WHID Defense:USB HID攻击检测防护技术  被引量：1

作　　者：吕志强[1,2] 薛亚楠 张宁 冯朝雯[1,2] 金忠峰 LV Zhiqiang;XUE Yanan;ZHANG Ning;FENG Zhaowen;JIN Zhongfeng(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China)

机构地区：[1]中国科学院信息工程研究所,北京中国100093 [2]中国科学院大学网络空间安全学院,北京中国100049

出　　处：《信息安全学报》2021年第2期110-128,共19页Journal of Cyber Security

基　　金：国家自然科学基金资助项目(No.61601460)资助。

摘　　要：USB(universal serial bus)接口的出现为用户带来了便利,但也正由于它的便利性、使用广泛性使得其成为攻击者的攻击目标之一。常见的USB攻击主要有USB摆渡攻击和USB HID攻击,本文通过对USB协议漏洞以及恶意USB HID攻击工具的攻击特点的分析,提出了USB HID(human interface device)攻击模型并生成了相应的攻击数据流。基于以上研究构建了一个集按键注入攻击预警、捕获恶意USB HID攻击设备数据、干扰恶意USB HID攻击设备通信、风险等级分类与显示、用户身份管理与访问控制等功能于一体的恶意USB HID攻击检测防护平台——WHID Defense。经实验验证,WHID Defense按键注入攻击的拦截率为99.98%,目标数据捕获率为100%,干扰目标设备正常通信成功率为97.7%,功能完善,性能突出。相比现有检测技术,WHID Defense平台形成了多级防护体系,可以部署在个人电脑上进行实时防御,抵御了包括BadUSB等多种恶意USB HID工具的攻击。The emergence of the USB(universal serial bus)interface has brought convenience to users,but it is also one of the targets of attackers due to its convenience and wide use.Common USB attacks mainly include USB ferry attacks and USB HID(human interface device)attacks.In this paper,we analyze the vulnerability of USB protocol and the attack characteristics of malicious USB HID attack tools,meanwhile,present a USB HID attack model generates the attack data stream.Based on above research,this paper constructs a detection and protection platform–WHID Defense,which includes key injection attack warning model,malicious data capturing model,communication interferes attack model,risk level classification and display model,user identity management and access control model,etc.The experimental results show that the interception rate of WHID Defense keystroke injection attack is 99.98%,the target data capture rate is 100%,and the normal communication success rate of jamming target equipment is 97.7%.Compared with the existing detection technology,the WHID Defense platform has formed a multi-level protection system,which can be deployed on a personal computer for real-time defense against attacks of various malicious USB HID tools such as BadUSB.

关 键 词：恶意USB设备 HID攻击 USB组合设备 攻击检测 特征分析 身份管理与访问控制 风险分类 

分 类 号：TP334[自动化与计算机技术—计算机系统结构]