引用本文
  • 吕志强,薛亚楠,张宁,冯朝雯,金忠峰.WHID Defense:USB HID攻击检测防护技术[J].信息安全学报,2021,6(2):110-128    [点击复制]
  • LV Zhiqiang,XUE Yanan,ZHANG Ning,FENG Zhaowen,JIN Zhongfeng.WHID Defense: Detection and Protection Technology for USB HID Attack[J].Journal of Cyber Security,2021,6(2):110-128   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 7705次   下载 5517 本文二维码信息
码上扫一扫!
WHID Defense:USB HID攻击检测防护技术
吕志强1,2, 薛亚楠1,2, 张宁1,2, 冯朝雯1,2, 金忠峰1,2
0
(1.中国科学院信息工程研究所 北京 中国 100093;2.中国科学院大学网络空间安全学院 北京 中国 100049)
摘要:
USB(universal serial bus)接口的出现为用户带来了便利,但也正由于它的便利性、使用广泛性使得其成为攻击者的攻击目标之一。常见的USB攻击主要有USB摆渡攻击和USB HID攻击,本文通过对USB协议漏洞以及恶意USB HID攻击工具的攻击特点的分析,提出了USB HID(human interface device)攻击模型并生成了相应的攻击数据流。基于以上研究构建了一个集按键注入攻击预警、捕获恶意USB HID攻击设备数据、干扰恶意USB HID攻击设备通信、风险等级分类与显示、用户身份管理与访问控制等功能于一体的恶意USB HID攻击检测防护平台——WHID Defense。经实验验证,WHID Defense按键注入攻击的拦截率为99.98%,目标数据捕获率为100%,干扰目标设备正常通信成功率为97.7%,功能完善,性能突出。相比现有检测技术,WHID Defense平台形成了多级防护体系,可以部署在个人电脑上进行实时防御,抵御了包括BadUSB等多种恶意USB HID工具的攻击。
关键词:  恶意USB设备  HID攻击  USB组合设备  攻击检测  特征分析  身份管理与访问控制  风险分类
DOI:10.19363/J.cnki.cn10-1380/tn.2021.03.08
投稿时间:2019-04-02修订日期:2019-04-26
基金项目:本课题得到国家自然科学基金资助项目(No.61601460)资助。
WHID Defense: Detection and Protection Technology for USB HID Attack
LV Zhiqiang1,2, XUE Yanan1,2, ZHANG Ning1,2, FENG Zhaowen1,2, JIN Zhongfeng1,2
(1.Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;2.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China)
Abstract:
The emergence of the USB (universal serial bus) interface has brought convenience to users, but it is also one of the targets of attackers due to its convenience and wide use. Common USB attacks mainly include USB ferry attacks and USB HID (human interface device) attacks. In this paper, we analyze the vulnerability of USB protocol and the attack characteristics of malicious USB HID attack tools, meanwhile, present a USB HID attack model generates the attack data stream. Based on above research, this paper constructs a detection and protection platform - WHID Defense, which includes key injection attack warning model, malicious data capturing model, communication interferes attack model, risk level classification and display model, user identity management and access control model, etc. The experimental results show that the interception rate of WHID Defense keystroke injection attack is 99.98%, the target data capture rate is 100%, and the normal communication success rate of jamming target equipment is 97.7%. Compared with the existing detection technology, the WHID Defense platform has formed a multi-level protection system, which can be deployed on a personal computer for real-time defense against attacks of various malicious USB HID tools such as BadUSB.
Key words:  malicious USB device  HID attack  USB composite device  attack detection  characteristic analysis  identity management and access control  risk classification