English

Forensic Log Based Detection For Keystroke Injection "BadUsb" Attacks

Cryptography and Security 2023-02-10 v1

Abstract

This document describes an experiment with main purpose to detect BadUSB attacks that utilize external Human Interaction Device hardware gadgets to inject keystrokes and acquire remote code execution. One of the main goals, is to detect such activity based on behavioral factors and allow everyone with a basic set of cognitive capabilities ,regardless of the user being a human or a computer, to identify anomalous speed related indicators but also correlate such speed changes with other elements such as commonly malicious processes like powershell processes being called in close proximity timing-wise, PnP device events occurring correlated with driver images loaded.

Cite

@article{arxiv.2302.04541,
  title  = {Forensic Log Based Detection For Keystroke Injection "BadUsb" Attacks},
  author = {George Karantzas},
  journal= {arXiv preprint arXiv:2302.04541},
  year   = {2023}
}

Comments

15 pages, 3 figures, code examples included

R2 v1 2026-06-28T08:35:45.657Z