This document describes an experiment with main purpose to detect BadUSB attacks that utilize external Human Interaction Device hardware gadgets to inject keystrokes and acquire remote code execution. One of the main goals, is to detect such activity based on behavioral factors and allow everyone with a basic set of cognitive capabilities ,regardless of the user being a human or a computer, to identify anomalous speed related indicators but also correlate such speed changes with other elements such as commonly malicious processes like powershell processes being called in close proximity timing-wise, PnP device events occurring correlated with driver images loaded.
翻译:本文件描述一项实验,主要目的是检测利用外部人体互动设备硬件装置输入键盘并获得远程代码执行的BadUSB攻击。主要目标之一是根据行为因素检测此类活动,允许所有具有基本认知能力的人,不论用户是人还是计算机,都能够识别异常速度相关指标,但也将此类速度变化与其他常见的恶意过程联系起来,例如,在接近时间的近距离调用电壳程序,PnP设备事件与装载的驱动图像相关。