[Colloq] Thesis Defense: "USBeSafe: Applying One-Class SVM for Effective USB Event Anomaly Detection" | Speaker: Brandon Daley | Date: 4/28/16 Time: 10am Location: 166 WVH

Walker, Lashauna la.walker at neu.edu
Wed Apr 27 15:30:29 EDT 2016 

TITLE:  USBeSafe: Applying One-Class SVM for Effective USB Event Anomaly Detection
Speaker: Brandon Daley
Date: 4/28/16     Time: 10am   Location: 166 WVH



TITLE:  USBeSafe: Applying One-Class SVM for Effective USB Event Anomaly Detection



ABSTRACT:

Increased use of transient devices such as wireless keyboards, webcams, and flash storage in the last ten years has drastically increased the surface area on which attackers can target vulnerable systems. USB devices, a subclass of transient devices, have become a common transport mechanism for malware making its way into a target machine or network. BadUSB, a new USB-based attack class, relies on updating the device firmware to perform malicious actions and can be undetectable at the end-user level if written effectively, as the attack hides in plain sight.

In this thesis, we present USBeSafe as a first-of-its-kind machine learning-based anomaly detection framework for detecting a specific subclass of BadUSB-style attacks in which a covert keyboard interface is defined on a seemingly benign device. We apply machine learning techniques, specifically one-class support vector machines, to create an offline USB event anomaly detection system that serves as the basis for an online system. The USBeSafe system provides an extensible framework for efficient and fine-grained USB traffic feature extraction. We examine a wide array of attributes that factor into model prediction performance such as USB traffic feature types, contextual information via n-grams, and model kernel function with associated parameters, then apply them to a search for ideal attributes in classifying benign USB keyboard traffic with an input corpus collected over eight months. Using viable candidates from this search, we train a number of models and test them against a known malicious BadUSB-style covert keyboard attack. Through our results, we provide an analysis of feature relevance specific to benign USB keyboard traffic and a framework for a live USBeSafe system.


Thank You.

LaShauna Walker
Events and Administrative Specialist
College of Computer and Information Science
Northeastern University
617-373-2763
Facebook<https://www.facebook.com/ccisatnu?ref=hl> | Instagram<https://instagram.com/ccisatnu/> | LinkedIn<https://www.linkedin.com/groups/Northeastern-University-College-Computer-Information-1943637?gid=1943637&mostPopular=&trk=tyah&trkInfo=idx%3A1-1-1%2CtarId%3A1426606862845%2Ctas%3ANortheastern+University+College+of+Com> | Twitter<https://twitter.com/CCISatNU>

More information about the Colloq mailing list