Digital Shark Expo

Patrick Adefowora

Project title

Enhanced Computer Security and Forensic Investigation: Real-Time USB Device Monitoring and Behavioural Typing Pattern Analysis

Project aim

This project introduces a novel solution that synergises hardware monitoring with behavioural analysis by examining keyboard typing patterns. The system adeptly detects anomalous behaviours indicative of security threats by utilising Windows Management Instrumentation (WMI) to track USB device activity and employing keyboard event monitoring.

Project outline

With the widespread adoption of Universal Serial Bus (USB) devices such as keyboards and flash drives, new avenues for unauthorised access and data breaches have emerged, necessitating advanced defence mechanisms beyond traditional security measures.

Key metrics such as typing speed, and standard deviation of dwell time and flight times are meticulously calculated to differentiate between normal user interactions and potential unauthorised access.

Central to this initiative is the application of event driven programming alongside forensic methodologies for robust data collection and analysis. The system’s effectiveness was rigorously tested against a variety of USB devices, including those emulating keystroke injection like Rubber Ducky.

For this experiment, ‘Malduino W’ was used, to validate its efficacy in real-world scenarios.

Detailed event logs capture comprehensive device data and typing dynamics, offering granular insights for forensic investigation. The innovation lies in the integrated analysis of physical device connections and user typing behaviour, presenting a holistic security framework.

Advanced data analytics refine the system’s capability to shift through vast datasets, pinpointing irregular patterns and pre-empting potential security incidents. Results from testing highlight the system’s ability to monitor live device states, capturing USB device details, such as make, type, PID, VID, and serial numbers.

Observations indicate that human typing speed will always vary due to psychological and emotional states impacting typing dynamics. In contrast, unauthorised keyboard-like USB devices exhibited consistent typing dynamics and capable of mimicking human typing, which could be utilised for user profiling attacks.

These features underscore the system’s potential in pre-emptively identifying and mitigating security risks, making a significant advancement in the domain of computer security and digital forensics. This proof-of-concept not only deepens our understanding of USB device-based vulnerabilities but also sets the stage for proactive security measures in safeguarding digital assets against unauthorised access.