Researchers have developed a software tool that records keystroke dynamics to create a fingerprint to identify who is using the computer, allowing it to distinguish human inputs from those of an automated software bot.
“The software uses things like the time between strokes, speed of typing, the most used keys and mouse actions to identify one user from another,” said Danfeng Yao, assistant professor of computer science at Virginia Tech.
“But the software can also tell the difference between human users and bots – even if they try to mirror human behaviour.”
The program is a response to a rise in automated malware attacks that use bots to create outgoing requests from a browser. According to Yao, the bots could be used to send out user passwords to control machines or attack external computers without the owner's knowledge.
“Almost all legitimate outbound traffic is started by human action, but with malicious sites or actions, there is no causal relationship between what the user does and the machine's action,” said Yao. "It is done by the bot."
“This software can spot this with a high degree of accuracy, even though your browser sends out a lot of information without specific user permission – maybe 20 requests for one click."
According to Yao, the prototype software offers good protection against drive-by malware downloads because it effectively quarantines the malware.
“You may still be infected with malware, but it isn't able to do anything useful,” she said.
A working version of the security tool has already been licenced by an unnamed company, which plans on building a separate firm around the technology.
“Right now, the program is an add-on that offers protection on its own, but you want your security built in to Windows and the network, and that's where we hope this will go, although it's not easy getting everyone to work together,” Yao said.
