A Hardware-Assisted Insider Threat Detection and Prevention Framework

Today, the USB protocol is among the most widely used protocols. However, the mass-proliferation of USB has led to a threat vector wherein USB devices are assumed innocent, leaving computers open to an attack. Malicious USB devices can disguise themselves as benign devices to insert malicious commands to connected end devices. A rogue device appears benign to the average OS, requiring advanced detection schemes to identify malicious devices. However, using system-level hooks, advanced threats may subvert OS-reliant detection schemes. This thesis showcases USB-Watch, a hardware-based USB threat detection framework. The hardware can collect live USB traffic before the data can be altered in a corrupted OS. Behavioral analysis of USB devices allows for a generalizable anomaly detection classifier in hardware that can detect abnormal behavior from USB devices. The framework tested achieves an ROC AUC of 0.99 against a testbed of live USB devices

Honeywell Enhancing Airplane State Awareness (EASA) Project: Final Report on Refinement and Evaluation of Candidate Solutions for Airplane System State Awareness

The loss of pilot airplane state awareness (ASA) has been implicated as a factor in several aviation accidents identified by the Commercial Aviation Safety Team (CAST). These accidents were investigated to identify precursors to the loss of ASA and develop technologies to address the loss of ASA. Based on a gap analysis, two technologies were prototyped and assessed with a formative pilot-in-the-loop evaluation in NASA Langleys full-motion Research Flight Deck. The technologies address: 1) data source anomaly detection in real-time, and 2) intelligent monitoring aids to provide nominal and predictive awareness of situations to be monitored and a mission timeline to visualize events of interest. The evaluation results indicated favorable impressions of both technologies for mitigating the loss of ASA in terms of operational utility, workload, acceptability, complexity, and usability. The team concludes that there is a feasible retrofit solution for improving ASA that would minimize certification risk, integration costs, and training impact

Anomaly Detection over User Profiles for Intrusion Detection

Intrusion detection systems (IDS) have often been used to analyse network traffic to help network administrators quickly identify and respond to intrusions. These detection systems generally operate over the entire network, identifying “anomalies” atypical of the network’s normal collective user activities. We show that anomaly detection could also be host-based so that the normal usage patterns of an individual user could be profiled. This enables the detection of masquerading intruders by comparing a learned user profile against the current session’s profile. A prototype behavioural IDS applies the concept of anomaly detection to user behaviour and compares the effects of using multiple characteristics to profile users. Behaviour captured within the system consists of application usage, application performance (CPU and memory), the websites a user visits, the number of windows a user has open, and their typing habits. The results show that such a system is entirely feasible, that characteristics physically related to the user are more relevant to profiling behaviour and that the combination of characteristics can significantly decrease the time taken to detect an intruder

Age prediction through the influence of fatigue levels in human-computer interaction

Dissertação de mestrado integrado em Informatics EngineeringThe evolution of current times and the available technology is making it easier to access potentially inappropriate content. Therefore, the ability to detect the age of the human being, by non-invasive methods, is increasingly necessary to reduce possible false claims. All of these claims arise through interactions with the device, so, and taking into account the demands and the fast pace of everyday life, the intent is to develop a system capable of detecting age groups, taking into account the presence of human factors like fatigue or stress that can change the interaction patterns. This system will use biometric features created by keyboard and mouse events, describing typing velocity, mouse acceleration, and so on in the period of five minutes. However, keeping in mind the everyday pace and the growth in mobile phone use, a similar system is created for this case study.A evolução dos tempos modernos e das tecnologias existentes está a tornar mais fácil o acesso a conteúdos potencialmente impróprios. Assim, a capacidade para detetar a idade de um ser humano, por métodos não invasivos, é cada vez mais necessário de forma a reduzir potenciais falsas alegações. Todas estas alegações provêm através de interações com um dispositivo, dessa forma, e tendo em conta as exigências e o ritmo acelerado do quotidiano, o objetivo passa pelo desenvolvimento de um sistema capaz de detetar idades, considerando a presença de fatores humanos que poderão influenciar os padrões de interação, como fadiga ou stress. Este sistema irá utilizar biometrias criadas a partir de eventos de teclado e rato, descrevendo velocidade de escrita, aceleração do rato, entre outras no período de cinco minutos. Contudo, tendo em conta o ritmo acelerado do quotidiano e crescimento do uso de telemóveis, um sistema similar é criado para este caso estudo