Based on Standard Descriptors and Dynamic Key Features to Detect Malicious USB Storage Devices in APT

Abstract

Advanced persistent threats (APTs) are a type of attack that critically threaten a number of corporations. With advances in information technology, attack methods have evolved from social engineering and e-mail methods to simulated human interface device attacks, which have remained undetectable by intrusion detection systems. Teensy was initially designed as a hardware device for legitimate applications, but because it enables the control of computers through a simulated keyboard or mouse-style pointing device, certain parties have utilized it as a malicious APT device to control computers for illegitimate uses. This study proposed a method based on the characteristics of Universal Serial Bus (USB) standard descriptors and dynamic key characteristics to detect malicious USB devices. This method is capable of successfully detecting malicious USB devices and defending against malicious USB attacks.