To (US)Be or Not to (US)Be: Discovering Malicious USB Peripherals through Neural Network-Driven Power Analysis
-
Published:2024-05-29
Issue:11
Volume:13
Page:2117
-
ISSN:2079-9292
-
Container-title:Electronics
-
language:en
-
Short-container-title:Electronics
Author:
Koffi Koffi Anderson1ORCID, Smiliotopoulos Christos2ORCID, Kolias Constantinos1ORCID, Kambourakis Georgios2ORCID
Affiliation:
1. University of Idaho, Idaho Falls, ID 834024, USA 2. University of the Aegean, 83200 Karlovasi, Greece
Abstract
Nowadays, The Universal Serial Bus (USB) is one of the most adopted communication standards. However, the ubiquity of this technology has attracted the interest of attackers. This situation is alarming, considering that the USB protocol has penetrated even into critical infrastructures. Unfortunately, the majority of the contemporary security detection and prevention mechanisms against USB-specific attacks work at the application layer of the USB protocol stack and, therefore, can only provide partial protection, assuming that the host is not itself compromised. Toward this end, we propose a USB authentication system designed to identify (and possibly block) heterogeneous USB-based attacks directly from the physical layer. Empirical observations demonstrate that any extraneous/malicious activity initiated by malicious/compromised USB peripherals tends to consume additional electrical power. Driven by this observation, our proposed solution is based on the analysis of the USB power consumption patterns. Valuable power readings can easily be obtained directly by the power lines of the USB connector with low-cost, off-the-shelf equipment. Our experiments demonstrate the ability to effectively distinguish benign from malicious USB devices, as well as USB peripherals from each other, relying on the power side channel. At the core of our analysis lies an Autoencoder model that handles the feature extraction process; this process is paired with a long short-term memory (LSTM) and a convolutional neural network (CNN) model for detecting malicious peripherals. We meticulously evaluated the effectiveness of our approach and compared its effectiveness against various other shallow machine learning (ML) methods. The results indicate that the proposed scheme can identify USB devices as benign or malicious/counterfeit with a perfect F1-score.
Reference62 articles.
1. (2024, March 28). Global USB 3.0 Market to Reach $6.3 Billion by 2027—ResearchAndMarkets.Com. Available online: https://www.businesswire.com/news/home/20201208005699/en/Global-USB-3.0-Market-to-Reach-6.3-Billion-by-2027—ResearchAndMarkets.com. 2. (2024, March 28). Cybersecurity USB Threat Report 2021. Available online: https://www.honeywellforge.ai/us/en/campaigns/cybersecurity-threat-report-2021. 3. Karnouskos, S. (2011, January 7–10). Stuxnet worm impact on industrial cyber-physical system security. Proceedings of the IECON 2011—37th Annual Conference of the IEEE Industrial Electronics Society, Melbourne, Australia. 4. Tischer, M., Durumeric, Z., Foster, S., Duan, S., Mori, A., Bursztein, E., and Bailey, M. (2016, January 22–26). Users Really Do Plug in USB Drives They Find. Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA. 5. Javed Butt, U., Abbod, M., Lors, A., Jahankhani, H., Jamal, A., and Kumar, A. (2019, January 16–18). Ransomware Threat and its Impact on SCADA. Proceedings of the 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), London, UK.
|
|