Securing Networks Against Anonymous Invaders
Abstract
The power of anonymity on the internet is being leveraged by criminals, online trolls, and malicious hackers. Cyber criminals masquerade as legitimate users in order to steal valuable private data, commit fraud, and steal money from their victims. This thesis investigates security vulnerabilities that exist as a product of user anonymity and provides a biometric mitigation to one of the most common exploits against DoD personnelsocial engineering. To strip anonymity from malicious users, we used a concept that harkens back to World War II called fist of the sender. This technique was used by allied intelligence analysts to identify enemy units by the rhythm of their radio operators when they transmitted Morse code. We applied the same concept to keystrokes along a keyboard and created a digital fist. Our research used a chatbot that posed as a victim, and we had student-subjects play the role of Social Engineers and attempt to phish the chatbot. Our system measures keystroke dynamics to increase user recognition and introduces specific perturbations during a users typing sessionsometimes by making the caret disappear, and sometimes by suddenly moving the caret back a few spaces. We hypothesized that as a user tried to recover from these interactions, we could increase typing attribution since every users subconscious reaction would be unique. Our results show cases where identification increased over 20% in some cases through the introduction of perturbations.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2019
- Accession Number
- AD1080387
Entities
People
- Lucas J. Burke
- Nathan J. Richardson
Organizations
- Naval Postgraduate School