"Keystroke Dynamic Authentication With Trusted User Inputs For Botnet Detection"

Speaker: Danfeng (Daphne)Yao, Rutgers University, New Brunswick
Date: Friday, May 8, 2009
Time: 11:15am-12:15pm
Location: KWII 1110 (new location!)

Studies show that millions of computers worldwide have become bots, i.e., armies of zombie PCs controlled and used by cyber criminals to launch attacks. Most existing detection solutions closely follow how botnets behave and thus are not adaptive. We believe that there are intrinsic and fundamental differences between how a human and a bot interacts with a computer, which can be leveraged to detect infected hosts. Our approach is to monitor and analyze the characteristic human behavior patterns of the PC owner to detect anomalies. In this talk, we describe a remote authentication framework called Telling hUmans and Bots Apart (TUBA) that extracts, analyzes, and classifies a PC owner's characteristic keystroke patterns. We further design a TUBA integrity service that uses a lightweight cryptographic verification mechanism to prevent the injection of fake input events. Our TUBA prototype is realized in a flexible client-server architecture that allows the scalable trusted monitoring. A comprehensive security analysis on the attacks and defenses of our framework is presented.

Danfeng (Daphne) Yao is an assistant professor in the Department of Computer Science at Rutgers University, New Brunswick. She received her Computer Science Ph.D. degree from Brown University. Her research interests are in network and information security, in particular user-centric security and privacy, social- and human-behavior pattern recognition, insider threats, secure information sharing, data privacy, and applied cryptography. Danfeng has 25 publications on various topics of security and privacy. She won the Best Student Paper Award in ICICS 2006, and the Award for Technological Innovation from Brown in 2006, both for her privacy-preserving identity management work. Danfeng has one provisional patent filed for her recent bot detection techniques. She interned in the Trusted Systems Lab at HP Labs in 2005, and visited CERIAS at Purdue University as a visiting scholar in 2007. She is a member of DIMACS and DHS DyDAn Centers.