against malicious USB firmware with GoodUSB. In Proceedings of the 31st Annual Computer Security Applications Conference, ACSAC ‘15, Los Angeles, CA, USA, 7–11 December 2015; ACM: New York, NY, USA, 2015; pp. 261–270.
  16. Wahanani, H.; Idhom, M.; Kurniawan, D.R. Exploit remote attack test in operating system using arduino micro. J. Phys. Conf. Ser. 2020, 1569, 022038.
  17. Clements, A. Principles of Computer Hardware, 4th ed.; Oxford University Press: Oxford, UK, 2006.
  18. Faircloth, J. Client-side attacks and social engineering. In Penetration Tester’s Open Source Toolkit; Elsevier: Amsterdam, The Netherlands, 2017.
  19. Sun, C.; Lu, J.; Liu, Y. Analysis and Prevention of Information Security of USB. In Proceedings of the 2021 International Conference on Electronic Information Engineering and Computer Science, EIECS, Changchun, China, 23–26 September 2021; pp. 25–32.
  20. Cronin, P.; Gao, X.; Wang, H.; Cotton, C. Time-Print: Authenticating USB Flash Drives with Novel Timing Fingerprints. In Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 22–26 May 2022; pp. 1002–1017.
  21. Eswar, P.V.D.S. Microcontroller Manipulated As Human Interface Device Performing Keystroke Injection Attack. Int. Res. J. Mod. Eng. Technol. Sci. 2021, 3, 1230–1233.
  22. Muslim, A.A.; Budiono, A.; Almaarif, A. Implementation and Analysis of USB based Password Stealer using PowerShell in Google Chrome and Mozilla Firefox. In Proceedings of the 2020 3rd International Conference on Computer and Informatics Engineering, IC2IE, Yogyakarta, Indonesia, 15–16 September 2020; pp. 421–426.
  23. Ferreira, J.L.S.; Amorim, M.F.; Altafim, R.A.P. Biometric patterns recognition using keystroke dynamics. In Proceedings of the XVIII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, Natal, Brazil, 22–25 October 2018.
  24. Bojović, P.D.; Bojović, P.D.; Bašičević, I.; Pilipović, M.; Bojović, Ž.; Bojović, M. The Rising Threat of Hardware Attacks: USB Keyboard Attack Case Study. IEEE Secur. Priv. 2020. preprint. Available online: https://www.researchgate.net/publication/359509222 (accessed on 19 June 2023).
  25. Ahire, J.; Shembekar, A.; Makadia, K.; Bhokare, D. Exploring Attack Vectors Using Single Board Computers. Int. Res. J. Mod. Eng. Technol. Sci. 2022, 4, 2911–2914.
  26. Nicho, M.; Sabry, I. Threat and Vulnerability Modelling of Malicious Human Interface Devices. Technol. Eng. Math. (EPSTEM) 2022, 21, 241–247. Available online: www.isres.org (accessed on 19 May 2023).
  27. Neuner, S.; Voyiatzis, A.G.; Fotopoulos, S.; Mulliner, C.; Weippl, E.R. Usblock: Blocking USB-Based keypress injection attacks. In Data and Applications Security and Privacy XXXII; LNCS; Springer International Publishing: Cham, Switzerland, 2018; Volume 10980.
  28. Mohammadmoradi, H.; Gnawali, O. Making whitelisting-based defense work against bad USB. In Proceedings of the 2nd International Conference on Smart Digital Environment, ICSDE’18, Rabat, Morocco, 18–20 October 2018; ACM International Conference Proceeding Series. ACM: New York, NY, USA, 2018; pp. 127–134.
  29. Kang, M.; Saiedian, H. USBWall: A novel security mechanism to protect against maliciously reprogrammed USB devices. Inf. Secur. J. 2017, 26, 166–185.
  30. Wang, Z. Poisoning Attacks on Learning-Based Keystroke Authentication Poisoning Attacks on Learning-Based Keystroke Authentication and a Residue Feature Based Defense and a Residue Feature Based Defense. Available online: https://digitalcommons.latech.edu/dissertations (accessed on 19 May 2023).
  31. Szoke, D. Model Poisoning in Federated Learning: Collusive and Individual Attacks. Ph.D. Thesis, The Ohio State University, Columbus, OH, USA, 2023.
  32. Porwik, P.; Doroz, R.; Wesolowski, T.E. Dynamic keystroke pattern analysis and classifiers with competence for user recognition. Appl. Soft Comput. 2021, 99, 106902.
  33. Hazan, I.; Margalit, O.; Rokach, L. Supporting unknown number of users in keystroke dynamics models. Knowl. Based Syst. 2021, 221, 106982.
  34. Lu, X.; Zhang, S.; Hui, P.; Lio, P. Continuous authentication by free-text keystroke based on CNN and RNN. Comput. Secur. 2020, 96, 101861.
  35. Roy, S.; Roy, U.; Sinha, D.; Pal, R.K. Imbalanced ensemble learning in determining Parkinson’s disease using Keystroke dynamics. Expert Syst. Appl. 2022, 217, 119522.
  36. Chang, H.-C.; Li, J.; Wu, C.-S.; Stamp, M. Machine Learning and Deep Learning for Fixed-Text Keystroke Dynamics. arXiv 2021, arXiv:2107.00507.
  37. Ibrahim, M.; Abdelraouf, H.; Amin, K.M.; Semary, N. Keystroke dynamics based user authentication using Histogram Gradient Boosting. Int. J. Comput. Inf. IJCI 2023, 10, 36–53.
  38. Nnamoko, N.; Barrowclough, J.; Liptrott, M.; Korkontzelos, I. A behaviour biometrics dataset for user identification and authentication. Data Brief 2022, 45, 108728.
  39. Parkinson, S.; Khan, S.; Crampton, A.; Xu, Q.; Xie, W.; Liu, N.; Dakin, K. Password policy characteristics and keystroke biometric authentication. IET Biom. 2021, 10, 163–178.
  40. Zeid, E.S.S.; ElKamar, R.A.; Hassan, S.I. Fixed-Text vs. Free-Text Keystroke Dynamics for User Authentication. Eng. Res. J. Fac. Eng. 2022, 51, 95–104.
  41. Mondal, S.; Bours, P. A study on continuous authentication using a combination of keystroke and mouse biometrics. Neurocomputing 2016, 230, 1–22.
  42. Ciaramella, G.; Iadarola, G.; Martinelli, F.; Mercaldo, F.; Santone, A. Continuous and Silent User Authentication Through Mouse Dynamics and Explainable Deep Learning: A Proposal. In Proceedings of the 2022 IEEE International Conference on Big Data, (Big Data 2022), Osaka, Japan, 17–20 December 2022; pp. 6628–6630.
  43. Shadman, R.; Wahab, A.A.; Manno, M.; Lukaszewski, M.; Hou, D.; Hussain, F. Keystroke Dynamics: Concepts, Techniques, and Applications. arXiv 2023, arXiv:2303.04605.
  44. Iapa, A.C.; Cretu, V.I. Modified Distance Metric That Generates Better Performance for the Authentication Algorithm Based on Free-Text Keystroke Dynamics. In Proceedings of the SACI 2021—IEEE 15th International Symposium on Applied Computational Intelligence and Informatics, Timisoara, Romania, 19–21 May 2021; pp. 455–460.
  45. Eizaguirre-Peral, I.; Segurola-Gil, L.; Zola, F. Conditional Generative Adversarial Network for keystroke presentation attack. arXiv 2022, arXiv:2212.08445.
  46. Kochegurova, E.A.; Zateev, R.P. Hidden Monitoring Based on Keystroke Dynamics in Online Examination System. Program. Comput. Softw. 2022, 48, 385–398.
  47. Bernatavičienė, J. Proceedings of the 13th Conference on “Data analysis methods for software systems”. Vilnius Univ. Proc. 2022, 31, 1–110.
  48. Eizagirre, I.; Segurola, L.; Zola, F.; Orduna, R. Keystroke Presentation Attack: Generative Adversarial Networks for Replacing User Behaviour. In Proceedings of the 2022 European Symposium on Software Engineering, ESSE ’22, Rome, Italy, 27–29 October 2022; Association for Computing Machinery: New York, NY, USA, 2023; pp. 119–126.
  49. Wahab, A.; Hou, D. When Simple Statistical Algorithms Outperform Deep Learning: A Case of Keystroke Dynamics. In Proceedings of the 12th International Conference on Pattern Recognition Applications and Methods ICPRAM, Lisbon, Portugal, 22–24 February 2023; pp. 363–370.
  50. Kar, S.; Bamotra, A.; Duvvuri, B.; Mohanan, R. KeyDetect—Detection of anomalies and user based on Keystroke Dynamics. arXiv 2023, arXiv:2304.03958.
  51. Tewani, A. Keystroke Dynamics based Recognition Systems using Deep Keystroke Dynamics based Recognition Systems using Deep Learning: A Survey Learning: A Survey. techRxiv 2022. preprint.
  52. Toosi, R.; Akhaee, M.A. Time–frequency analysis of keystroke dynamics for user authentication. Future Gener. Comput. Syst. 2021, 115, 438–447.
  53. Killourhy, K.S.; Maxion, R.A. Comparing anomaly-detection algorithms for keystroke dynamics. In Proceedings of the International Conference on Dependable Systems and Networks, Lisbon, Portugal, 29 June–2 July 2009; pp. 125–134.
  54. Killourhy, K.S.; Maxion, R.A. Free vs. transcribed text for keystroke-dynamics evaluations. In LASER ‘12: Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results, Arlington, VA, USA, 18–19 July 2012; ACM International Conference Proceeding Series. Association for Computing Machinery: New York, NY, USA, 2012; pp. 1–8.
  55. González, N.; Calot, E.P. Finite context modeling of keystroke dynamics in free text. In Proceedings of the 2015 International Conference of the Biometrics Special Interest Group (BIOSIG), Darmstadt, Germany, 20–22 September 2015; Lecture Notes in Informatics (LNI), Proceedings-Series of the Gesellschaft fur Informatik (GI). Gesellschaft fur Informatik: Bonn, Germany, 2015; Volume P-245.
  56. Banerjee, R.; Feng, S.; Kang, J.S.; Choi, Y. Keystroke Patterns as prosody in digital writings: A case study with deceptive reviews and essays. In Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), Doha, Qatar, 26–28 October 2014; pp. 1469–1473.
  57. González, N.; Calot, E.P. Dataset of human-written and synthesized samples of keystroke dynamics features for free-text inputs. Data Brief 2023, 48, 109125.
  58. Tewari, A.; Verma, P. An Improved User Identification based on Keystroke-Dynamics and Transfer Learning. Webology 2022, 19, 5369–5387.
  59. Nirmal, J.R.; Kiran, R.B.; Hemamalini, V. Improvised multi-factor user authentication mechanism using defense in depth strategy with integration of passphrase and keystroke dynamics. Mater. Today Proc. 2022, 62, 4837–4843.
More
ScholarVision Creations