TUBA Framework Blows The Horn On Hackers

Banging away at that keyboard might not be such a bad thing, according to scientists at Virginia Tech. In fact, how you type may be just the thing that keeps a hacker bot from stealing your information.


The most recent form of large-scale password hacking has taken the form of “bots”, or autonomous programs that perform repetitive tasks at a high rate of speed. Many of these bots are known as “keyloggers”, and record the keystrokes that person uses when entering their username and password or security code at a bank Web site or online merchant. This info is then used by hackers to log in when the user is no longer online and drain their bank accounts, purchase items, and change their passwords.


Initially, anti-hacking software was developed with the intention of combating human hackers, but had far less success in dealing with programs that could repeat tasks at much greater speeds than humans.

Now, Daphne Yao and Deian Stefan of Virginia Tech have developed an anti-hacking software that uses a person’s unique way of typing on their keyboard to prevent to hacking-bot attacks from succeeding. These “keystroke dynamics” are an amalgam of the way a person types – how quickly, with what force, and with what rhythm.


Bots will typically use data collected from a variety of sources to produce a fake biometric keyboard rhythm, one that can be combated by Yao’s and Stefan’s software. By analyzing how a user types, the framework the two developed - Telling Human and Bot Apart (TUBA) – was able to combat the keyword metrics used by bots a significant portion of the time.   


According to Yao, their “work shows that keystroke dynamics is robust against the synthetic forgery attacks studied, where the attacker draws statistical samples from a pool of available keystroke datasets other than the target”. In other words – keep doing what you’re doing, ferocious typers and keyboard-smashers – it must just be your best protection against a keylogging hacker-bot.

Type on, friends. Type on.  



Source: EurekAlert